| 研究課題/領域番号 |
22K12038
|
|---|
| 研究種目 |
基盤研究(C)
|
| 配分区分 | 基金 |
|---|
| 応募区分 | 一般 |
|---|
| 審査区分 |
小区分60070:情報セキュリティ関連
|
|---|
| 研究機関 | 国立研究開発法人情報通信研究機構 |
|---|
研究代表者 |
班 涛 国立研究開発法人情報通信研究機構, サイバーセキュリティ研究所, 主任研究員 (80462878)
|
|---|
| 研究期間 (年度) |
2022-04-01 – 2025-03-31
|
| 研究課題ステータス |
交付 (2023年度)
|
| 配分額 *注記 |
4,160千円 (直接経費: 3,200千円、間接経費: 960千円)
2024年度: 650千円 (直接経費: 500千円、間接経費: 150千円)
2023年度: 650千円 (直接経費: 500千円、間接経費: 150千円)
2022年度: 2,860千円 (直接経費: 2,200千円、間接経費: 660千円)
|
|---|
| キーワード | IoT malware analysis / IoT security / static analysis / packer / explainable AI / machine learning / graph embedding / Explainable AI / function call graph / Malware anlaysis / IoT malware / CPU architecture / Static analysis |
|---|
| 研究開始時の研究の概要 |
CPU architecture diversity and resource constraints on IoT devices render conventional protection schemes impractical, hindering malware precautions and countermeasures. In this proposal, we propose integrating advanced machine learning methods with security domain knowledge to implement a practical IoT malware detection and prevention scheme that meets the eligibility requirements on accuracy, computational and resource-efficiency, adaptivity to various application scenarios, and robustness against new attacks.
|
| 研究実績の概要 |
In FY 2023, we advanced research on compatible malware protection across CPU architectures and resilience against cyberattacks. Here are the expanded details:
(1) Our research on employing explainable AI to identify unique characteristics in malware families was successfully concluded. We proposed the Color-coded Attribute Graph for intuitive and accurate malware analysis, which garnered significant attention in the cybersecurity community.
(2) Our exploration into detecting IoT malware in packed samples has provided valuable insights. Through an analysis of trends in packed malware on VirusTotal and overcoming challenges with reverse engineering tools, we have developed a robust solution. This solution involves feature selection and automated malware classification, shedding light on accurately and efficiently detecting packed IoT malware. It is poised to significantly enhance the overall security of IoT devices.
(3) With a keen focus on efficiency in resource-constrained devices and cross-platform compatibility, we delved deeper into methods for analyzing IoT malware using printable strings extracted from binary files. Our extensive validation process confirmed the effectiveness of these methods, paving the way for more robust malware detection techniques in the future.
|
| 現在までの達成度 (区分) |
現在までの達成度 (区分)
2: おおむね順調に進展している
理由
In this FY, our primary objective of analyzing IoT malware across CPU architectures has yielded expected results: 1 conference paper accepted, 2 in preparation. Side research on packed malware faced slight delays; 1 paper withdrawn due to data insufficiency, prompting further investigation.
(1) Research on XAI for IoT malware analysis is successfully concluded, resulting in 1 international conference paper.
(2) Work on printable string-based malware detection is ongoing, utilizing effective suffix tree-based string processing methods, with 2 papers be in preparation.
(3) New research started on reinterpreting opcodes as system calls for malware samples without symbolic tables, aiming for compatible CPU architecture analysis through a transition from opcode to system call-level analysis.
|
| 今後の研究の推進方策 |
In the concluding year of this research project, our goal is to craft a pragmatic and precise malware detection system tailored for widespread IoT devices by integrating accumulated findings. Specifically, we aim to:
(1) Enhance malware detection through printable strings, refining classification accuracy and lessening reliance on system resources.
(2) Conclude our investigation into text processing methods grounded in suffix trees, fine-tuning parameters for effective analysis of IoT-related malware.
(3) Finalize our exploration of reinterpreting opcodes as system calls, enhancing malware analysis and ensuring compatibility across platforms.
(4) Persist in monitoring the evolving trends of packed programs within IoT malware, ensuring proactive measures against forthcoming threats.
|
