{"links":{},"id":91328,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00091328","sets":["581:7002:7137"]},"path":["7137"],"owner":"11","recid":"91328","title":["静的解析により抽出されたAPI推移に基づくマルウェアの分類"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-03-15"},"_buckets":{"deposit":"77ef3016-f9a3-4839-98cf-21a0cbbaa62a"},"_deposit":{"id":"91328","pid":{"type":"depid","value":"91328","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"静的解析により抽出されたAPI推移に基づくマルウェアの分類","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"静的解析により抽出されたAPI推移に基づくマルウェアの分類"},{"subitem_title":"Malware Classification Based on Extracted API Sequence by Static Analysis","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[一般論文] マルウェア，静的解析，制御フロー解析，API推移，特徴抽出","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2013-03-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"日本コンピュータセキュリティリサーチ株式会社／現在，独立行政法人情報処理推進機構"},{"subitem_text_value":"信州大学大学院総合工学系研究科"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Japan Computer Security Research Center / Presently with Information-technology Promotion Agency","subitem_text_language":"en"},{"subitem_text_value":"Interdisciplinary Graduate School of Science and Technology, Shinshu University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/91328/files/IPSJ-JNL5403022.pdf"},"date":[{"dateType":"Available","dateValue":"2015-03-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5403022.pdf","filesize":[{"value":"1.2 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"9f2b8e3d-1621-4c7a-9c19-17ec414d31ff","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"岩本, 一樹"},{"creatorName":"和﨑克己"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kazuki, Iwamoto","creatorNameLang":"en"},{"creatorName":"Katsumi, Wasaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本論文では，対象とする多数の検体を静的解析することで特徴を抽出し，ソースコードの構成に基づいた，精度の高いマルウェアの自動分類法を提案する．特徴抽出に関する提案手法は，検体の実行コードに対して，API推移依存グラフの，あるAPIとその後に呼び出されるAPIの組の有無を定義し，マルウェアの検体の特徴量とする．検体間の類似度の定義としてDice係数を適用した．特徴が似ている検体群の可視化のため，抽出した特徴量に基づいた階層型クラスタ分析を行う．分析結果は科名ごとに着色された樹形図で提示する．提案手法を評価するため，逆アセンブラ，制御フロー解析器，API推移特徴抽出器，Dice係数生成器，階層型クラスタ分析処理プログラムを制作し，自動マルウェア静的解析システムを構築した．実験として，4,684種類のマルウェアの検体を用意し，API推移抽出に成功した1,821種類の検体に対して，類似度比較による自動分類を実行した．その結果，短い時間で階層型クラスタ分析まで自動処理を実施し，亜種グループを形成する多数の有意なクラスタを得た．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In this paper, we propose highly accurate automatic malware classification method, by extracting features by using static analysis of malware samples, with the structure of malware source code. In the proposal extracting method, existence and non-existence of a particular pairs of API and its subsequent API in API sequence graph is compared with the executable code of a sample, with which feature of malware sample is defined. To determine the degree of similarity between samples, Dice's coefficient has been applied. To visualize the grouping of similarly-featured samples, we have used hierarchical cluster analysis based on the extracted features. The analysis results are presented in dendrogram with colored nodes to each family name. In order to assess the proposed method, we have set up the automatic malware static analysis system with combination of disassembler, control flow analyzer, API sequence extractor, similarity calculator and hierarchical cluster analyzer. We have acquired 4,684 malware samples, and 1,821 of those samples successfully extracted from API sequence have been put to our proposal classification method. As a result, automatic processing has been executed to hierarchical cluster analysis in a short time, and significant clusters of variant groups have been obtained.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1210","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1199","bibliographicIssueDates":{"bibliographicIssueDate":"2013-03-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"54"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:40:37.643364+00:00","updated":"2025-01-21T15:38:07.239671+00:00"}