進化するサイバー攻撃の検知のためのインターネット通信データプロファイリング

早大学位記番号:新7629早稲田大

Detecting Android Malware by Analyzing Manifest Files

The threat of Android malware has increased owing to the increasingpopularity of smartphones. Once an Android smartphone is infected with malware, theuser suffers from various damages, such as the theft of personal information stored in thesmartphones, the unintentional sending of short messages to premium-rate numberswithout the user’s knowledge, and the ability for the infected smartphones to be remotelyoperated and used for other malicious attacks. However, there are currently insufficientdefense mechanisms against Android malware. This study proposes a new method todetect Android malware. The new method analyzes only manifest files that are required inAndroid applications. It realizes a lightweight approach for detection, and its effectivenessis experimentally confirmed by employing real samples of Android malware. The resultshows that the new method can effectively detect Android malware, even when thesample is unknown

Detecting Phishing Sites Using ChatGPT

The rise of large language models (LLMs) has had a significant impact on various domains, including natural language processing and artificial intelligence. While LLMs such as ChatGPT have been extensively researched for tasks such as code generation and text synthesis, their application in detecting malicious web content, particularly phishing sites, has been largely unexplored. To combat the rising tide of automated cyber attacks facilitated by LLMs, it is imperative to automate the detection of malicious web content, which requires approaches that leverage the power of LLMs to analyze and classify phishing sites. In this paper, we propose a novel method that utilizes ChatGPT to detect phishing sites. Our approach involves leveraging a web crawler to gather information from websites and generate prompts based on this collected data. This approach enables us to detect various phishing sites without the need for fine-tuning machine learning models and identify social engineering techniques from the context of entire websites and URLs. To evaluate the performance of our proposed method, we conducted experiments using a dataset. The experimental results using GPT-4 demonstrated promising performance, with a precision of 98.3% and a recall of 98.4%. Comparative analysis between GPT-3.5 and GPT-4 revealed an enhancement in the latter's capability to reduce false negatives. These findings not only highlight the potential of LLMs in efficiently identifying phishing sites but also have significant implications for enhancing cybersecurity measures and protecting users from the dangers of online fraudulent activities

PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names

Domain squatting is a technique used by attackers to create domain names for phishing sites. In recent phishing attempts, we have observed many domain names that use multiple techniques to evade existing methods for domain squatting. These domain names, which we call generated squatting domains (GSDs), are quite different in appearance from legitimate domain names and do not contain brand names, making them difficult to associate with phishing. In this paper, we propose a system called PhishReplicant that detects GSDs by focusing on the linguistic similarity of domain names. We analyzed newly registered and observed domain names extracted from certificate transparency logs, passive DNS, and DNS zone files. We detected 3,498 domain names acquired by attackers in a four-week experiment, of which 2,821 were used for phishing sites within a month of detection. We also confirmed that our proposed system outperformed existing systems in both detection accuracy and number of domain names detected. As an in-depth analysis, we examined 205k GSDs collected over 150 days and found that phishing using GSDs was distributed globally. However, attackers intensively targeted brands in specific regions and industries. By analyzing GSDs in real time, we can block phishing sites before or immediately after they appear.Comment: Accepted at ACSAC 202

How L\'evy flights triggered by presence of defectors affect evolution of cooperation in spatial games

Cooperation among individuals has been key to sustaining societies. However, natural selection favors defection over cooperation. Cooperation can be favored when the mobility of individuals allows cooperators to form a cluster (or group). Mobility patterns of animals sometimes follow a L\'evy flight. A L\'evy flight is a kind of random walk but it is composed of many small movements with a few big movements. The role of L\'evy flights for cooperation has been studied by Antonioni and Tomassini. They showed that L\'evy flights promoted cooperation combined with conditional movements triggered by neighboring defectors. However, the optimal condition for neighboring defectors and how the condition changes by the intensity of L\'evy flights are still unclear. Here, we developed an agent-based model in a square lattice where agents perform L\'evy flights depending on the fraction of neighboring defectors. We systematically studied the relationships among three factors for cooperation: sensitivity to defectors, the intensity of L\'evy flights, and population density. Results of evolutionary simulations showed that moderate sensitivity most promoted cooperation. Then, we found that the shortest movements were best for cooperation when the sensitivity to defectors was high. In contrast, when the sensitivity was low, longer movements were best for cooperation. Thus, L\'evy flights, the balance between short and long jumps, promoted cooperation in any sensitivity, which was confirmed by evolutionary simulations. Finally, as the population density became larger, higher sensitivity was more beneficial for cooperation to evolve. Our study highlights that L\'evy flights are an optimal searching strategy not only for foraging but also for constructing cooperative relationships with others.Comment: 8 pages, 5 figure

