著者

Xuping Huang Nobutaka Ono Akira Nishimura Isao Echizen

出版者

Information Processing Society of Japan

雑誌

Journal of Information Processing (ISSN:18826652)

巻号頁・発行日

vol.25, pp.469-476, 2017 (Released:2017-07-15)

参考文献数

28

被引用文献数

4

---

Reversible audio information hiding and sample-scanning methods are proposed for digital audio content to achieve detailed detection and localization of tampered positions in each frame. The method proposed in this study allows detecting multiple tampering and reusing reliable content as well as avoiding false detection which were impossible for other methods to simultaneously achieve. In the proposed method, the original signal is partitioned into fixed-length frames and then transformed into discrete cosine transform (DCT) coefficients by the integer modified DCT (intDCT). Expansion of the DCT coefficients is applied to embed a content-based hash as a payload. The integer DCT algorithm ensures the reversibility of the transform so that the original data and embedded payload can be perfectly restored to enable blind verification of the data integrity. The perceptual evaluation of speech quality (PESQ) with the listening quality objective mean opinion (MOSLQO), the segmental signal to noise ratio (segSNR), and subjective evaluation results show that the proposed algorithm provides good sound quality (MOSLQO and segSNR are respectively 4.41 and 23.31dB on average for a capacity of 8, 000bps). Detection and localization are accurate in terms of correctly localizing tampered frames in case of insertion or deletion.

著者

Xuping Huang Shunsuke Mochizuki Akira Fujita Katsunari Yoshioka

出版者

情報処理学会

雑誌

情報処理学会論文誌 (ISSN:18827764)

巻号頁・発行日

vol.64, no.3, 2023-03-15

---

In recent years, malware-infected devices, such as Mirai, have been used to conduct impactful attacks like massive DDoS attacks. Internet Service Providers (ISPs) respond by sending security notifications to infected users, instructing them to remove the malware; however, there are no approaches to quantify or simulate the performance and effectiveness of the notification activities. In this paper, we propose a model of security notification by ISPs. In the proposed model, we simulate the security notification with composite parameters, indicating the nature of malware attacks such as persistence of malware, user response ratio, and notification efforts by ISPs, and then discuss their effectiveness. Moreover, we conduct a simulation based on the actual attack.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.31(2023) (online)DOI http://dx.doi.org/10.2197/ipsjjip.31.165------------------------------

著者

Xuping Huang Akira Nishimura Isao Echizen

雑誌

研究報告コンピュータセキュリティ(CSEC)

巻号頁・発行日

vol.2011, no.8, pp.1-8, 2011-11-28

---

We propose and implement a content-based tampering detective steganography scheme using acoustic data with probative value in this paper. The purpose is to verify and identify malicious modification. Content-based hash function SHA-1 is adapted to detect tampering. After transforming data from time-domain to frequency domain using integer Discrete Cosine Transform (int-DCT), the amplitude of the highest frequency domain is expanded to reserve embedding capacity which is necessary for hiding hash value and index table for hiding. Lossless embedding and extraction algorithm ensure this scheme a reversible alternative scheme to meet the requirements of acoustic media with probative value. Hash digest is applied to data units after the original data is divided to frames to detect tampering in frame unit and to ensure the reversibility of the rest data even tampering occurs partially. The numerical simulation experiments on detection precise and acoustic degradation indicate that the proposed scheme satisfied highly variability and reversibility, while the acoustic degradation of stego data is imperceptible on the basis of the ITU-R BS.1387 (PEAQ) standard.We propose and implement a content-based tampering detective steganography scheme using acoustic data with probative value in this paper. The purpose is to verify and identify malicious modification. Content-based hash function SHA-1 is adapted to detect tampering. After transforming data from time-domain to frequency domain using integer Discrete Cosine Transform (int-DCT), the amplitude of the highest frequency domain is expanded to reserve embedding capacity which is necessary for hiding hash value and index table for hiding. Lossless embedding and extraction algorithm ensure this scheme a reversible alternative scheme to meet the requirements of acoustic media with probative value. Hash digest is applied to data units after the original data is divided to frames to detect tampering in frame unit and to ensure the reversibility of the rest data even tampering occurs partially. The numerical simulation experiments on detection precise and acoustic degradation indicate that the proposed scheme satisfied highly variability and reversibility, while the acoustic degradation of stego data is imperceptible on the basis of the ITU-R BS.1387 (PEAQ) standard.

