{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240716","sets":["581:11492:11504"]},"path":["11504"],"owner":"44499","recid":"240716","title":["CPUアーキテクチャに依存しないIoTマルウェア分類木生成手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-11-15"},"_buckets":{"deposit":"f3ff2cc0-97a0-43cc-94c4-8eaca37c7994"},"_deposit":{"id":"240716","pid":{"type":"depid","value":"240716","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"CPUアーキテクチャに依存しないIoTマルウェア分類木生成手法","author_link":["660862","660866","660860","660863","660859","660870","660865","660864","660867","660861","660869","660868"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"CPUアーキテクチャに依存しないIoTマルウェア分類木生成手法"},{"subitem_title":"CPU Architecture Independent IoT Malware Classification Tree Generation Method","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[一般論文] IoTマルウェア，分類，クラスタリング，可視化，YARAルール，教師なし学習","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2024-11-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大阪大学大学院情報科学研究科"},{"subitem_text_value":"岡山大学学術研究院環境生命自然科学学域"},{"subitem_text_value":"横浜国立大学大学院環境情報研究院／先端科学高等研究院"},{"subitem_text_value":"大阪大学大学院情報科学研究科"},{"subitem_text_value":"大阪大学大学院情報科学研究科"},{"subitem_text_value":"大阪大学大学院情報科学研究科"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Information Science and Technology, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Environmental, Life, Natural Science and Technology, Okayama University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Environment and Information Sciences / Institute of Advanced Sciences, Yokohama National Univeristy","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Information Science and Technology, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Information Science and Technology, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Information Science and Technology, Osaka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240716/files/IPSJ-JNL6511008.pdf","label":"IPSJ-JNL6511008.pdf"},"date":[{"dateType":"Available","dateValue":"2026-11-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6511008.pdf","filesize":[{"value":"4.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"30d3f396-cfaf-4b68-b195-982e6f957317","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大迫, 勇太郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山内, 利宏"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉岡, 克成"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"藤橋, 卓也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"渡辺, 尚"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"猿渡, 俊介"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yutaro, Osako","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Yamauchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takuya, Fujihashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takashi, Watanabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shunsuke, Saruwatari","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"モノがネットワークに接続されることが一般的となり，我々の生活が便利になった．しかしながら，ネットワーク接続されたモノは攻撃者の標的となり，大規模な攻撃への温床となっているため，マルウェアへの対応が必須である．Internet of Things（IoT）デバイス向けのマルウェアへの対策は，攻撃方法の高速な分析と多様なCPUアーキテクチャへの対応が求められる．このような観点から，本稿ではIoTデバイス向けのマルウェアの分類手法「String-based Malware Classification Algorithm +（SMCA+）」を提案する．SMCA+では，マルウェアから文字列の単語を抽出し，Bag of Wordsに変換したうえで次元削減し得たベクトルに対して，階層的クラスタリングによって分類木を作成する．文字列ベースの手法では，CPUアーキテクチャが異なる同種のマルウェアを近くにクラスタリングできる．また，説明変数が文字列であるため，ユーザが解析しやすいという特徴がある．SMCA+の有効性を横浜国立大学吉岡研究室のIoTマルウェアデータセットおよびVirusTotalのラベルを用いて評価した結果，3ファミリ間での平均F1スコアが0.978であり，従来のマルウェア分類と矛盾のない結果であることを確認した．また，可視化結果の検証によってCPUアーキテクチャによらず類似したバイナリファイルに分類できることを確認し，解析に有用な文字列の情報が抽出できた．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"It has become common for things to be connected to the network, making our lives more convenient. However, network-connected things have become targets of attackers and a hotbed for large-scale attacks, so it is essential to address malware. Countermeasures against malware for IoT devices require fast analysis of attack methods and support for a variety of CPU architectures. From this perspective, this paper proposes a new malware classification method for IoT devices, String-based Malware Classification Algorithm+ (SMCA+). SMCA+ extracts words from malware, transforms them into a bag of words, and creates a classification tree by hierarchical clustering of vectors obtained through dimensionality reduction. The string-based method can cluster malware of the same type with different CPU architectures close. In addition, since the explanatory variables are strings, they are easy for users to analyze. We evaluated the effectiveness of SMCA+ using the IoT malware dataset from Yokohama National University Yoshioka Laboratory and VirusTotal labels and found that the average F1 score among the three families is 0.978, confirming results consistent with conventional malware classification. Furthermore, through the validation of visualization results, we confirmed the capability to classify similar binary files regardless of the CPU architecture and extracted useful string information for analysis.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1617","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1604","bibliographicIssueDates":{"bibliographicIssueDate":"2024-11-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"11","bibliographicVolumeNumber":"65"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/00240596","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"44499"},"updated":"2025-01-19T07:52:43.972921+00:00","created":"2025-01-19T01:45:03.656415+00:00","links":{},"id":240716}