抄録
In this study, we collected data on malware behavior and generated explanatory descriptions using a large language model (LLM). The objective of this study is to determine whether a given malware sample truly exhibits malicious behavior. To collect detailed information, we modified the Linux kernel to build a system capable of capturing information about the arguments and return values of invoked system calls. We subsequently analyzed the data obtained from our system for indications that the malware exhibited malicious or anti-analysis behavior. Additionally, we assessed whether the LLM could interpret this data and provide an explanation of the malware behavior. This approach constitutes a shift in focus from the method of attack, which is examined in the detection of the malware family, to an evaluation of the malicious nature of the actions performed by the malware. Our inferences demonstrated that our data could represent both what the malware “attempted to do” and what it “actually did,” and the LLM was able to accurately interpret this data and explain the malware behavior.
| 本文言語 | English |
|---|---|
| ページ(範囲) | 443-450 |
| ページ数 | 8 |
| ジャーナル | International Conference on Agents and Artificial Intelligence |
| 巻 | 3 |
| DOI | |
| 出版ステータス | Published - 2025 |
| イベント | 17th International Conference on Agents and Artificial Intelligence, ICAART 2025 - Porto, Portugal 継続期間: 23 2月 2025 → 25 2月 2025 |