{"id":2004332,"created":"2025-09-05T04:46:25.404356+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02004332","sets":["581:11839:11848"]},"path":["11848"],"owner":"80578","recid":"2004332","title":["Fuzzy Hashを用いたマルウェア検知精度を長期的に維持する機械学習モデル逐次更新手法の提案"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-09-15"},"_buckets":{"deposit":"4af6b7d5-9533-4a11-826c-09eb64323c73"},"_deposit":{"id":"2004332","pid":{"type":"depid","value":"2004332","revision_id":0},"owner":"80578","owners":[80578],"status":"published","created_by":80578},"item_title":"Fuzzy Hashを用いたマルウェア検知精度を長期的に維持する機械学習モデル逐次更新手法の提案","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Fuzzy Hashを用いたマルウェア検知精度を長期的に維持する機械学習モデル逐次更新手法の提案","subitem_title_language":"ja"},{"subitem_title":"Proposal of Sequential Updating of Machine Learning Models with Fuzzy Hash Values to Maintain Long-term Malware Detection Accuracy","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:AI社会を安全にするコンピュータセキュリティ技術（特選論文）] マルウェア，機械学習，コンセプトドリフト，Fuzzy Hash値","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2025-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"control_number":"2004332","publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2004332/files/IPSJ-JNL6609011.pdf","label":"IPSJ-JNL6609011.pdf"},"date":[{"dateType":"Available","dateValue":"2027-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6609011.pdf","filesize":[{"value":"13.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"31ccfc83-f662-48c2-913c-8ae5c879961f","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"栗原,史弥"}]},{"creatorNames":[{"creatorName":"松木,隆宏"}]},{"creatorNames":[{"creatorName":"寺田,真敏"}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Fumiya Kurihara","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Takahiro Matsuki","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Masato Terada","creatorNameLang":"en"}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアを用いたサイバー攻撃の脅威は，医療機関を標的とし診療停止に追い込むなど，私たちの日常生活に深刻な影響を及ぼしている．このようなマルウェアを正確に検知するために，機械学習を活用した手法が研究されている．しかし，学習データと予測データの関係や分布が時間経過とともに変化する「ドリフト」と呼ばれる現象が原因で，検知精度の低下が課題となっている．本研究では，このドリフト問題に対処するため，マルウェアの持つスケールフリー性を活用した機械学習モデル逐次更新手法を提案し，長期的なマルウェア検知率の維持を目指している．本論文では，(1)提案手法での適用を検討した3種のFuzzy Hash値と2種の類似度算出手法を用い，バイナリデータから算出するFuzzy Hash値の場合には，マルウェアがスケールフリー性を有することを示す．次に，(2)マルウェアのスケールフリー性を活用した機械学習モデル逐次更新手法を，PE表層情報を用いたマルウェア検知器に適用する．そのうえで，FFRI Dataset 2021～2023の検体を用い，1カ月ごとのマルウェア検知率と正常なソフトウェアの誤検知率の推移を通して提案する逐次更新手法の有効性を示す．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The threat of cyberattacks using malware has had a severe impact on our daily lives, such as targeting medical institutions and forcing them to suspend medical services. To accurately detect such malware, machine learning-based methods have been actively researched. However, the problem is drift, a phenomenon in which accuracy degrades over time due to changes in the relationship and distribution between training data and predicted data over time. This study aims to address the drift problem by proposing a sequential updating method for machine learning models that leverages the scale-free property of malware, with the goal of maintaining long-term malware detection rates. In this paper, (1) we examine the applicability of three types of Fuzzy Hash values and two similarity calculation methods. We show that malware has scale-free property when using Fuzzy Hash values computed from binary data. Next, (2) we apply the machine learning model updating method using the scale-free nature of malware to a malware detector using PE surface information and show the effectiveness of the proposed sequential updating method through the monthly malware detection rate and the false positive rate of normal software using the FFRI Dataset 2021-2023 samples.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1158","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1148","bibliographicIssueDates":{"bibliographicIssueDate":"2025-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"66"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/0002004332","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"80578"},"links":{},"updated":"2025-09-15T23:06:53.396526+00:00"}