{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240978","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240978","title":["APIコールの時系列情報に注目したLSTMによるマルウェアの早期検知と分類"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"da468902-4a55-4e00-908f-c0d1308d8803"},"_deposit":{"id":"240978","pid":{"type":"depid","value":"240978","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"APIコールの時系列情報に注目したLSTMによるマルウェアの早期検知と分類","author_link":["662569","662570","662571","662572","662573","662574"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"APIコールの時系列情報に注目したLSTMによるマルウェアの早期検知と分類","subitem_title_language":"ja"},{"subitem_title":"API Call-Based Early Detection and Classification of Malware using LSTM focusing on Time-Series Information","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェアの早期検知，マルウェアファミリ早期分類，LSTM","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大阪公立大学大学院情報学研究科"},{"subitem_text_value":"大阪公立大学大学院情報学研究科"},{"subitem_text_value":"大阪公立大学大学院情報学研究科"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Osaka Metropolitan University Graduate school of Informatics","subitem_text_language":"en"},{"subitem_text_value":"Osaka Metropolitan University Graduate school of Informatics","subitem_text_language":"en"},{"subitem_text_value":"Osaka Metropolitan University Graduate school of Informatics","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240978/files/IPSJ-CSS2024232.pdf","label":"IPSJ-CSS2024232.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024232.pdf","filesize":[{"value":"556.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"aaad666d-2cf1-4973-80ce-4a52438eb6cb","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"丸若, 弘介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"青木, 茂樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"宮本, 貴朗"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kosuke, Maruwaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shigeki, Aoki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takao, Miyamoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年のサイバー攻撃の巧妙化に伴って，マルウェアの侵入を防ぐことが難しくなってきている．マルウェア侵入後の被害を最小限に抑えるためには，マルウェア侵入の迅速な検知とマルウェアを特性ごとにまとめたグループである，マルウェアファミリの特定が重要である．そこで本稿では，マルウェアのAPIコールの時系列情報に着目してマルウェア侵入の検知とマルウェアファミリの推定を行う手法を提案する．まず，観測されたAPIコールログ中の関数名を時系列順に抽出し，先頭から，30%，50%，70%，90%，100%の長さで分割して，長さごとに異なるLSTMで学習する．次に，新たなAPIコールの時系列情報が観測された時，観測された長さに対応したLSTMに入力してマルウェアを検知する．実験では，Malware Analysis Datasetsを用いてマルウェア検知に関する有効性を確認し，Soliton Dataset2020，2021を用いてマルウェアファミリの特定に関する有効性を確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"With the recent sophistication of cyber-attacks, preventing malware intrusion has become challenging. To minimize damage after an intrusion, timely malware detection and identification of malware families-groups of malware categorized by their characteristics-are crucial. In this paper, we propose a method for detecting malware and estimating malware families by analyzing time-series information from API calls. First, we extract function names from observed API call logs in chronological order and divide them into segments of varying lengths (30%, 50%, 70%, 90%, and 100% from the top). Each segment is then trained using a separate LSTM model. When new API call time-series data is observed, it is input to the LSTM corresponding to the observed segment length for malware detection. Our experiments validate the effectiveness of our proposed method in detecting malware using Malware Analysis Datasets, as well as its ability to identify malware families using the Soliton Dataset for 2020 and 2021.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1747","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1742","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":240978,"updated":"2025-03-06T05:59:33.860272+00:00","links":{},"created":"2025-01-19T01:45:28.681905+00:00"}