{"updated":"2025-01-19T10:46:42.683401+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00231400","sets":["1164:3925:11156:11411"]},"path":["11411"],"owner":"44499","recid":"231400","title":["過去の実行の記録を用いた架空のAPIコール列の自動生成"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-12-04"},"_buckets":{"deposit":"bcc24ded-d970-4fb2-a809-8270d6a1d4e4"},"_deposit":{"id":"231400","pid":{"type":"depid","value":"231400","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"過去の実行の記録を用いた架空のAPIコール列の自動生成","author_link":["624608","624609"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"過去の実行の記録を用いた架空のAPIコール列の自動生成"},{"subitem_title":"Automatic Generation of Fictitious API Call Sequence Using Past Execution Record","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CSEC(2)","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2023-12-04","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"筑波大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/231400/files/IPSJ-CSEC23103012.pdf","label":"IPSJ-CSEC23103012.pdf"},"date":[{"dateType":"Available","dateValue":"2025-12-04"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC23103012.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"20a063c5-e79e-4d01-a4a9-5b367deeeb97","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大山, 恵弘"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yoshihiro, Oyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアの検知や分類のために，マルウェアが呼び出した API コール列がしばしば利用されている．しかし，それらの過程のうち特にマルウェアが呼び出した既存の API コール列の学習において，API コール列の数が不足し判断の精度が下がるという問題が生じることがある．また，それらのためのシステムの開発やテストにおいて，サンプルデータとして多くの API コール列を必要とすることがある．そこで本研究では，マルウェアの過去の API コール列から特徴を抽出し，それらに似た API コール列を自動生成する手法を提案する．その手法では具体的には，過去の API コール列の N-gram 集合を作成し，それらを組み合わせて，かつ，対の関係にある API コールができるだけ対の形で出現するなどの制約を守るようにして，架空の API コール列を生成する．本稿ではその手法を用いて生成された API コール列の例や統計情報を示す．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"API call sequences invoked by malware are often used for malware detection and classification. However, in these operations, especially in learning the existing API call sequences invoked by malware, there may be a problem that the number of API call sequences is insufficient and the accuracy of judgment decreases. In addition, when developing and testing systems for these, many API call sequences may be required as sample data. In this study, we propose a method to extract features from malware's past API call sequences and automatically generate API call sequences similar to them. Specifically, the method creates an N-gram set of past API call sequences, combines them, and generates fictitious API call sequences, adhering to constraints such as ensuring that paired API calls appear in pairs as much as possible. This paper presents examples and statistics of API call sequences generated using this method.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"7","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2023-12-04","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"12","bibliographicVolumeNumber":"2023-CSEC-103"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:31:40.897701+00:00","id":231400,"links":{}}