著者

Koji NAKAO Katsunari YOSHIOKA Takayuki SASAKI Rui TANABE Xuping HUANG Takeshi TAKAHASHI Akira FUJITA Jun'ichi TAKEUCHI Noboru MURATA Junji SHIKATA Kazuki IWAMOTO Kazuki TAKADA Yuki ISHIDA Masaru TAKEUCHI Naoto YANAI

出版者

The Institute of Electronics, Information and Communication Engineers

雑誌

IEICE Transactions on Information and Systems (ISSN:09168532)

巻号頁・発行日

vol.E106.D, no.9, pp.1302-1315, 2023-09-01 (Released:2023-09-01)

参考文献数

40

---

In this paper, we developed the latest IoT honeypots to capture IoT malware currently on the loose, analyzed IoT malware with new features such as persistent infection, developed malware removal methods to be provided to IoT device users. Furthermore, as attack behaviors using IoT devices become more diverse and sophisticated every year, we conducted research related to various factors involved in understanding the overall picture of attack behaviors from the perspective of incident responders. As the final stage of countermeasures, we also conducted research and development of IoT malware disabling technology to stop only IoT malware activities in IoT devices and IoT system disabling technology to remotely control (including stopping) IoT devices themselves.

著者

Xuping Huang Shunsuke Mochizuki Akira Fujita Katsunari Yoshioka

出版者

Information Processing Society of Japan

雑誌

Journal of Information Processing (ISSN:18826652)

巻号頁・発行日

vol.31, pp.165-173, 2023 (Released:2023-03-15)

参考文献数

25

被引用文献数

1

---

In recent years, malware-infected devices, such as Mirai, have been used to conduct impactful attacks like massive DDoS attacks. Internet Service Providers (ISPs) respond by sending security notifications to infected users, instructing them to remove the malware; however, there are no approaches to quantify or simulate the performance and effectiveness of the notification activities. In this paper, we propose a model of security notification by ISPs. In the proposed model, we simulate the security notification with composite parameters, indicating the nature of malware attacks such as persistence of malware, user response ratio, and notification efforts by ISPs, and then discuss their effectiveness. Moreover, we conduct a simulation based on the actual attack.

著者

Xuping Huang Shunsuke Mochizuki Katsunari Yoshioka

出版者

情報処理学会

雑誌

情報処理学会論文誌 (ISSN:18827764)

巻号頁・発行日

vol.63, no.12, 2022-12-15

---

IoT malware Mirai and its variants continue to evolve and their activities consume network resources, particularly radio resources. This paper proposes a method to identify connection types and estimate the wireless uplink speed of malware-infected hosts observed by IoT honeypot by using the Connection Type Database of Maxmind's GeoIP2, a well-known industrial resource for IP address related information, and Network Diagnosis Tool (NDT) database, a measurement data set of the uplink speed of various networks. The proposed Mobile Network Identification method divides IP addresses into IP ranges assigned to each Autonomous System (AS), and then employs the NDT database based on the IP ranges. We analyzed the infected hosts observed by IoT honeypot to assess and validate the precision of the proposed technique. Our method estimates the maximum average uplink speed of the infected cellular host to be 40.6Mbps, which is between two reference measurement results of cellar networks, indicating the adequacy of the proposed method.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.30(2022) (online)DOI http://dx.doi.org/10.2197/ipsjjip.30.859------------------------------