{"created":"2025-01-19T01:15:21.977029+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00214554","sets":["6164:6165:6462:10749"]},"path":["10749"],"owner":"44499","recid":"214554","title":["APIコールグラフを用いたマルウェアの検知におけるAPIコールの引数を考慮するように拡張したExtended GCNの性能の評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-10-19"},"_buckets":{"deposit":"300d43fc-642d-409e-a385-ed63e4ae7975"},"_deposit":{"id":"214554","pid":{"type":"depid","value":"214554","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"APIコールグラフを用いたマルウェアの検知におけるAPIコールの引数を考慮するように拡張したExtended GCNの性能の評価","author_link":["551459","551460","551457","551458"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"APIコールグラフを用いたマルウェアの検知におけるAPIコールの引数を考慮するように拡張したExtended GCNの性能の評価"},{"subitem_title":"Performance Evaluation of Extended GCN to Consider API Call Arguments in Malware Detection with API Call Graphs","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"グラフ畳み込みネットワーク，マルウェア，APIコール，引数，深層学習","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2021-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学大学院情報理工学研究科"},{"subitem_text_value":"立命館大学情報理工学部"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Information Science and Engineering, Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"College of Information Science and Engineering, Ritsumeikan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/214554/files/IPSJCSS2021154.pdf","label":"IPSJCSS2021154.pdf"},"date":[{"dateType":"Available","dateValue":"2023-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2021154.pdf","filesize":[{"value":"1.6 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"8608df6c-f2e5-4069-abc6-810ab84c6018","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"荒井, 康汰"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"上原, 哲太郎"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kouta, Arai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsutaro, Uehara","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"高度化，および多様化するマルウェアへ対策するためには，人工知能の活用が不可欠となっている．従来手法として API コールグラフを用いた GCN によるマルウェアの振る舞い検知がある．この手法では，API コールグラフの頂点に API コールに関する特徴量を割り当て，その特徴量を用いてグラフ畳み込み演算を行う．この制約により，GCN は API コールの引数を考慮することができない．そこで，本研究では API コールを用いたマルウェアの振る舞い検知において引数を考慮できるように拡張した Extended GCN を提案する．EGCN は，頂点の隣接関係に基づいて頂点と辺の特徴量を結合させてから畳み込み演算を行う． 有効性を評価するため，EGCN，GCN，LSTM，GRU，RNN を実装してマルウェアを判別させる実験を行った． その結果，EGCN が LSTM や GRU よりも優れた性能を発揮することは示されなかったが，学習済みパラメータからマルウェアの判別において重要でない API，および引数が存在することは示された．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Using Artificial Intelligence has become essential to address advanced and massive malware. To this end, malware behavior detection with API call graphs using GCN was proposed. In this method, the features of API calls are assigned to the graph vertices, and Graph Convolutional operation uses these features. However, GCN cannot consider API call arguments because GCN uses only the features of the graph vertices. In this paper, we propose Extended GCN (EGCN) that can consider API call arguments for malware behavior detection. Before operating graph convolution, ECGN concatenates the features of vertices and edges based on the adjacency of vertices and convolute with these features. To evaluate the effectiveness of EGCN, we implemented EGCN, GCN, LSTM, GRU, and RNN. Experimental shows that EGCN has inferior performance than LSTM and GRU. However, the learned parameters of EGCN show that many APIs and arguments are not important for malware detection.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1158","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2021論文集"}],"bibliographicPageStart":"1151","bibliographicIssueDates":{"bibliographicIssueDate":"2021-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":214554,"updated":"2025-01-19T16:34:47.573935+00:00","links":{}}