37 research outputs found
Detecting Android Malware by Analyzing Manifest Files
The threat of Android malware has increased owing to the increasingpopularity of smartphones. Once an Android smartphone is infected with malware, theuser suffers from various damages, such as the theft of personal information stored in thesmartphones, the unintentional sending of short messages to premium-rate numberswithout the user’s knowledge, and the ability for the infected smartphones to be remotelyoperated and used for other malicious attacks. However, there are currently insufficientdefense mechanisms against Android malware. This study proposes a new method todetect Android malware. The new method analyzes only manifest files that are required inAndroid applications. It realizes a lightweight approach for detection, and its effectivenessis experimentally confirmed by employing real samples of Android malware. The resultshows that the new method can effectively detect Android malware, even when thesample is unknown
Detecting Phishing Sites Using ChatGPT
The rise of large language models (LLMs) has had a significant impact on
various domains, including natural language processing and artificial
intelligence. While LLMs such as ChatGPT have been extensively researched for
tasks such as code generation and text synthesis, their application in
detecting malicious web content, particularly phishing sites, has been largely
unexplored. To combat the rising tide of automated cyber attacks facilitated by
LLMs, it is imperative to automate the detection of malicious web content,
which requires approaches that leverage the power of LLMs to analyze and
classify phishing sites. In this paper, we propose a novel method that utilizes
ChatGPT to detect phishing sites. Our approach involves leveraging a web
crawler to gather information from websites and generate prompts based on this
collected data. This approach enables us to detect various phishing sites
without the need for fine-tuning machine learning models and identify social
engineering techniques from the context of entire websites and URLs. To
evaluate the performance of our proposed method, we conducted experiments using
a dataset. The experimental results using GPT-4 demonstrated promising
performance, with a precision of 98.3% and a recall of 98.4%. Comparative
analysis between GPT-3.5 and GPT-4 revealed an enhancement in the latter's
capability to reduce false negatives. These findings not only highlight the
potential of LLMs in efficiently identifying phishing sites but also have
significant implications for enhancing cybersecurity measures and protecting
users from the dangers of online fraudulent activities
PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names
Domain squatting is a technique used by attackers to create domain names for
phishing sites. In recent phishing attempts, we have observed many domain names
that use multiple techniques to evade existing methods for domain squatting.
These domain names, which we call generated squatting domains (GSDs), are quite
different in appearance from legitimate domain names and do not contain brand
names, making them difficult to associate with phishing. In this paper, we
propose a system called PhishReplicant that detects GSDs by focusing on the
linguistic similarity of domain names. We analyzed newly registered and
observed domain names extracted from certificate transparency logs, passive
DNS, and DNS zone files. We detected 3,498 domain names acquired by attackers
in a four-week experiment, of which 2,821 were used for phishing sites within a
month of detection. We also confirmed that our proposed system outperformed
existing systems in both detection accuracy and number of domain names
detected. As an in-depth analysis, we examined 205k GSDs collected over 150
days and found that phishing using GSDs was distributed globally. However,
attackers intensively targeted brands in specific regions and industries. By
analyzing GSDs in real time, we can block phishing sites before or immediately
after they appear.Comment: Accepted at ACSAC 202
How L\'evy flights triggered by presence of defectors affect evolution of cooperation in spatial games
Cooperation among individuals has been key to sustaining societies. However,
natural selection favors defection over cooperation. Cooperation can be favored
when the mobility of individuals allows cooperators to form a cluster (or
group). Mobility patterns of animals sometimes follow a L\'evy flight. A L\'evy
flight is a kind of random walk but it is composed of many small movements with
a few big movements. The role of L\'evy flights for cooperation has been
studied by Antonioni and Tomassini. They showed that L\'evy flights promoted
cooperation combined with conditional movements triggered by neighboring
defectors. However, the optimal condition for neighboring defectors and how the
condition changes by the intensity of L\'evy flights are still unclear. Here,
we developed an agent-based model in a square lattice where agents perform
L\'evy flights depending on the fraction of neighboring defectors. We
systematically studied the relationships among three factors for cooperation:
sensitivity to defectors, the intensity of L\'evy flights, and population
density. Results of evolutionary simulations showed that moderate sensitivity
most promoted cooperation. Then, we found that the shortest movements were best
for cooperation when the sensitivity to defectors was high. In contrast, when
the sensitivity was low, longer movements were best for cooperation. Thus,
