发布求助
文献互助 智能选刊 最新文献

Journal of Information Processing最新文献

筛选
英文 中文
Multilayer Action Representation based on MITRE ATT&CK for Automated Penetration Testing 自动渗透测试中基于MITRE att&ck的多层动作表示
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.562
Hoang Viet Nguyen, Tetsutaro Uehara
{"title":"Multilayer Action Representation based on MITRE ATT&CK for Automated Penetration Testing","authors":"Hoang Viet Nguyen, Tetsutaro Uehara","doi":"10.2197/ipsjjip.31.562","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.562","url":null,"abstract":"Penetration testing is among the most efficient techniques to improve network system defense and search for potential weaknesses. Applying penetration testing with reinforcement learning can enhance automation and accuracy and reduce dependence on human labor. However, this approach still encounters obstacles in intricate network systems, such as large ones, where compromising is challenging. The lack of modeling derived from a specific common cybersecurity knowledge base also complicates effective applications in practice. Therefore, based on MITRE ATT&CK knowledge, we propose a multilayer action representation to improve the performance, accuracy, and applicability of penetration testing on complex networks. The multilayer action representation's goal is to embody actions in penetration testing as n-dimensional vectors while faithfully capturing their characteristics and relationships. Therefore, it directly improves the performance of reinforcement learning agents in large and complicated network scenarios. For faster training, we also use an epsilon-Wolpertinger architecture. We conducted experiments on four difficulty levels with three network configurations and 119 system scenarios and compared our approach with four different reinforcement learning techniques. Our approach not only represents and models actions with high accuracy but also improves the ability of reinforcement learning agents in a variety of difficult levels of network systems.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135442916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Z-TCA: Fast Algorithm for Triadic Concept Analysis Using Zero-suppressed Decision Diagrams Z-TCA:基于零抑制决策图的三元概念分析快速算法
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.722
Siqi Peng, Akihiro Yamamoto
{"title":"Z-TCA: Fast Algorithm for Triadic Concept Analysis Using Zero-suppressed Decision Diagrams","authors":"Siqi Peng, Akihiro Yamamoto","doi":"10.2197/ipsjjip.31.722","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.722","url":null,"abstract":"We propose a fast algorithm called Z-TCA for triadic concept analysis (TCA). TCA is an extension of formal concept analysis (FCA), aiming at extracting ontologies by using mathematical order theories from a collection of ternary relations of three groups of variables: the object, attributes, and conditions. It finds various applications in fields like data mining and knowledge representation. However, the state-of-the-art TCA algorithms are suffering from the problem of low efficiency due to the complexity of the task. Attempts have been made to speed up the TCA process using a Binary Decision Diagram (BDD) or its improved version Zero-suppressed Decision Diagram (ZDD), while in this paper, we propose a new way to apply ZDD to TCA, named the Z-TCA algorithm. We conduct experiments on a real-world triadic context built from the IMDb database as well as some randomly-generated contexts and the results show that our Z-TCA algorithm can speed up the TCA process about 3 times compared to the baseline TRIAS algorithm. We also discover that when the density of the context exceeds 5%, our algorithm outperforms all other ZDD-based improved TCA algorithms and becomes the fastest choice for TCA.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136306846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Trial to Embed RAM Encryption Scheme in Cryptographic Programs 在密码程序中嵌入RAM加密方案的试验
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.700
Tsutomu Matsumoto, Junichi Sakamoto, Manami Suzuki, Dai Watanabe, Naoki Yoshida
{"title":"A Trial to Embed RAM Encryption Scheme in Cryptographic Programs","authors":"Tsutomu Matsumoto, Junichi Sakamoto, Manami Suzuki, Dai Watanabe, Naoki Yoshida","doi":"10.2197/ipsjjip.31.700","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.700","url":null,"abstract":"The RAM encryption encrypts the data on memory to prevent data leakage from an adversary to eavesdrop the memory space of the target program. The well-known implementation is Intel SGX, whose RAM encryption mechanism is definitely hardware dependent. In contrast, Watanabe et al. proposed a fully software-based RAM encryption scheme (SBRES). In this paper, we developed the tools for embedding the SBRES in C source codes for its practical application. We applied the tools to the source codes of some cryptographic implementations in Mbed TLS and confirmed that the tools successfully embedded the SBRES functionality in the cryptographic implementations.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135442900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Memory-saving LDoS Attacker Detection Algorithms in Zigbee Network Zigbee网络中节省内存的LDoS攻击者检测算法
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.537
Satoshi Okada, Kunio Akashi, Daisuke Miyamoto, Yuji Sekiya, Hideki Takase, Hiroshi Nakamura
