Kazumasa Omote’s research while affiliated with University of Tsukuba and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (140)


Correction to: An intrinsic evaluator for embedding methods in malicious URL detection
  • Article
  • Full-text available

January 2025

·

1 Read

Qisheng Chen

·

Kazumasa Omote
Download

A Machine Learning Based Three-step Framework for Malicious URL Detection

December 2024

·

1 Read

Journal of Information Processing

Malicious URL is a security problem that has plagued the Internet for a long time. Previously, people usually used the method of establishing blacklists to distinguish between malicious URLs and benign URLs, but to solve the shortcomings of using blacklist method to detect malicious URLs, such as slow update speed, the research of using machine learning to detect malicious URLs is increasing. These research projects have proposed their own methods and obtained great accuracy, but the summary research on malicious URLs detection is insufficient. In this paper, we propose a three-step framework: Segmentation step, Embedding step and Machine Learning step, for malicious URLs detection, which makes sense for systematically summarizing different machine learning based malicious URL detection methods. We overview 14 related works by our three-step framework and find that almost all research on malicious URLs detection using machine learning can be classified by the three-step framework. We evaluate some context-considering methods, the methods that consider the corpus's context during the vector generation, and machine learning models to test their suitability using our three-step framework. According to the results, we verify the importance of considering context and find that context-considering embedding methods are more important and the malicious URLs detection accuracy improved with context-considering methods.


Process of extrinsic evaluation
Process of intrinsic evaluation
Comparison of intrinsic and extrinsic results about related works
Extrinsic score (F-1 score) comparison of URL embedding method with 50% ratio of benign/malicious
Extrinsic score (F-1 score) comparison of URL embedding method with 10% ratio of benign/malicious

+4

An intrinsic evaluator for embedding methods in malicious URL detection

December 2024

·

10 Reads

Nowadays, machine learning is used in many fields. Not only in fields such as image recognition, machine learning is also used for malicious detection. Especially in recent years, there have been many studies using machine learning for malicious URL detection to replace traditional blacklists. In order to compare the performance of the malicious URLs detection method, researches used the F-score or other detection accuracy to evaluate, but there are some difficulties in evaluating the URL embedding method used in malicious URLs detection because the detection accuracy is also effect by machine learning or deep learning models and data sets. An evaluation method of URL embedding method that is not affected by other factors is particularly important. In this paper, we proposed an intrinsic evaluation method for URL embedding method that is not affected by machine learning models or deep learning models and data sets. Besides, We analyse some URL embedding methods according to intrinsic and extrinsic methods and offer a guidance in selecting suitable embedding methods in URL by analysing the results.


AESP’s brief algorithm.
An algorithm for posting the doctor’s DH public key.
Verification of ECDSA signature.
Overall Diagram
Emergency Medical Access Control System Based on Public Blockchain

September 2024

·

23 Reads

Journal of Medical Systems

IT has made significant progress in various fields over the past few years, with many industries transitioning from paper-based to electronic media. However, sharing electronic medical records remains a long-term challenge, particularly when patients are in emergency situations, making it difficult to access and control their medical information. Previous studies have proposed permissioned blockchains with limited participants or mechanisms that allow emergency medical information sharing to pre-designated participants. However, permissioned blockchains require prior participation by medical institutions, and limiting sharing entities restricts the number of potential partners. This means that sharing medical information with local emergency doctors becomes impossible if a patient is unconscious and far away from home, such as when traveling abroad. To tackle this challenge, we propose an emergency access control system for a global electronic medical information system that can be shared using a public blockchain, allowing anyone to participate. Our proposed system assumes that the patient wears a pendant with tamper-proof and biometric authentication capabilities. In the event of unconsciousness, emergency doctors can perform biometrics on behalf of the patient, allowing the family doctor to share health records with the emergency doctor through a secure channel that uses the Diffie-Hellman (DH) key exchange protocol. The pendant’s biometric authentication function prevents unauthorized use if it is stolen, and we have tested the blockchain’s fee for using the public blockchain, demonstrating that the proposed system is practical.


EtherWatch: A Framework for Detecting Suspicious Ethereum Accounts and Their Activities

September 2024

·

29 Reads

Journal of Information Processing

Takayuki Sasaki

·

Jia Wang

·

Kazumasa Omote

·

[...]

