{"id":214506,"updated":"2025-01-19T16:36:08.016001+00:00","links":{},"created":"2025-01-19T01:15:19.291531+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00214506","sets":["6164:6165:6462:10749"]},"path":["10749"],"owner":"44499","recid":"214506","title":["IoTマルウェアにおける関数の依存関係と結合の順序関係に基づくライブラリ関数名の特定"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-10-19"},"_buckets":{"deposit":"3ba52306-9f8b-4e82-ab55-137a58343241"},"_deposit":{"id":"214506","pid":{"type":"depid","value":"214506","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"IoTマルウェアにおける関数の依存関係と結合の順序関係に基づくライブラリ関数名の特定","author_link":["551082","551079","551083","551080","551081","551077","551078","551084"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"IoTマルウェアにおける関数の依存関係と結合の順序関係に基づくライブラリ関数名の特定"},{"subitem_title":"Identifying Library Function Names Based on Function Dependencies and Linking Ordering in IoT Malware","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"関数名特定，ライブラリ関数特定，パターンマッチング，Linuxマルウェア解析，マルウェア分類","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2021-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神奈川工科大学"},{"subitem_text_value":"NTT社会情報研究所"},{"subitem_text_value":"NTT社会情報研究所"},{"subitem_text_value":"神奈川工科大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kanagawa Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"NTT Social Informatics Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Social Informatics Laboratories","subitem_text_language":"en"},{"subitem_text_value":"Kanagawa Institute of Technology","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/214506/files/IPSJCSS2021106.pdf","label":"IPSJCSS2021106.pdf"},"date":[{"dateType":"Available","dateValue":"2023-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2021106.pdf","filesize":[{"value":"1.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"bef8acc6-625e-4645-82c4-0412e71072b1","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"赤羽, 秀"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"川古谷, 裕平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岩村, 誠"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岡本, 剛"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shu, Akabane","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuhei, Kawakoya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Makoto, Iwamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takeshi, Okamoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"IoT 機器を標的とした攻撃の増加に伴い，IoT 機器で動作するマルウェアが増加している．多くの IoT マルウェアはライブラリ関数を静的に結合し，シンボル情報を消去しているため，関数名による解析が困難である．我々の先行研究では，パターンマッチングにより，10 種類のアーキテクチャの IoT マルウェアの構築に使用されたすべてのツールチェインと静的結合されたライブラリ関数の 91.7 %を特定した．残り 8.3 ％の関数は関数の候補を特定したが，これらの候補から関数を特定するには静的解析が必要であった．特に解析者にとって馴染みのないアーキテクチャの検体を静的解析する負担は大きい．そこで，本研究ではライブラリ関数の依存関係と結合の順序関係を手がかりにして関数の候補から関数を特定する手法を提案する．実験では提案手法による関数の特定精度の評価を行い，マルウェアに静的結合された 99.8 %のライブラリ関数の名前を特定した．さらに，他の手法と比較し，提案手法の特定精度が他の手法より高いことを確認した．最後に特定した関数名のリストを使ってマルウェアの分布を可視化し，関数名リストでマルウェアを分類できる可能性を示した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Much IoT malware includes static linking of library functions, and their symbols such as function names are stripped hindering function-level analysis. We previously showed that pattern matching could identify 91.7% of library functions statically linked to IoT malware. For the remaining 8.3% of library functions, we identified their candidates, but static malware analysis was required to identify functions from these candidates. In particular, static malware analysis of an architecture with which the analyst is unfamiliar is a heavy burden. In this paper, we propose a method to identify a function from candidate functions based on the dependency relationship of functions and the order of their linking. In experiments, our method identified 99.8% of the names of all library functions in 3,983 samples. Furthermore, we compared the accuracy of our method with other methods and confirmed that the accuracy of our method is higher than other methods.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"793","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2021論文集"}],"bibliographicPageStart":"786","bibliographicIssueDates":{"bibliographicIssueDate":"2021-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}