{"title":"Memory-saving LDoS Attacker Detection Algorithms in Zigbee Network","authors":"Satoshi Okada, Kunio Akashi, Daisuke Miyamoto, Yuji Sekiya, Hideki Takase, Hiroshi Nakamura","doi":"10.2197/ipsjjip.31.537","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.537","url":null,"abstract":"Low-Rate denial of service (LDoS) attacks degrade the quality of service with less traffic than ordinary DoS attacks. LDoS attacks can easily evade conventional counter-DoS detection mechanisms because their time-averaged flow is small and, therefore, become a serious problem. With the recent spread of IoT devices, Zigbee has attracted much attention. Zigbee is a low-power wireless communication protocol that sacrifices transfer range and bandwidth. Since Zigbee consumes very low power, it is widely adopted for small inexpensive IoT devices. The advantage of the low power consumption of Zigbee is due to the indirect transmission. We have already pointed out LDoS attack methods exploiting the characteristics of the indirect transmission, proposed algorithms detecting attackers, and evaluated the accuracy of the algorithms. In this paper, we focus on memory efficient implementation of the algorithm. First, we found that straightforward implementation of the algorithm needs large memory. Then, we propose an improved implementation which requires much less memory. Furthermore, we implement it on a resource-constrained single-board computer and confirm that our proposed algorithm can work correctly with much less memory space and shorter execution time than our previously proposed method. These results prove that the proposed detection algorithm is feasible for a wider range of IoT devices.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"11 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135442913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Scaling Private Deep Learning with Low-rank and Sparse Gradients 基于低秩和稀疏梯度的私有深度学习缩放
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.748
Ryuichi Ito, Seng Pei Liew, Tsubasa Takahashi, Yuya Sasaki, Makoto Onizuka
{"title":"Scaling Private Deep Learning with Low-rank and Sparse Gradients","authors":"Ryuichi Ito, Seng Pei Liew, Tsubasa Takahashi, Yuya Sasaki, Makoto Onizuka","doi":"10.2197/ipsjjip.31.748","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.748","url":null,"abstract":"Applying Differentially Private Stochastic Gradient Descent (DPSGD) to training modern, large-scale neural networks such as transformer-based models is a challenging task, as the magnitude of noise added to the gradients at each iteration scale with model dimension, hindering the learning capability significantly. We propose a unified framework, LSG, that fully exploits the low-rank and sparse structure of neural networks to reduce the dimension of gradient updates, and hence alleviate the negative impacts of DPSGD. The gradient updates are first approximated with a pair of low-rank matrices. Then, a novel strategy is utilized to sparsify the gradients, resulting in low-dimensional, less noisy updates that are yet capable of retaining the performance of neural networks. Empirical evaluation on natural language processing and computer vision tasks shows that our method outperforms other state-of-the-art baselines.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135703738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Study on Quantized Parameters for Protection of a Model and Its Inference Input 模型及其推理输入保护的量化参数研究
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.667
Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz
{"title":"A Study on Quantized Parameters for Protection of a Model and Its Inference Input","authors":"Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz","doi":"10.2197/ipsjjip.31.667","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.667","url":null,"abstract":"Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol called MOTUS, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid deterioration in accuracy due to secure computation with modulo operations. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput by four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We have released our source code via GitHub.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135443080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Generation of IDS Signatures through Exhaustive Execution Path Exploration in PoC Codes for Vulnerabilities 通过穷举执行路径探索PoC代码漏洞生成IDS签名
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.591
Masaki Kobayashi, Yo Kanemoto, Daisuke Kotani, Yasuo Okabe
{"title":"Generation of IDS Signatures through Exhaustive Execution Path Exploration in PoC Codes for Vulnerabilities","authors":"Masaki Kobayashi, Yo Kanemoto, Daisuke Kotani, Yasuo Okabe","doi":"10.2197/ipsjjip.31.591","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.591","url":null,"abstract":"There have been many vulnerabilities, and we need prompt countermeasures. One factor that makes more rapid measures necessary is Proof of Concept (PoC) codes. Although they are released to promote vulnerability countermeasures, attackers can also abuse them. In this paper, we analyze PoC codes that send HTTP requests, then generate IDS signatures. To analyze codes, there are two policies: dynamic analysis and static analysis. However, the former cannot cover the execution paths, and the latter cannot analyze dynamically determined values. In addition, symbolic execution compensates for their shortcomings, but its implementation cost is high. We propose a signature generation method for PoC codes that send HTTP requests based on an analysis combining dynamic and static analysis. We first statically explore execution paths of the code by searching for the conditional branch syntax using the abstract syntax tree. Then, we rewrite the branch conditions to enforce the specific execution path and generate a new code corresponding to each path. Finally, we execute each code, generate the attack requests dynamically, and extract signatures. The average detection rate for the requests was 86.9%. Moreover, we tested the signatures for 30 codes by actually executing them, and for nine codes, we detected the attack.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135442887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automating the Detection of Fraudulent Activities in Online Banking Service 网上银行欺诈行为的自动检测
