With the advancements in artificial intelligence(AI)technology,attackers are increasingly using sophisticated techniques,including ChatGPT.Endpoint Detection&Response(EDR)is a system that detects and responds to s...With the advancements in artificial intelligence(AI)technology,attackers are increasingly using sophisticated techniques,including ChatGPT.Endpoint Detection&Response(EDR)is a system that detects and responds to strange activities or security threats occurring on computers or endpoint devices within an organization.Unlike traditional antivirus software,EDR is more about responding to a threat after it has already occurred than blocking it.This study aims to overcome challenges in security control,such as increased log size,emerging security threats,and technical demands faced by control staff.Previous studies have focused on AI detection models,emphasizing detection rates and model performance.However,the underlying reasons behind the detection results were often insufficiently understood,leading to varying outcomes based on the learning model.Additionally,the presence of both structured or unstructured logs,the growth in new security threats,and increasing technical disparities among control staff members pose further challenges for effective security control.This study proposed to improve the problems of the existing EDR system and overcome the limitations of security control.This study analyzed data during the preprocessing stage to identify potential threat factors that influence the detection process and its outcomes.Additionally,eleven commonly-used machine learning(ML)models for malware detection in XAI were tested,with the five models showing the highest performance selected for further analysis.Explainable AI(XAI)techniques are employed to assess the impact of preprocessing on the learning process outcomes.To ensure objectivity and versatility in the analysis,five widely recognized datasets were used.Additionally,eleven commonly-used machine learning models for malware detection in XAI were tested with the five models showing the highest performance selected for further analysis.The results indicate that eXtreme Gradient Boosting(XGBoost)model outperformed others.Moreover,the study conducts an in-depth analysis of the preprocessing phase,tracing backward from the detection result to infer potential threats and classify the primary variables influencing the model’s prediction.This analysis includes the application of SHapley Additive exPlanations(SHAP),an XAI result,which provides insight into the influence of specific features on detection outcomes,and suggests potential breaches by identifying common parameters in malware through file backtracking and providing weights.This study also proposed a counter-detection analysis process to overcome the limitations of existing Deep Learning outcomes,understand the decision-making process of AI,and enhance reliability.These contributions are expected to significantly enhance EDR systems and address existing limitations in security control.展开更多
Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more t...Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.展开更多
As the space gradually becomes a multi-polar and industrialized battlefield, we human beings are entering Space 3.0. In this new era, existing international rules on space arms control can no longer effectively addres...As the space gradually becomes a multi-polar and industrialized battlefield, we human beings are entering Space 3.0. In this new era, existing international rules on space arms control can no longer effectively address increasing security risks such as arms races, armed conflicts, collisions of space objects and competition for space resources. We need more than ever to achieve consensus on space security in the new era to build new space security order.展开更多
基金supported by Innovative Human Resource Development for Local Intellectualization program through the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(IITP-2024-RS-2022-00156287,50%)supported by the MSIT(Ministry of Science and ICT),Republic of Korea,under the Convergence Security Core Talent Training Business Support Program(IITP-2024-RS-2022-II221203,50%)supervised by the IITP(Institute of Information&Communications Technology Planning&Evaluation).
文摘With the advancements in artificial intelligence(AI)technology,attackers are increasingly using sophisticated techniques,including ChatGPT.Endpoint Detection&Response(EDR)is a system that detects and responds to strange activities or security threats occurring on computers or endpoint devices within an organization.Unlike traditional antivirus software,EDR is more about responding to a threat after it has already occurred than blocking it.This study aims to overcome challenges in security control,such as increased log size,emerging security threats,and technical demands faced by control staff.Previous studies have focused on AI detection models,emphasizing detection rates and model performance.However,the underlying reasons behind the detection results were often insufficiently understood,leading to varying outcomes based on the learning model.Additionally,the presence of both structured or unstructured logs,the growth in new security threats,and increasing technical disparities among control staff members pose further challenges for effective security control.This study proposed to improve the problems of the existing EDR system and overcome the limitations of security control.This study analyzed data during the preprocessing stage to identify potential threat factors that influence the detection process and its outcomes.Additionally,eleven commonly-used machine learning(ML)models for malware detection in XAI were tested,with the five models showing the highest performance selected for further analysis.Explainable AI(XAI)techniques are employed to assess the impact of preprocessing on the learning process outcomes.To ensure objectivity and versatility in the analysis,five widely recognized datasets were used.Additionally,eleven commonly-used machine learning models for malware detection in XAI were tested with the five models showing the highest performance selected for further analysis.The results indicate that eXtreme Gradient Boosting(XGBoost)model outperformed others.Moreover,the study conducts an in-depth analysis of the preprocessing phase,tracing backward from the detection result to infer potential threats and classify the primary variables influencing the model’s prediction.This analysis includes the application of SHapley Additive exPlanations(SHAP),an XAI result,which provides insight into the influence of specific features on detection outcomes,and suggests potential breaches by identifying common parameters in malware through file backtracking and providing weights.This study also proposed a counter-detection analysis process to overcome the limitations of existing Deep Learning outcomes,understand the decision-making process of AI,and enhance reliability.These contributions are expected to significantly enhance EDR systems and address existing limitations in security control.
基金supported by the Key R and D Programs of Zhejiang Province under Grant No.2022C01018the Natural Science Foundation of Zhejiang Province under Grant No.LQ20F020019.
文摘Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.
文摘As the space gradually becomes a multi-polar and industrialized battlefield, we human beings are entering Space 3.0. In this new era, existing international rules on space arms control can no longer effectively address increasing security risks such as arms races, armed conflicts, collisions of space objects and competition for space resources. We need more than ever to achieve consensus on space security in the new era to build new space security order.
