{"id":208503,"updated":"2025-01-19T18:50:17.736679+00:00","links":{},"created":"2025-01-19T01:09:53.570349+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00208503","sets":["6164:6165:6462:10428"]},"path":["10428"],"owner":"44499","recid":"208503","title":["関数呼び出しシーケンスに着目したIoTマルウェアの機能差分調査"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-10-19"},"_buckets":{"deposit":"fd2c149e-9ba3-4cb2-a659-e73a39edd5be"},"_deposit":{"id":"208503","pid":{"type":"depid","value":"208503","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"関数呼び出しシーケンスに着目したIoTマルウェアの機能差分調査","author_link":["523203","523209","523211","523207","523208","523205","523204","523202","523210","523206"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"関数呼び出しシーケンスに着目したIoTマルウェアの機能差分調査"},{"subitem_title":"A Feasibility Study on Investigating Functional Differences between IoT Malware","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IoTマルウェア,マルウェア解析,静的解析","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2020-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"九州大学"},{"subitem_text_value":"九州大学/国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"九州大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kyushu University","subitem_text_language":"en"},{"subitem_text_value":"Kyushu University/National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/208503/files/IPSJCSS2020075.pdf","label":"IPSJCSS2020075.pdf"},"date":[{"dateType":"Available","dateValue":"2022-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2020075.pdf","filesize":[{"value":"872.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"70c9bf57-f685-4e14-8ce4-b094c3cd400c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"川添, 玲雄"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"韓, 燦洙"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"伊沢, 亮一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高橋, 健志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"竹内, 純一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Reo, Kawasoe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Chansu, Han","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryoichi, Isawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takeshi, Takahashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jun'ichi, Takeuchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"IoT機器に感染するマルウェア(IoTマルウェア)が猛威を奮っている.これらの多くはMiraiやBashliteなどの公開されているソースコードをもとに,機能の追加や変更,削除をすることで作成されている.そのためアンチウイルスソフトなどでマルウェアの科名を得るだけでは,亜種間の機能の差分を捉えることができない.本研究では,単に亜種の流行を確認するだけでなく,機能差分を考慮した上で亜種の実態を調査する目的で,シグネチャを用いたマルウェアの機能判定手法を提案する.ここでシグネチャとはマルウェアが有する各機能に対応する関数のコールシーケンスグラフ(CSG)であり,解析者が半手動で作成する.このシグネチャが対象のマルウェア検体のCSGに対して部分グラフとしてマッチすると,対応する機能を有するものとする.本シグネチャは異なるCPUアーキテクチャ間の亜種に対しても横断的に使用できることを特徴とする.本稿では,24,126検体に対して機能判定を実施し,複数ファミリーの機能を合わせもった混合亜種の存在や,一部の機能に特化した検体の存在をケーススタディとして示す.","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"IoT malware is created by editing functions based on publicly available source codes. Therefore, it is not possible to capture the functional differences between variants by simply obtaining the malware family name with antivirus software. In this research, we propose a method of malware function determination using signatures for the purpose of confirming the epidemic of subspecies and investigating the actual status of subspecies in consideration of functional differences. The signature is a call sequence graph (CSG) corresponding to each function and is created manually by an analyst. If this signature matches the CSG of the target sample as a subgraph, it has the corresponding function. This signature can be used across variants of different CPU architectures. In this paper, we performed function determination on 24,126 specimens, and showed the existence of mixed subspecies with functions of multiple families and specimens specialized for some functions as case studies.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"542","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2020論文集"}],"bibliographicPageStart":"535","bibliographicIssueDates":{"bibliographicIssueDate":"2020-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}