2023 Fiscal Year Research-status Report
サイバー事案対処プロセス改良のための情報空間に基づく早期警戒
| Project/Area Number |
22KF0262
|
|---|
| Allocation Type | Multi-year Fund |
|---|
| Research Institution | Nara Institute of Science and Technology |
|---|
Principal Investigator |
門林 雄基 奈良先端科学技術大学院大学, 先端科学技術研究科, 教授 (00294158)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
BLUMBERGS BERNHARDS 奈良先端科学技術大学院大学, 先端科学技術研究科, 外国人特別研究員
|
|---|
| Project Period (FY) |
2023-03-08 – 2025-03-31
|
| Keywords | Situational awareness / Incident response / Threat intelligence / Distributed data mining |
|---|
| Outline of Annual Research Achievements |
Within the report period, main achievement is a successful prototype development, validation, and dataset collection. Complete prototype code and dataset are released publicly. It took unexpectedly significant time investment to research, develop, test, and validate the initial prototype as it is a novel concept and no existing related work has been identified. The work is described in a publication, which has been submitted and improved after receiving rejection from top-tier USENIX conference. The manuscript has been submitted to SECRYPT 2024 conference. Additionally, multiple invited presentations and guest lectures were given both domestically and internationally. As well as participating in conferences and community events to promote research and establish a professional network.
|
| Current Status of Research Progress |
Current Status of Research Progress
2: Research has progressed on the whole more than it was originally planned.
Reason
Developing a novel approach based on the current cutting-edge technologies in data science, machine learning, cloud infrastructure engineering, and software engineering has its implicit challenges. Code development using newly developed libraries poses risks of limited functionality, operations not in line with documentation, and fixing the library code to improve its stability. All of these challenges are unavoidable in a situation, where an applied contribution is developed to be practically used by the incident response community. All of the risks so far have been addressed to permit delayed but steady progress in reaching the specified objectives.
|
| Strategy for Future Research Activity |
Currently, ongoing work is focused on collected data parsing, clustering, and pattern detection. The work should result in a research paper. Although the applicable machine learning and clustering algorithms have been well researched, problems may arise with correct data representation for these algorithms to function appropriately. This will come down to dataset engineering, model applicability, and evaluation. The issues may be tackled by improving the raw data collection, representation, and parsing approaches, as well as, consultations with data science and machine learning experts.
|
| Causes of Carryover |
It took unexpectedly significant time investment to research, develop, test, and validate the initial prototype as it is a novel concept and no existing related work has been identified. The work is described in a publication, which has been submitted and improved after receiving rejection from top-tier USENIX conference. The manuscript has been submitted to SECRYPT 2024 conference.
|
| Remarks |
投稿中の論文が出版されたのち、Webサイトを更新予定です。
|
