{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240945","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240945","title":["IoTマルウェアの系統樹クラスタリングにおける機能面に踏み込んだ解析のための距離定義の改良"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"130f4636-3560-4fe3-bc92-3ee7e28907e3"},"_deposit":{"id":"240945","pid":{"type":"depid","value":"240945","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"IoTマルウェアの系統樹クラスタリングにおける機能面に踏み込んだ解析のための距離定義の改良","author_link":["662363","662364","662365","662366","662367","662368","662369","662370","662371","662372","662373","662374"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"IoTマルウェアの系統樹クラスタリングにおける機能面に踏み込んだ解析のための距離定義の改良","subitem_title_language":"ja"},{"subitem_title":"Improvement of Distance Definition for In-Depth Functional Analysis in Phylogenetic Clustering of IoT Malware","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IoT マルウェア，系統樹，クラスタリング，正規化圧縮距離","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"九州大学"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"株式会社日立システムズ"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"九州大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kyushu University","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Systems, Ltd.","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Kyushu University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240945/files/IPSJ-CSS2024199.pdf","label":"IPSJ-CSS2024199.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024199.pdf","filesize":[{"value":"818.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"555201a8-1b0d-4cf5-8fa7-e78af1b6b622","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"二川, 功佑"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"韓, 燦洙"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"田中, 智"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岩本, 一樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高橋, 健志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"竹内, 純一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kosuke, Nikawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Chansu, Han","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuki, Iwamoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takeshi, Takahashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jun’ichi, Takeuchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"IoT機器をターゲットとしたマルウェアによる攻撃が増加している．IoTマルウェアは攻撃者のソースコード改変により多様に進化しており，大量の検体に対して詳細な機能情報を効率的に解析することが求められる．機能面に踏み込んだ解析のためには，検体の実行可能ファイル内から有用な情報を取り出して用いることが必要である．本研究はマルウェアの系統樹クラスタリングにおける，詳細な機能情報の解析のための検体間距離定義に焦点を当てている．実行ファイルに記述されているコードはライブラリ関数と攻撃者が独自に記述したと考えられるユーザーコードに大別でき，検体の詳細な機能の差異を表す情報はユーザーコードのみに含まれていると推測できる．そこで，ユーザーコードやライブラリ関数等の情報の有無が機能ラベルに対するクラスタリング精度にどの程度影響するのかを調査するため，IoTマルウェア4801検体及び816検体の実データセットからこれらの情報を選択的に組み合わせたファイルデータセットを6つ作成し距離定義，系統樹クラスタリングをする実験を行った．クラスタリング精度を評価する機能ラベルには無害化情報とExploit情報を用いた．その結果，ユーザーコード部のオペコードの情報のみを用いることによる機能ラベルに対するクラスタリング精度の向上を確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"IoT malware evolves diversely through the modification of source code by attackers, necessitating the efficient analysis of detailed functional information across a large number of samples. For a detailed functional analysis, it is necessary to extract and utilize relevant information from the executable files of the samples. This study focuses on defining inter-sample distances for the analysis of detailed functional information in the context of malware phylogenetic clustering. The code described in an executable file can generally be classified into library functions and user code, which is presumed to be independently written by the attacker. It is hypothesized that the information reflecting detailed functional differences among samples is contained only in the user code. We conducted experiments in which we investigated the change in clustering accuracy based on functional labels, when user code and library functions are present or absent. The results confirmed an improvement in clustering accuracy concerning functional labels when using only the opcode information from the user code sections.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1504","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1497","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":240945,"updated":"2025-03-06T05:58:02.993775+00:00","links":{},"created":"2025-01-19T01:45:25.602621+00:00"}