Towards information space-based early warning system for enhancing cyber-incident response process
| Project/Area Number |
22KF0262
|
|---|
| Project/Area Number (Other) |
22F22377 (2022)
|
|---|
| Research Category |
Grant-in-Aid for JSPS Fellows
|
| Allocation Type | Multi-year Fund (2023)
Single-year Grants (2022) |
|---|
| Section | 外国 |
|---|
| Review Section |
Basic Section 60070:Information security-related
|
|---|
| Research Institution | Nara Institute of Science and Technology |
|---|
Principal Investigator |
門林 雄基 奈良先端科学技術大学院大学, 先端科学技術研究科, 教授 (00294158)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
BLUMBERGS BERNHARDS 奈良先端科学技術大学院大学, 先端科学技術研究科, 外国人特別研究員
|
|---|
| Project Period (FY) |
2023-03-08 – 2025-03-31
|
| Project Status |
Granted (Fiscal Year 2023)
|
| Budget Amount *help |
¥2,200,000 (Direct Cost: ¥2,200,000)
Fiscal Year 2024: ¥1,000,000 (Direct Cost: ¥1,000,000)
Fiscal Year 2023: ¥1,100,000 (Direct Cost: ¥1,100,000)
Fiscal Year 2022: ¥100,000 (Direct Cost: ¥100,000)
|
|---|
| Keywords | Situational awareness / Incident response / Threat intelligence / Distributed data mining / サイバーセキュリティ |
|---|
| Outline of Research at the Start |
Research focuses on early warning system prototype development and validation, to augment existing incident response capabilities. The prototype aims at collection and assessment of relevant publicly accessible information space from a variety of positions within global Internet.
|
| Outline of Annual Research Achievements |
Within the report period, main achievement is a successful prototype development, validation, and dataset collection. Complete prototype code and dataset are released publicly. It took unexpectedly significant time investment to research, develop, test, and validate the initial prototype as it is a novel concept and no existing related work has been identified. The work is described in a publication, which has been submitted and improved after receiving rejection from top-tier USENIX conference. The manuscript has been submitted to SECRYPT 2024 conference. Additionally, multiple invited presentations and guest lectures were given both domestically and internationally. As well as participating in conferences and community events to promote research and establish a professional network.
|
| Current Status of Research Progress |
Current Status of Research Progress
2: Research has progressed on the whole more than it was originally planned.
Reason
Developing a novel approach based on the current cutting-edge technologies in data science, machine learning, cloud infrastructure engineering, and software engineering has its implicit challenges. Code development using newly developed libraries poses risks of limited functionality, operations not in line with documentation, and fixing the library code to improve its stability. All of these challenges are unavoidable in a situation, where an applied contribution is developed to be practically used by the incident response community. All of the risks so far have been addressed to permit delayed but steady progress in reaching the specified objectives.
|
| Strategy for Future Research Activity |
Currently, ongoing work is focused on collected data parsing, clustering, and pattern detection. The work should result in a research paper. Although the applicable machine learning and clustering algorithms have been well researched, problems may arise with correct data representation for these algorithms to function appropriately. This will come down to dataset engineering, model applicability, and evaluation. The issues may be tackled by improving the raw data collection, representation, and parsing approaches, as well as, consultations with data science and machine learning experts.
|
Report
(2 results)
Research Products
(10 results)
