TY - GEN
T1 - Poster
T2 - 27th IEEE Symposium on Computers and Communications, ISCC 2022
AU - Oshio, Kei
AU - Takada, Satoshi
AU - Han, Chansu
AU - Tanaka, Akira
AU - Takeuchi, Jun'ichi
N1 - Funding Information:
V. ACKNOWLEDGMENTS This research was conducted under a contract of “MITIGATE” among “Research and Development for Expansion of Radio Wave Resources (JPJ000254),” which was supported by the Ministry of Internal Affairs and Communications, Japan.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.
AB - Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.
UR - http://www.scopus.com/inward/record.url?scp=85141200447&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85141200447&partnerID=8YFLogxK
U2 - 10.1109/ISCC55528.2022.9912475
DO - 10.1109/ISCC55528.2022.9912475
M3 - Conference contribution
AN - SCOPUS:85141200447
T3 - Proceedings - IEEE Symposium on Computers and Communications
BT - 2022 IEEE Symposium on Computers and Communications, ISCC 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 June 2022 through 3 July 2022
ER -