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.643
Ichiro Asomura, Ryo Iijima, Tatsuya Mori
{"title":"Automating the Detection of Fraudulent Activities in Online Banking Service","authors":"Ichiro Asomura, Ryo Iijima, Tatsuya Mori","doi":"10.2197/ipsjjip.31.643","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.643","url":null,"abstract":"Banks offering Online Banking services need to detect and prevent unauthorized electronic funds transfers to reduce financial crime risk. They monitor online banking transaction histories and use their own methods to detect and prevent unauthorized electronic fund transfers. However, unauthorized electronic fund transfers by criminals have not been eliminated. The average rate of false positives in the transaction monitoring systems installed in Japanese banks is up to 99%, indicating that the monitoring systems are not fully functional. Furthermore, the personnel responsible for fraud detection must manually check a large number of false positives, making it difficult for operators to be productive in their assigned tasks. Based on the above background, we develop a method to detect unauthorized electronic fund transfers and suspicious transactions with high accuracy using machine learning algorithms and evaluate its accuracy. Specifically, a supervised machine learning algorithm is applied to detect fraudulent transactions automatically. We evaluated the proposed method on a large set of online banking transaction data provided by a major Japanese bank for the period March 2019 to May 2020. We demonstrated that our approach could detect fraudulent activity with extremely high accuracy; FPR=0.000 and FNR=0.005 can be achieved for a security policy that minimizes false positives.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135443079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ASRA-Q: AI Security Risk Assessment by Selective Questions ASRA-Q:人工智能安全风险评估的选择性问题
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.654
Jun Yajima, Maki Inui, Takanori Oikawa, Fumiyoshi Kasahara, Kentaro Tsuji, Ikuya Morikawa, Nobukazu Yoshioka
{"title":"ASRA-Q: AI Security Risk Assessment by Selective Questions","authors":"Jun Yajima, Maki Inui, Takanori Oikawa, Fumiyoshi Kasahara, Kentaro Tsuji, Ikuya Morikawa, Nobukazu Yoshioka","doi":"10.2197/ipsjjip.31.654","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.654","url":null,"abstract":"In this paper, we propose a new framework for security risk assessment. To conduct security analysis efficiently, it is necessary for developers to assess the security risks of machine learning based system (MLS) by themselves, but existing technologies cannot be used to such a purpose. Using the proposed framework, MLS developers can assess the security risks of MLSs by themselves. Our framework consists of two phases. In the preparation phase, a machine learning security expert extracts conditions of adversarial attacks for each adversarial attack method and makes an attack tree for each attack method using the extracted conditions. In addition, they prepare yes/no questions corresponding to extracted conditions. In the assessment phase, MLS developers just answer yes/no questions, and the assessment results are shown. We asked some developers to evaluate our proposal by implementing the proposed framework. As a result, they found some vulnerabilities in MLSs they chose to analyze. We received positive comments from them as results of the questionnaire.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135443086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Extracting and Analyzing Cybersecurity Named Entity and its Relationship with Noncontextual IOCs from Unstructured Text of CTI Sources 从CTI源的非结构化文本中提取和分析网络安全命名实体及其与非上下文ioc的关系
Journal of Information Processing Pub Date : 2023-01-01 DOI: 10.2197/ipsjjip.31.578
Shota Fujii, Nobutaka Kawaguchi, Tomohiro Shigemoto, Toshihiro Yamauchi
{"title":"Extracting and Analyzing Cybersecurity Named Entity and its Relationship with Noncontextual IOCs from Unstructured Text of CTI Sources","authors":"Shota Fujii, Nobutaka Kawaguchi, Tomohiro Shigemoto, Toshihiro Yamauchi","doi":"10.2197/ipsjjip.31.578","DOIUrl":"https://doi.org/10.2197/ipsjjip.31.578","url":null,"abstract":"The increasing frequency and sophistication of cyberattacks makes it essential to keep up-to-date with threat information by using cyber threat intelligence (CTI). Structured CTI such as Structured Threat Information eXpression (STIX) is particularly useful because it can automate security operations such as updating FW/IDS rules and analyzing attack trends. However, as most CTIs are written in natural language, manual analysis with domain knowledge is required, which becomes quite time-consuming. In this work, we prose CyNER, a method for automatically structuring CTIs and converting them into STIX format. CyNER extracts named entities in the context of CTI and then extracts the relations between named entities and IOCs in order to convert them into STIX. In addition, by using key phrase extraction, CyNER can extract relations between IOCs that lack contextual information such as those listed at the bottom of a CTI, and named entities. We describe our design and implementation of CyNER and demonstrate that it can extract named entities with the F-measure of 0.80 and extract relations between named entities and IOCs with a maximum accuracy of 81.6%. Our analysis of structured CTI showed that CyNER can extract IOCs that are not included in existing reputation sites, and that it can automatically extract IOCs that have been exploited for a long time and across multiple attack groups. CyNER will therefore make CTI analysis more efficient.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135442888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信