{"id":227710,"updated":"2025-01-19T12:03:34.279382+00:00","links":{},"created":"2025-01-19T01:26:57.879926+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00227710","sets":["581:11107:11118"]},"path":["11118"],"owner":"44499","recid":"227710","title":["マルウェア検知に向けた親プロセスと子プロセスにおけるAPIコール列の類似性に着目した分析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-09-15"},"_buckets":{"deposit":"89b6db32-8f66-4a47-a915-548ffef6e979"},"_deposit":{"id":"227710","pid":{"type":"depid","value":"227710","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"マルウェア検知に向けた親プロセスと子プロセスにおけるAPIコール列の類似性に着目した分析","author_link":["606880","606877","606875","606878","606881","606874","606876","606879"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マルウェア検知に向けた親プロセスと子プロセスにおけるAPIコール列の類似性に着目した分析"},{"subitem_title":"Similarity of API Call Sequences in Parent and Child Processes for Malware Detection","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:サイバー空間を安全にするコンピュータセキュリティ技術] マルウェア，動的解析，親子関係，APIコール列，NLP","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2023-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"鳥取大学大学院持続性社会創生科学研究科"},{"subitem_text_value":"鳥取大学大学院持続性社会創生科学研究科"},{"subitem_text_value":"鳥取大学大学院持続性社会創生科学研究科／クロス情報科学研究センター"},{"subitem_text_value":"鳥取大学大学院持続性社会創生科学研究科／クロス情報科学研究センター"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Sustainability Science, Tottori University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Sustainability Science, Tottori University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Sustainability Science, Tottori University / Cross-informatics Research Center","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Sustainability Science, Tottori University / Cross-informatics Research Center","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/227710/files/IPSJ-JNL6409015.pdf","label":"IPSJ-JNL6409015.pdf"},"date":[{"dateType":"Available","dateValue":"2025-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6409015.pdf","filesize":[{"value":"2.6 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"e877308e-5d61-4dfe-a93f-017cb43bcc52","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"中村, 英敏"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松田, 祥希"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高橋, 健一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"川村, 尚生"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hidetoshi, Nakamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiki, Matsuda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kenichi, Takahashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takao, Kawamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，様々なサイバー攻撃が行われている．このことに対処するために，良性ソフトウェアとマルウェアの判別，マルウェアのファミリー推定，マルウェアの解析ログの可視化などの研究が行われている．これらの研究の多くは，APIコール列や可読文字列，システム負荷などから得られた特徴量を用いて分析を行っている．しかし，親プロセスと子プロセスの挙動の特徴の差異については着目されていない．そこで本稿では，良性ソフトウェアとマルウェアの親プロセスと子プロセスにおけるAPIコール列の類似性の差異に着目する．TF-IDF，n-gram，Doc2Vecなどの自然言語処理手法を用いてAPIコール列のベクトル化を行い，cos類似度を用いて親プロセスと子プロセスの類似度を測定・分析する．得られた類似度を用いてSVMによる良性ソフトウェアとマルウェアの判別を試みる．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In recent years, various cyber attacks have been serious issue. Therefore, a lot of researches have been done, such as the analysis of the difference between benign software and malware, malware family estimation, and the visualization of malware behaviours. These studies make use of API call sequences, readable character strings, system load, etc. However, the difference between parent and child processes has not been focused and enough investigated. In this paper, we focus on the similarity of API call sequences between the parent and child processes of benign software and malware. We use natural language processing techniques such as TF-IDF, n-gram, and Doc2Vec to vectorize the API call sequences, and then calculate the cos-similarity to measure the similarity between parent and child processes. We attempt to apply the similarity scores to SVMs for the inference of benign software and malware.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1316","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1306","bibliographicIssueDates":{"bibliographicIssueDate":"2023-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"64"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/00227601","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"44499"}}