L\'evy flights, the balance between short and long jumps, promoted cooperation
in any sensitivity, which was confirmed by evolutionary simulations. Finally,
as the population density became larger, higher sensitivity was more beneficial
for cooperation to evolve. Our study highlights that L\'evy flights are an
optimal searching strategy not only for foraging but also for constructing
cooperative relationships with others.Comment: 8 pages, 5 figure
Lymph node metastasis from colon carcinoma at 11 years after the initial operation managed by lymph node resection and chemoradiation: A case report and a review of the literature
AbstractINTRODUCTIONLymph node metastasis from colorectal cancer after a disease-free interval (DFI) of >5years is extremely rare, and occurs in <0.6% cases.PRESENTATION OF CASEA 60-year-old man underwent low anterior resection for sigmoid colon cancer. The lesion was an adenocarcinoma with no lymph node metastasis of Stage II. At 9years after the colectomy, he was diagnosed with prostate cancer and was treated with radiation and hormonal therapies; at 11years, he exhibited suddenly elevated carcinoembryonic antigen levels. Computed tomography (CT) and positron emission tomography-CT revealed a 2.0-cm para-aortic lymph nodes swelling invading the small intestine. These lymph nodes and the affected segment of the small intestine were resected, and histopathology of the resected specimen confirmed a metastatic tumor. The patient was administered radiation therapy after 22 cycles of 5-fluorouracil, oxaliplatin and leucovorin. He however presented with a residual lesion in the para-aortic lymph node, but currently, he has been symptom free for 4years.DISCUSSIONA review of the literature indicates that the median survival of all previously reported patients is 12months, and that colon cancer with a long DFI might be a slow growing. One of these patients and our patient both had received radiation and/or hormonal therapy for another cancer, which probably impaired their immune systems, thus resulting in metastatic tumors.CONCLUSIONWe report a case of lymph node metastasis after a DFI of >5years and review relevant literature to assess the significance and possible reasons for delayed colorectal cancer metastases
Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts
The rise in phishing attacks via e-mail and short message service (SMS) has
not slowed down at all. The first thing we need to do to combat the
ever-increasing number of phishing attacks is to collect and characterize more
phishing cases that reach end users. Without understanding these
characteristics, anti-phishing countermeasures cannot evolve. In this study, we
propose an approach using Twitter as a new observation point to immediately
collect and characterize phishing cases via e-mail and SMS that evade
countermeasures and reach users. Specifically, we propose CrowdCanary, a system
capable of structurally and accurately extracting phishing information (e.g.,
URLs and domains) from tweets about phishing by users who have actually
discovered or encountered it. In our three months of live operation,
CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We
confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the
anti-virus engine, demonstrating that CrowdCanary is superior to existing
systems in both accuracy and volume of threat extraction. We also analyzed
users who shared phishing threats by utilizing the extracted phishing URLs and
categorized them into two distinct groups - namely, experts and non-experts. As
a result, we found that CrowdCanary could collect information that is
specifically included in non-expert reports, such as information shared only by
the company brand name in the tweet, information about phishing attacks that we
find only in the image of the tweet, and information about the landing page
before the redirect
The whole blood transcriptional regulation landscape in 465 COVID-19 infected samples from Japan COVID-19 Task Force
「コロナ制圧タスクフォース」COVID-19患者由来の血液細胞における遺伝子発現の網羅的解析 --重症度に応じた遺伝子発現の変化には、ヒトゲノム配列の個人差が影響する--. 京都大学プレスリリース. 2022-08-23.Coronavirus disease 2019 (COVID-19) is a recently-emerged infectious disease that has caused millions of deaths, where comprehensive understanding of disease mechanisms is still unestablished. In particular, studies of gene expression dynamics and regulation landscape in COVID-19 infected individuals are limited. Here, we report on a thorough analysis of whole blood RNA-seq data from 465 genotyped samples from the Japan COVID-19 Task Force, including 359 severe and 106 non-severe COVID-19 cases. We discover 1169 putative causal expression quantitative trait loci (eQTLs) including 34 possible colocalizations with biobank fine-mapping results of hematopoietic traits in a Japanese population, 1549 putative causal splice QTLs (sQTLs; e.g. two independent sQTLs at TOR1AIP1), as well as biologically interpretable trans-eQTL examples (e.g., REST and STING1), all fine-mapped at single variant resolution. We perform differential gene expression analysis to elucidate 198 genes with increased expression in severe COVID-19 cases and enriched for innate immune-related functions. Finally, we evaluate the limited but non-zero effect of COVID-19 phenotype on eQTL discovery, and highlight the presence of COVID-19 severity-interaction eQTLs (ieQTLs; e.g., CLEC4C and MYBL2). Our study provides a comprehensive catalog of whole blood regulatory variants in Japanese, as well as a reference for transcriptional landscapes in response to COVID-19 infection