Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique

Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution seq...

Full description

Saved in:
Bibliographic Details
Main Authors: Oshio, Kei, Takada, Satoshi, Han, Chansu, Tanaka, Akira, Takeuchi, Jun'ichi
Format: Conference Proceeding
Language:English
Subjects:
Computers
Directed graphs
Estimation
graph embedding
IoT malware
Malware
malware analysis
signature matching
Source coding
Static analysis
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 3
container_issue
container_start_page 1
container_title
container_volume
creator Oshio, Kei
Takada, Satoshi
Han, Chansu
Tanaka, Akira
Takeuchi, Jun'ichi
description Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.
doi_str_mv 10.1109/ISCC55528.2022.9912475
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_9912475</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9912475</ieee_id><sourcerecordid>9912475</sourcerecordid><originalsourceid>FETCH-LOGICAL-i203t-478b6572e648f701b2f9a8e2779dc382fa2ddeab4ebe8119608fb62f4bd2538e3</originalsourceid><addsrcrecordid>eNotkNtKw0AURUdBsNZ-gSDzA6kzZ-6-SWhroKLQ9rnMJGfsSJrUJEX9e2992nu9bBabkFvOppwzd1es8lwpBXYKDGDqHAdp1BmZOGO51ko640CckxFoCZkR1l2Sq75_Y4xZBWZEVi9tP2B3T-c1fqZQI50fm3JIbUNn_ZD2_q-2kRbtmj75-sN3SDd9al7povOHHZ3tA1bVL6-x3DXp_YjX5CL6usfJKcdkM5-t88ds-bwo8odlloCJIZPGBq0MoJY2GsYDROctgjGuKoWF6KGq0AeJAS3nTjMbg4YoQwVKWBRjcvO_mxBxe-h-bLuv7ekD8Q1gOlE7</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique</title><source>IEEE Xplore All Conference Series</source><creator>Oshio, Kei ; Takada, Satoshi ; Han, Chansu ; Tanaka, Akira ; Takeuchi, Jun'ichi</creator><creatorcontrib>Oshio, Kei ; Takada, Satoshi ; Han, Chansu ; Tanaka, Akira ; Takeuchi, Jun'ichi</creatorcontrib><description>Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.</description><identifier>EISSN: 2642-7389</identifier><identifier>EISBN: 9781665497923</identifier><identifier>EISBN: 1665497920</identifier><identifier>DOI: 10.1109/ISCC55528.2022.9912475</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computers ; Directed graphs ; Estimation ; graph embedding ; IoT malware ; Malware ; malware analysis ; signature matching ; Source coding ; Static analysis</subject><ispartof>2022 IEEE Symposium on Computers and Communications (ISCC), 2022, p.1-3</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9912475$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9912475$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Oshio, Kei</creatorcontrib><creatorcontrib>Takada, Satoshi</creatorcontrib><creatorcontrib>Han, Chansu</creatorcontrib><creatorcontrib>Tanaka, Akira</creatorcontrib><creatorcontrib>Takeuchi, Jun'ichi</creatorcontrib><title>Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique</title><title>2022 IEEE Symposium on Computers and Communications (ISCC)</title><addtitle>ISCC</addtitle><description>Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.</description><subject>Computers</subject><subject>Directed graphs</subject><subject>Estimation</subject><subject>graph embedding</subject><subject>IoT malware</subject><subject>Malware</subject><subject>malware analysis</subject><subject>signature matching</subject><subject>Source coding</subject><subject>Static analysis</subject><issn>2642-7389</issn><isbn>9781665497923</isbn><isbn>1665497920</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2022</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotkNtKw0AURUdBsNZ-gSDzA6kzZ-6-SWhroKLQ9rnMJGfsSJrUJEX9e2992nu9bBabkFvOppwzd1es8lwpBXYKDGDqHAdp1BmZOGO51ko640CckxFoCZkR1l2Sq75_Y4xZBWZEVi9tP2B3T-c1fqZQI50fm3JIbUNn_ZD2_q-2kRbtmj75-sN3SDd9al7povOHHZ3tA1bVL6-x3DXp_YjX5CL6usfJKcdkM5-t88ds-bwo8odlloCJIZPGBq0MoJY2GsYDROctgjGuKoWF6KGq0AeJAS3nTjMbg4YoQwVKWBRjcvO_mxBxe-h-bLuv7ekD8Q1gOlE7</recordid><startdate>20220630</startdate><enddate>20220630</enddate><creator>Oshio, Kei</creator><creator>Takada, Satoshi</creator><creator>Han, Chansu</creator><creator>Tanaka, Akira</creator><creator>Takeuchi, Jun'ichi</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20220630</creationdate><title>Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique</title><author>Oshio, Kei ; Takada, Satoshi ; Han, Chansu ; Tanaka, Akira ; Takeuchi, Jun'ichi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i203t-478b6572e648f701b2f9a8e2779dc382fa2ddeab4ebe8119608fb62f4bd2538e3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Computers</topic><topic>Directed graphs</topic><topic>Estimation</topic><topic>graph embedding</topic><topic>IoT malware</topic><topic>Malware</topic><topic>malware analysis</topic><topic>signature matching</topic><topic>Source coding</topic><topic>Static analysis</topic><toplevel>online_resources</toplevel><creatorcontrib>Oshio, Kei</creatorcontrib><creatorcontrib>Takada, Satoshi</creatorcontrib><creatorcontrib>Han, Chansu</creatorcontrib><creatorcontrib>Tanaka, Akira</creatorcontrib><creatorcontrib>Takeuchi, Jun'ichi</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Oshio, Kei</au><au>Takada, Satoshi</au><au>Han, Chansu</au><au>Tanaka, Akira</au><au>Takeuchi, Jun'ichi</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique</atitle><btitle>2022 IEEE Symposium on Computers and Communications (ISCC)</btitle><stitle>ISCC</stitle><date>2022-06-30</date><risdate>2022</risdate><spage>1</spage><epage>3</epage><pages>1-3</pages><eissn>2642-7389</eissn><eisbn>9781665497923</eisbn><eisbn>1665497920</eisbn><abstract>Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.</abstract><pub>IEEE</pub><doi>10.1109/ISCC55528.2022.9912475</doi><tpages>3</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2642-7389
ispartof 2022 IEEE Symposium on Computers and Communications (ISCC), 2022, p.1-3
issn 2642-7389
language eng
recordid cdi_ieee_primary_9912475
source IEEE Xplore All Conference Series
subjects Computers
Directed graphs
Estimation
graph embedding
IoT malware
Malware
malware analysis
signature matching
Source coding
Static analysis
title Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T15%3A37%3A23IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Poster:%20Flexible%20Function%20Estimation%20of%20IoT%20Malware%20Using%20Graph%20Embedding%20Technique&rft.btitle=2022%20IEEE%20Symposium%20on%20Computers%20and%20Communications%20(ISCC)&rft.au=Oshio,%20Kei&rft.date=2022-06-30&rft.spage=1&rft.epage=3&rft.pages=1-3&rft.eissn=2642-7389&rft_id=info:doi/10.1109/ISCC55528.2022.9912475&rft.eisbn=9781665497923&rft.eisbn_list=1665497920&rft_dat=%3Cieee_CHZPO%3E9912475%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i203t-478b6572e648f701b2f9a8e2779dc382fa2ddeab4ebe8119608fb62f4bd2538e3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=9912475&rfr_iscdi=true