| Project/Area Number |
22K12038
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60070:Information security-related
|
|---|
| Research Institution | National Institute of Information and Communications Technology |
|---|
Principal Investigator |
班 涛 国立研究開発法人情報通信研究機構, サイバーセキュリティ研究所, 主任研究員 (80462878)
|
|---|
| Project Period (FY) |
2022-04-01 – 2025-03-31
|
| Project Status |
Granted (Fiscal Year 2023)
|
| Budget Amount *help |
¥4,160,000 (Direct Cost: ¥3,200,000、Indirect Cost: ¥960,000)
Fiscal Year 2024: ¥650,000 (Direct Cost: ¥500,000、Indirect Cost: ¥150,000)
Fiscal Year 2023: ¥650,000 (Direct Cost: ¥500,000、Indirect Cost: ¥150,000)
Fiscal Year 2022: ¥2,860,000 (Direct Cost: ¥2,200,000、Indirect Cost: ¥660,000)
|
|---|
| Keywords | IoT malware analysis / IoT security / static analysis / packer / explainable AI / machine learning / graph embedding / Explainable AI / function call graph / Malware anlaysis / IoT malware / CPU architecture / Static analysis |
|---|
| Outline of Research at the Start |
CPU architecture diversity and resource constraints on IoT devices render conventional protection schemes impractical, hindering malware precautions and countermeasures. In this proposal, we propose integrating advanced machine learning methods with security domain knowledge to implement a practical IoT malware detection and prevention scheme that meets the eligibility requirements on accuracy, computational and resource-efficiency, adaptivity to various application scenarios, and robustness against new attacks.
|
| Outline of Annual Research Achievements |
In FY 2023, we advanced research on compatible malware protection across CPU architectures and resilience against cyberattacks. Here are the expanded details:
(1) Our research on employing explainable AI to identify unique characteristics in malware families was successfully concluded. We proposed the Color-coded Attribute Graph for intuitive and accurate malware analysis, which garnered significant attention in the cybersecurity community.
(2) Our exploration into detecting IoT malware in packed samples has provided valuable insights. Through an analysis of trends in packed malware on VirusTotal and overcoming challenges with reverse engineering tools, we have developed a robust solution. This solution involves feature selection and automated malware classification, shedding light on accurately and efficiently detecting packed IoT malware. It is poised to significantly enhance the overall security of IoT devices.
(3) With a keen focus on efficiency in resource-constrained devices and cross-platform compatibility, we delved deeper into methods for analyzing IoT malware using printable strings extracted from binary files. Our extensive validation process confirmed the effectiveness of these methods, paving the way for more robust malware detection techniques in the future.
|
| Current Status of Research Progress |
Current Status of Research Progress
2: Research has progressed on the whole more than it was originally planned.
Reason
In this FY, our primary objective of analyzing IoT malware across CPU architectures has yielded expected results: 1 conference paper accepted, 2 in preparation. Side research on packed malware faced slight delays; 1 paper withdrawn due to data insufficiency, prompting further investigation.
(1) Research on XAI for IoT malware analysis is successfully concluded, resulting in 1 international conference paper.
(2) Work on printable string-based malware detection is ongoing, utilizing effective suffix tree-based string processing methods, with 2 papers be in preparation.
(3) New research started on reinterpreting opcodes as system calls for malware samples without symbolic tables, aiming for compatible CPU architecture analysis through a transition from opcode to system call-level analysis.
|
| Strategy for Future Research Activity |
In the concluding year of this research project, our goal is to craft a pragmatic and precise malware detection system tailored for widespread IoT devices by integrating accumulated findings. Specifically, we aim to:
(1) Enhance malware detection through printable strings, refining classification accuracy and lessening reliance on system resources.
(2) Conclude our investigation into text processing methods grounded in suffix trees, fine-tuning parameters for effective analysis of IoT-related malware.
(3) Finalize our exploration of reinterpreting opcodes as system calls, enhancing malware analysis and ensuring compatibility across platforms.
(4) Persist in monitoring the evolving trends of packed programs within IoT malware, ensuring proactive measures against forthcoming threats.
|
