WEKO3
アイテム
{"_buckets": {"deposit": "96b8d3dc-7328-4492-ac3e-a956013c7a85"}, "_deposit": {"created_by": 3, "id": "10213", "owners": [3], "pid": {"revision_id": 0, "type": "depid", "value": "10213"}, "status": "published"}, "_oai": {"id": "oai:ynu.repo.nii.ac.jp:00010213", "sets": ["501"]}, "author_link": ["36119", "36120", "36411", "36412"], "item_2_biblio_info_8": {"attribute_name": "書誌情報", "attribute_value_mlt": [{"bibliographicIssueDates": {"bibliographicIssueDate": "2020", "bibliographicIssueDateType": "Issued"}, "bibliographicIssueNumber": "1", "bibliographicPageEnd": "42", "bibliographicPageStart": "32", "bibliographicVolumeNumber": "E103B", "bibliographic_titles": [{"bibliographic_title": "IEICE Transactions on Communications"}]}]}, "item_2_description_5": {"attribute_name": "抄録", "attribute_value_mlt": [{"subitem_description": "A drastic increase in cyberattacks targeting Internet of Things (IoT) devices using telnet protocols has been observed. IoT malware continues to evolve, and the diversity of OS and environments increases the difficulty of executing malware samples in an observation setting. To address this problem, we sought to develop an alternative means of investigation by using the telnet logs of IoT honeypots and analyzing malware without executing it. In this paper, we present a malware classification method based on malware binaries, command sequences, and meta-features. We employ both unsupervised or supervised learning algorithms and text-mining algorithms for handling unstructured data. Clustering analysis is applied for finding malware family members and revealing their inherent features for better explanation. First, the malware binaries are grouped using similarity analysis. Then, we extract key patterns of interaction behavior using an N-gram model. We also train a multiclass classifier to identify IoT malware categories based on common infection behavior. For misclassified subclasses, second-stage sub-training is performed using a file meta-feature. Our results demonstrate 96.70% accuracy, with high precision and recall. The clustering results reveal variant attack vectors and one denial of service (DoS) attack that used pure Linux commands.", "subitem_description_type": "Abstract"}]}, "item_2_publisher_35": {"attribute_name": "出版者", "attribute_value_mlt": [{"subitem_publisher": "IEICE"}]}, "item_2_relation_13": {"attribute_name": "DOI", "attribute_value_mlt": [{"subitem_relation_type": "isIdenticalTo", "subitem_relation_type_id": {"subitem_relation_type_id_text": "info:doi/10.1587/transcom.2019CPP0009", "subitem_relation_type_select": "DOI"}}]}, "item_2_relation_44": {"attribute_name": "関係URI", "attribute_value_mlt": [{"subitem_relation_name": [{"subitem_relation_name_text": "https://www.ieice.org/cs/jpn/EB/index.html"}], "subitem_relation_type_id": {"subitem_relation_type_id_text": "https://www.ieice.org/cs/jpn/EB/index.html", "subitem_relation_type_select": "URI"}}]}, "item_2_rights_14": {"attribute_name": "権利", "attribute_value_mlt": [{"subitem_rights": "copyright©IEICE2020"}]}, "item_2_source_id_9": {"attribute_name": "ISSN", "attribute_value_mlt": [{"subitem_source_identifier": "17451345", "subitem_source_identifier_type": "ISSN"}]}, "item_2_text_4": {"attribute_name": "著者所属", "attribute_value_mlt": [{"subitem_text_value": "Graduate School of Environment and Information Sciences, Yokohama National University"}, {"subitem_text_value": "Cybersecurity Technology Institute, Institute for Information Industry"}, {"subitem_text_value": "Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University"}, {"subitem_text_value": "Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University"}]}, "item_2_version_type_18": {"attribute_name": "著者版フラグ", "attribute_value_mlt": [{"subitem_version_resource": "http://purl.org/coar/version/c_970fb48d4fbd8a85", "subitem_version_type": "VoR"}]}, "item_creator": {"attribute_name": "著者", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "Wu, Chun-Jung"}], "nameIdentifiers": [{"nameIdentifier": "36411", "nameIdentifierScheme": "WEKO"}]}, {"creatorNames": [{"creatorName": "Huang, Shin-Ying"}], "nameIdentifiers": [{"nameIdentifier": "36412", "nameIdentifierScheme": "WEKO"}]}, {"creatorNames": [{"creatorName": "Yoshioka, Katsunari"}], "nameIdentifiers": [{"nameIdentifier": "36119", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "60415841", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://kaken.nii.ac.jp/ja/search/?qm=60415841"}]}, {"creatorNames": [{"creatorName": "Matsumoto, Tsutomu"}], "nameIdentifiers": [{"nameIdentifier": "36120", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "40183107", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://kaken.nii.ac.jp/ja/search/?qm=40183107"}]}]}, "item_files": {"attribute_name": "ファイル情報", "attribute_type": "file", "attribute_value_mlt": [{"accessrole": "open_date", "date": [{"dateType": "Available", "dateValue": "2020-01-29"}], "displaytype": "detail", "download_preview_message": "", "file_order": 0, "filename": "IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information-e103-b_1_32.pdf", "filesize": [{"value": "4.0 