Malware detection scheme using behavioral sequence similarity

• Project/Area Number: 17K00181
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Research Field: Information security
• Research Institution: Tokyo Institute of Technology
• Principal Investigator: Isshiki Tsuyoshi 東京工業大学, 工学院, 教授 (10281718)
• Project Period (FY): 2017-04-01 – 2021-03-31
• Project Status: Completed (Fiscal Year 2020)
• Budget Amount: ¥4,550,000 (Direct Cost: ¥3,500,000、Indirect Cost: ¥1,050,000); Fiscal Year 2019: ¥1,040,000 (Direct Cost: ¥800,000、Indirect Cost: ¥240,000); Fiscal Year 2018: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000); Fiscal Year 2017: ¥1,950,000 (Direct Cost: ¥1,500,000、Indirect Cost: ¥450,000)
• Keywords: マルウェア対策 / プログラム解析 / プロセッサ設計 / マルウェア検知 / プロセッサエミュレータ

Outline of Final Research Achievements

Behavioral analysis and detection of malwares has mostly been performed by experienced engineers, which is too time consuming for the drastic increase in malware attack incidents nowadays. For automating the analysis and detection of malwares, we have developed a new set of techniques combining emulator-driven program structure analysis scheme, enumeration of malware API call sequences for profiling malware behaviors, and a custom processor for accelerating malware program analysis.

Academic Significance and Societal Importance of the Research Achievements

近年、マルウェア（悪意ソフトウェア）による情報システムの障害が急増しており、重要な情報インフラ・社会インフラへの深刻な攻撃が現在でも大きな社会問題になっている。増大するマルウェア攻撃は近年益々巧妙化してきており、これらの攻撃に迅速に対処するためには、多様なマルウェアの特徴を自動的に解釈し、未然に検知・防御する体系的な仕組みが必須であり、本研究は、この課題解決に対し、有効な技術要素の蓄積を行ったものである。

Research Products

• [Journal Article] Scalable Hardware Architecture for fast Gradient Boosted Tree Training (2021)
  • Author(s): T. Sadasue, T. Tanaka, R. Kasahara, A. Darmawan, T. Isshiki
  • Journal Title: IPSJ Transactions on System LSI Design Methodology Volume: 14 Pages: 11-20
  • NAID: 130007987502
  • Peer Reviewed / Open Access
• [Journal Article] Design of an Application Specific Instruction Set Processor for Real-Time Object Detection Using AdaBoost Algorithm (2017)
  • Author(s): Shanlin Xiao, Tsuyoshi Isshiki, Dongju Li, Hiroaki Kunieda
  • Journal Title: IEICE Trans. Fundamentals Volume: Vol. E100.A, No.7 Pages: 1384-1395
  • NAID: 130007311796
  • Peer Reviewed / Open Access
• [Journal Article] HOG-Based Object Detection Processor Design Using ASIP Methodology (2017)
  • Author(s): Shanlin Xiao, Tsuyoshi Isshiki, Dongju Li, Hiroaki Kunieda
  • Journal Title: IEICE Trans. Fundamentals Volume: Vol. E100.A, No.12 Pages: 2972-2984
  • NAID: 130006236477
  • Peer Reviewed / Open Access
• [Presentation] Scalable Full Hardware Logic Architecture for Gradient Boosted Tree Training (2020)
  • Author(s): T. Sadasue, T. Isshiki
  • Organizer: IEEE International Symposium on Field Programmable Custom Computing Machines
  • Int'l Joint Research
• [Presentation] CNN Training HW Architecture Design Using C2RTL SoC Synthesis/Verification Framework (2019)
  • Author(s): Tsuyoshi Isshiki
  • Organizer: 19th International Forum on MPSoC for Software-defined Hardware (MPSoC '19)
  • Int'l Joint Research / Invited
• [Presentation] C2RTL SoC Synthesis/Verification Framework For IoT Edge Devices (2018)
  • Author(s): Tsuyoshi Isshiki
  • Organizer: 18th International Forum on MPSoC for Software-defined Hardware (MPSoC '18)
  • Int'l Joint Research / Invited
• [Presentation] C2RTLフレームワークによるRISC-VベースSoCモデルの論理合成とシステム検証 (2017)
  • Author(s): 一色剛
  • Organizer: Design Solution Forum
  • Invited
• [Presentation] C++ Object-Oriented RTL Modeling for System-Level Synthesis/Verification on the C2RTL Framework (2017)
  • Author(s): Tsuyoshi Isshiki
  • Organizer: 17th International Forum on MPSoC for Software-defined Hardware (MPSoC ’17)
  • Int'l Joint Research / Invited