{"created":"2026-03-05T05:50:25.591121+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02008567","sets":["1164:3925:1772441263645:1772441350755"]},"path":["1772441350755"],"owner":"80578","recid":"2008567","title":["LLMによる.NETマルウェアの難読化解除：概念実証に向けた基礎的検証"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2026-03-10"},"_buckets":{"deposit":"cd1169ad-375b-4e21-b312-2bec5d44a6d5"},"_deposit":{"id":"2008567","pid":{"type":"depid","value":"2008567","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"LLMによる.NETマルウェアの難読化解除：概念実証に向けた基礎的検証","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"LLMによる.NETマルウェアの難読化解除：概念実証に向けた基礎的検証","subitem_title_language":"ja"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"攻撃対策(4)","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2026-03-10","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神奈川工科大学情報学部情報ネットワーク・コミュニケーション学科"},{"subitem_text_value":"神奈川工科大学情報学部情報ネットワーク・コミュニケーション学科"},{"subitem_text_value":"神奈川工科大学情報学部情報ネットワーク・コミュニケーション学科"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"KAIT","subitem_text_language":"en"},{"subitem_text_value":"KAIT","subitem_text_language":"en"},{"subitem_text_value":"KAIT","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2008567/files/IPSJ-CSEC26112046.pdf","label":"IPSJ-CSEC26112046.pdf"},"date":[{"dateType":"Available","dateValue":"2028-03-10"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC26112046.pdf","filesize":[{"value":"1012.1 KB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1fd93fed-3de0-4203-913d-8b042c530b15","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2026 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"栗原,北斗"}]},{"creatorNames":[{"creatorName":"河野,龍之介"}]},{"creatorNames":[{"creatorName":"岡本,剛"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"難読化ツールは.NETマルウェアの解析において大きな障壁であり，既存の解除ツールは特定のバージョンやパターンへの依存から難読化ツールの更新に追随しにくく，手動解析には多大な工数を要する．本研究では，大規模言語モデル（LLM）を活用した.NETマルウェアの難読化解除手法を提案する．提案手法は，難読化前後のコードペアからLLMに解除用プロンプトを生成させる第1段階と，生成されたプロンプトで実際の難読化コードを解除する第2段階で構成される．評価実験では，ConfuserEx2 v1.6.0による主要な難読化（制御フロー，定数，シンボル名）を単純なプログラム4種とマルウェア3種に適用し，難読化解除スコア，ビルド成功率，機能保持性を測定した．その結果，単純なプログラムでは高い精度で解除に成功し，小規模マルウェアではMITRE ATT&CK戦術・技術の再現精度が100%に達した．中規模マルウェアでもIoCのF1スコア0.919を達成し，主要な攻撃手法の再現が可能であった．以上の結果は，LLMが.NETマルウェアの難読化解除において有効な選択肢となり得ることを示している．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2026-03-10","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"46","bibliographicVolumeNumber":"2026-CSEC-112"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"links":{},"id":2008567,"updated":"2026-03-05T05:50:30.324051+00:00"}