Lymph node metastasis from colon carcinoma at 11 years after the initial operation managed by lymph node resection and chemoradiation: A case report and a review of the literature

AbstractINTRODUCTIONLymph node metastasis from colorectal cancer after a disease-free interval (DFI) of >5years is extremely rare, and occurs in <0.6% cases.PRESENTATION OF CASEA 60-year-old man underwent low anterior resection for sigmoid colon cancer. The lesion was an adenocarcinoma with no lymph node metastasis of Stage II. At 9years after the colectomy, he was diagnosed with prostate cancer and was treated with radiation and hormonal therapies; at 11years, he exhibited suddenly elevated carcinoembryonic antigen levels. Computed tomography (CT) and positron emission tomography-CT revealed a 2.0-cm para-aortic lymph nodes swelling invading the small intestine. These lymph nodes and the affected segment of the small intestine were resected, and histopathology of the resected specimen confirmed a metastatic tumor. The patient was administered radiation therapy after 22 cycles of 5-fluorouracil, oxaliplatin and leucovorin. He however presented with a residual lesion in the para-aortic lymph node, but currently, he has been symptom free for 4years.DISCUSSIONA review of the literature indicates that the median survival of all previously reported patients is 12months, and that colon cancer with a long DFI might be a slow growing. One of these patients and our patient both had received radiation and/or hormonal therapy for another cancer, which probably impaired their immune systems, thus resulting in metastatic tumors.CONCLUSIONWe report a case of lymph node metastasis after a DFI of >5years and review relevant literature to assess the significance and possible reasons for delayed colorectal cancer metastases

Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts

The rise in phishing attacks via e-mail and short message service (SMS) has not slowed down at all. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine, demonstrating that CrowdCanary is superior to existing systems in both accuracy and volume of threat extraction. We also analyzed users who shared phishing threats by utilizing the extracted phishing URLs and categorized them into two distinct groups - namely, experts and non-experts. As a result, we found that CrowdCanary could collect information that is specifically included in non-expert reports, such as information shared only by the company brand name in the tweet, information about phishing attacks that we find only in the image of the tweet, and information about the landing page before the redirect

The whole blood transcriptional regulation landscape in 465 COVID-19 infected samples from Japan COVID-19 Task Force

「コロナ制圧タスクフォース」COVID-19患者由来の血液細胞における遺伝子発現の網羅的解析 --重症度に応じた遺伝子発現の変化には、ヒトゲノム配列の個人差が影響する--. 京都大学プレスリリース. 2022-08-23.Coronavirus disease 2019 (COVID-19) is a recently-emerged infectious disease that has caused millions of deaths, where comprehensive understanding of disease mechanisms is still unestablished. In particular, studies of gene expression dynamics and regulation landscape in COVID-19 infected individuals are limited. Here, we report on a thorough analysis of whole blood RNA-seq data from 465 genotyped samples from the Japan COVID-19 Task Force, including 359 severe and 106 non-severe COVID-19 cases. We discover 1169 putative causal expression quantitative trait loci (eQTLs) including 34 possible colocalizations with biobank fine-mapping results of hematopoietic traits in a Japanese population, 1549 putative causal splice QTLs (sQTLs; e.g. two independent sQTLs at TOR1AIP1), as well as biologically interpretable trans-eQTL examples (e.g., REST and STING1), all fine-mapped at single variant resolution. We perform differential gene expression analysis to elucidate 198 genes with increased expression in severe COVID-19 cases and enriched for innate immune-related functions. Finally, we evaluate the limited but non-zero effect of COVID-19 phenotype on eQTL discovery, and highlight the presence of COVID-19 severity-interaction eQTLs (ieQTLs; e.g., CLEC4C and MYBL2). Our study provides a comprehensive catalog of whole blood regulatory variants in Japanese, as well as a reference for transcriptional landscapes in response to COVID-19 infection