WEKO3
アイテム
Efficient Curation of ICS Cybersecurity Information Using Large Language Models
https://ipsj.ixsq.nii.ac.jp/records/242312
https://ipsj.ixsq.nii.ac.jp/records/242312d6c8c036-ad93-4575-8ee5-1e14f98282c3
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-TDP0601004.pdf (4.3 MB)
|
Copyright (c) 2025 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Trans(1) | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2025-01-15 | |||||||||||||
| タイトル | ||||||||||||||
| タイトル | Efficient Curation of ICS Cybersecurity Information Using Large Language Models | |||||||||||||
| タイトル | ||||||||||||||
| 言語 | en | |||||||||||||
| タイトル | Efficient Curation of ICS Cybersecurity Information Using Large Language Models | |||||||||||||
| 言語 | ||||||||||||||
| 言語 | eng | |||||||||||||
| キーワード | ||||||||||||||
| 主題Scheme | Other | |||||||||||||
| 主題 | [特集号投稿論文] curation, industrial control system, LLM | |||||||||||||
| 資源タイプ | ||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
| 資源タイプ | journal article | |||||||||||||
| 著者所属 | ||||||||||||||
| Nagoya Institute of Technology | ||||||||||||||
| 著者所属 | ||||||||||||||
| Toyo University | ||||||||||||||
| 著者所属 | ||||||||||||||
| Toyo University | ||||||||||||||
| 著者所属 | ||||||||||||||
| Nagoya Institute of Technology | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Nagoya Institute of Technology | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Toyo University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Toyo University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Nagoya Institute of Technology | ||||||||||||||
| 著者名 |
Wataru, Matsuda
× Wataru, Matsuda
× Mariko, Fujimoto
× Takuho, Mitsunaga
× Kenji, Watanabe
|
|||||||||||||
| 著者名(英) |
Wataru, Matsuda
× Wataru, Matsuda
× Mariko, Fujimoto
× Takuho, Mitsunaga
× Kenji, Watanabe
|
|||||||||||||
| 論文抄録 | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | In recent years, control systems have rapidly advanced and increasingly tend to be connected to IT networks and the Internet. In environments where IT and Industrial Control Systems (ICS) are interconnected, there is a risk of intrusion via the IT network. Nowadays, IT technologies are integrated into ICS, so it is crucial to consider IT attack risks in ICS environments in addition to ICS-specific attacks. A vast amount of information on attack tools and cyberattack reports has been published.Security analysts must analyze or meticulously read this information to determine if the attacks are relevant to their organization and how they should be defended against, necessitating a curation process. However, understanding the content of all published attack methods and reports properly requires significant resources, including costs and skills based on experience. Therefore, this research investigates the practical use of Large Language Models (LLMs) for extracting information beneficial to an organization's security measures efficiently. Specifically, we examined whether it is possible to identify protocols and ports from public information that could be exploited in attacks.These information are helpful in preventing or monitoring these attacks using tools such as firewalls, even if timely security updates are difficult. This examination was conducted from the following two perspectives: ・Extracting port numbers to be protected and monitored against attacks targeting IT networks, especially Windows environments, based on Proof of Concept (PoC) information on the Internet. ・From the perspective of ICS networks, extracting exploited protocols, port numbers, and product names from past ICS-related reports. The goal of the research is to prepare for attacks in advance, identify exploitable products and protocols. The results obtained from the proposed method can be utilized for mitigation and enhanced monitoring. Furthermore, they can also be applied to risk assessment and penetration testing. Using the proposed method, we were able to extract port numbers with a potential for misuse in IT attacks with a 60.0% correct response rate. For ICS, we achieved an 81.8% correct response rate in extracting potentially exploited port numbers and protocol names, and a 72.7% correct response rate in identifying target products. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.33(2025) (online) ------------------------------ |
|||||||||||||
| 論文抄録(英) | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | In recent years, control systems have rapidly advanced and increasingly tend to be connected to IT networks and the Internet. In environments where IT and Industrial Control Systems (ICS) are interconnected, there is a risk of intrusion via the IT network. Nowadays, IT technologies are integrated into ICS, so it is crucial to consider IT attack risks in ICS environments in addition to ICS-specific attacks. A vast amount of information on attack tools and cyberattack reports has been published.Security analysts must analyze or meticulously read this information to determine if the attacks are relevant to their organization and how they should be defended against, necessitating a curation process. However, understanding the content of all published attack methods and reports properly requires significant resources, including costs and skills based on experience. Therefore, this research investigates the practical use of Large Language Models (LLMs) for extracting information beneficial to an organization's security measures efficiently. Specifically, we examined whether it is possible to identify protocols and ports from public information that could be exploited in attacks.These information are helpful in preventing or monitoring these attacks using tools such as firewalls, even if timely security updates are difficult. This examination was conducted from the following two perspectives: ・Extracting port numbers to be protected and monitored against attacks targeting IT networks, especially Windows environments, based on Proof of Concept (PoC) information on the Internet. ・From the perspective of ICS networks, extracting exploited protocols, port numbers, and product names from past ICS-related reports. The goal of the research is to prepare for attacks in advance, identify exploitable products and protocols. The results obtained from the proposed method can be utilized for mitigation and enhanced monitoring. Furthermore, they can also be applied to risk assessment and penetration testing. Using the proposed method, we were able to extract port numbers with a potential for misuse in IT attacks with a 60.0% correct response rate. For ICS, we achieved an 81.8% correct response rate in extracting potentially exploited port numbers and protocol names, and a 72.7% correct response rate in identifying target products. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.33(2025) (online) ------------------------------ |
|||||||||||||
| 書誌レコードID | ||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||
| 収録物識別子 | AA12894091 | |||||||||||||
| 書誌情報 |
情報処理学会論文誌デジタルプラクティス(TDP) 巻 6, 号 1, 発行日 2025-01-15 |
|||||||||||||
| ISSN | ||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||
| 収録物識別子 | 2435-6484 | |||||||||||||
| 出版者 | ||||||||||||||
| 言語 | ja | |||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||
