{"updated":"2025-01-19T18:15:12.616075+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00210150","sets":["1164:3925:10503:10504"]},"path":["10504"],"owner":"44499","recid":"210150","title":["動的解析システムのネットワーク接続の有無によるマルウェア検知精度の比較"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-03-08"},"_buckets":{"deposit":"2069aaf6-eb73-403f-97f4-5c547af7f99e"},"_deposit":{"id":"210150","pid":{"type":"depid","value":"210150","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"動的解析システムのネットワーク接続の有無によるマルウェア検知精度の比較","author_link":["531392","531390","531391"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"動的解析システムのネットワーク接続の有無によるマルウェア検知精度の比較"},{"subitem_title":"A comparison of malware detection accuracy in cases of dynamic analysis system with/without network connection","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア検知","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2021-03-08","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/210150/files/IPSJ-CSEC21092053.pdf","label":"IPSJ-CSEC21092053.pdf"},"date":[{"dateType":"Available","dateValue":"2023-03-08"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC21092053.pdf","filesize":[{"value":"862.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6b670863-a28d-4f62-a5da-b6990de8f374","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"梶原, 友希"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鄭, 俊俊"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"機械学習を用いたマルウェアの挙動をベースとしたマルウェア検知の精度は，使用するデータセットに依存するため，検知に有効なデータセットを作成することが重要である．そのため，まずはマルウェアを特徴付ける情報を明らかにする必要がある．マルウェアの多くは，外部と通信を行うため，検体実行時のネットワーク接続の有無が検知精度に影響を与える可能性が考えられる．本論文では，ネットワーク切断環境および接続環境でシステムコールトレーサ Alkanet を利用してログを取得し，マルウェアを特徴付ける情報としてスレッドに着目し，スレッド情報に基づいた特徴量を生成することでマルウェア検知を行った．その結果，ネットワーク接続により，検知精度が下がる傾向にあることが示された．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"It is important to create a dataset that is effective for malware detection because the accuracy of malware detection based on the behavior of malware using machine learning depends on the dataset used. Therefore, first of all, it is necessary to clarify the information that characterizes malware. Most malware communicates with the outside, so there is a possiblility that executing samples with/without network connection affect the accuracy of malware detection. In this paper, based on the execution logs of malware samples on Alkanet with/without network connection, we focused on threads as information that characterizes malware, and detected malware by generating features based on thread information. As a result, it was shown that the accuracy tends to decrease due to network connection.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2021-03-08","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"53","bibliographicVolumeNumber":"2021-CSEC-92"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:11:24.903442+00:00","id":210150,"links":{}}