MB"}], "format": "application/pdf", "future_date_message": "", "is_thumbnail": false, "licensetype": "license_free", "mimetype": "application/pdf", "size": 4000000.0, "url": {"label": "IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information-e103-b_1_32.pdf", "url": "https://ynu.repo.nii.ac.jp/record/10213/files/IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information-e103-b_1_32.pdf"}, "version_id": "d1e09537-08a6-4826-835d-1cb30a56b06b"}]}, "item_keyword": {"attribute_name": "キーワード", "attribute_value_mlt": [{"subitem_subject": "IoT malware", "subitem_subject_scheme": "Other"}, {"subitem_subject": "botnet", "subitem_subject_scheme": "Other"}, {"subitem_subject": "denial of service", "subitem_subject_scheme": "Other"}, {"subitem_subject": "text mining", "subitem_subject_scheme": "Other"}, {"subitem_subject": "N-gram", "subitem_subject_scheme": "Other"}, {"subitem_subject": "classification", "subitem_subject_scheme": "Other"}, {"subitem_subject": "clustering", "subitem_subject_scheme": "Other"}]}, "item_language": {"attribute_name": "言語", "attribute_value_mlt": [{"subitem_language": "eng"}]}, "item_resource_type": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"resourcetype": "journal article", "resourceuri": "http://purl.org/coar/resource_type/c_6501"}]}, "item_title": "IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information", "item_titles": {"attribute_name": "タイトル", "attribute_value_mlt": [{"subitem_title": "IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information"}]}, "item_type_id": "2", "owner": "3", "path": ["501"], "permalink_uri": "http://hdl.handle.net/10131/00012876", "pubdate": {"attribute_name": "公開日", "attribute_value": "2020-01-29"}, "publish_date": "2020-01-29", "publish_status": "0", "recid": "10213", "relation": {}, "relation_version_is_last": true, "title": ["IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information"], "weko_shared_id": -1}
IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information
http://hdl.handle.net/10131/00012876
http://hdl.handle.net/10131/000128761cc5b301-8cb3-47ec-a768-cfb2e1f5892b
名前 / ファイル | ライセンス | アクション |
---|---|---|
IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information-e103-b_1_32.pdf (4.0 MB)
|
|
Item type | 学術雑誌論文 / Journal Article(1) | |||||
---|---|---|---|---|---|---|
公開日 | 2020-01-29 | |||||
タイトル | ||||||
タイトル | IoT Malware Analysis and New Pattern Discovery Through Sequence Analysis Using Meta-Feature Information | |||||
言語 | ||||||
言語 | eng | |||||
キーワード | ||||||
主題 | IoT malware, botnet, denial of service, text mining, N-gram, classification, clustering | |||||
資源タイプ | ||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||
資源タイプ | journal article | |||||
著者 |
Wu, Chun-Jung
× Wu, Chun-Jung× Huang, Shin-Ying× Yoshioka, Katsunari× Matsumoto, Tsutomu |
|||||
著者所属 | ||||||
Graduate School of Environment and Information Sciences, Yokohama National University | ||||||
著者所属 | ||||||
Cybersecurity Technology Institute, Institute for Information Industry | ||||||
著者所属 | ||||||
Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University | ||||||
著者所属 | ||||||
Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University | ||||||
抄録 | ||||||
内容記述タイプ | Abstract | |||||
内容記述 | A drastic increase in cyberattacks targeting Internet of Things (IoT) devices using telnet protocols has been observed. IoT malware continues to evolve, and the diversity of OS and environments increases the difficulty of executing malware samples in an observation setting. To address this problem, we sought to develop an alternative means of investigation by using the telnet logs of IoT honeypots and analyzing malware without executing it. In this paper, we present a malware classification method based on malware binaries, command sequences, and meta-features. We employ both unsupervised or supervised learning algorithms and text-mining algorithms for handling unstructured data. Clustering analysis is applied for finding malware family members and revealing their inherent features for better explanation. First, the malware binaries are grouped using similarity analysis. Then, we extract key patterns of interaction behavior using an N-gram model. We also train a multiclass classifier to identify IoT malware categories based on common infection behavior. For misclassified subclasses, second-stage sub-training is performed using a file meta-feature. Our results demonstrate 96.70% accuracy, with high precision and recall. The clustering results reveal variant attack vectors and one denial of service (DoS) attack that used pure Linux commands. | |||||
書誌情報 |
IEICE Transactions on Communications 巻 E103B, 号 1, p. 32-42, 発行日 2020 |
|||||
ISSN | ||||||
収録物識別子タイプ | ISSN | |||||
収録物識別子 | 17451345 | |||||
DOI | ||||||
関連タイプ | isIdenticalTo | |||||
識別子タイプ | DOI | |||||
関連識別子 | info:doi/10.1587/transcom.2019CPP0009 | |||||
権利 | ||||||
権利情報 | copyright©IEICE2020 | |||||
著者版フラグ | ||||||
出版タイプ | VoR | |||||
出版タイプResource | http://purl.org/coar/version/c_970fb48d4fbd8a85 | |||||
出版者 | ||||||
出版者 | IEICE | |||||
関係URI | ||||||
識別子タイプ | URI | |||||
関連識別子 | https://www.ieice.org/cs/jpn/EB/index.html | |||||
関連名称 | https://www.ieice.org/cs/jpn/EB/index.html |