·

In recent years, Ethereum, which is a leading application for realizing blockchain services, has received much attention for its usability and functionality. Ethereum executes smart contracts and arbitrary programmable calculations, in addition to cryptocurrency trading. However, cyberattacks target misconfigured Ethereum clients with application programming interface (API) enabled, specifically JSON-RPC. Herein, we propose EtherWatch, a framework to detect and analyze malicious and/or suspicious Ethereum accounts using three data sources (a honeypot, an internet-wide scanner, and a blockchain explorer). The honeypot, named Etherpot, leverages a proxy server placed between a real Ethereum client and the internet. It modifies client responses to attract attackers, identifies malicious accounts, and analyzes their behaviors. Using scan results from Shodan, we also detect suspicious Ethereum accounts registered on multiple nodes. Finally, we utilize Etherscan, a well-known blockchain explorer, to track and analyze the activities of the detected accounts. During six weeks of observations, we discovered 538 hosts attempting to call JSON-RPC of our honeypots using 41 types of methods, including a type of unreported attack in the wild. Specifically, we observed account hijacking, mining, and smart contract attacks. We detected 16 malicious accounts using the honeypots and 64 suspicious accounts from the Shodan scan results, with five overlapping accounts. Finally, from Etherscan, we collected records of activities related to the detected accounts, including transactions of 21.50 ETH and mining of 22.61 ETH (equivalent to 39,494 USand41,533US and 41,533 US, respectively, as of June 9, 2023).


An efficient blockchain-based authentication scheme with transferability

September 2024

·

87 Reads

·

1 Citation

In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.


Reducing Security Fatigue in Visually Impaired University Students through Problem Posing

August 2024

·

8 Reads

Journal of Information Processing

Information security measures are essential for users of information and communication technology (ICT). This necessity may lead to mental exhaustion (i.e., security fatigue) due to the troublesome and time-consuming measures. It has already been shown that security fatigue prevents the effectiveness of information security measures. However, there are no studies on security fatigue for the visually impaired, so there is a problem that the results of studies conducted for the sighted cannot be applied to the visually impaired. It is necessary to propose methods to reduce the degree of fatigue, not only for those with low levels of security measures, but also for those with high fatigue, because the levels of security measures may decrease as the fatigue level accumulates. In this study, we analyze only visually impaired university students about the relationship between the degree of security fatigue and the degree of taking security measures. From this point of view, we propose new two security education methods that will contribute to an increase in the levels of taking security measures for the visually impaired. Thus, in response to these security education methods, we engage in problem-posing activities during individual interviews and analyze the vital aspects of screen-reader education.




Recent Research Activities in Blockchain Technology Focusing on Securityセキュリティに焦点を当てたブロックチェーン技術の最新の研究動向

July 2024

·

1 Read

IEICE ESS FUNDAMENTALS REVIEW

Blockchains are a technology that is attracting a lot of research attention in various fields such as finance and healthcare. However, there are reports of cyberattacks on blockchains and crypto-assets, resulting in the theft of huge amounts of cryptoassets. In this article, we focus on the security aspects of blockchains and crypto-assets, and discuss recent topics and research activities on the risk and security of blockchains and secure systems applying blockchains.


Citations (57)


... However, they remain vulnerable to scalability issues, privacy risks, and single points of failure. In contrast, decentralised systems offer enhanced security, scalability, and user control but are more complex and costly to implement [8,11]. ...

Reference:

A Comparative Survey of Centralised and Decentralised Identity Management Systems: Analysing Scalability, Security, and Feasibility
An efficient blockchain-based authentication scheme with transferability

... The preliminary version of this paper was presented at IFIPSEC 2023 [1]. This paper added more relative research of malicious URLs detection and used our new evaluation method to evaluated these relative research. ...

Toward the Establishment of Evaluating URL Embedding Methods Using Intrinsic Evaluator via Malicious URLs Detection
  • Citing Chapter
  • April 2024

IFIP Advances in Information and Communication Technology

... They then apply various quantitative analyses to identify leading countries in terms of publication output, examine collaboration patterns, and assess research impact through citation metrics, as discussed in Obreja [16]. For instance, studies by Loan, Bisma, and Nahida [17], Omote et al. [18], Dhawan, Gupta, and Elango [19], and Ravi and Palaniappan [20] consistently found the United States and China to be dominant contributors in their respective fields, with other countries like India, the UK, and various European nations also showing significant output. These analyses often reveal trends in research topics, such as the shift from Bitcoin to broader blockchain applications noted in several blockchain-related studies. ...

A Scientometrics Analysis of Cybersecurity Using e-CSTI

IEEE Access

... Digital ID is a common method to prove the user's identity to the system [14,15]. Blockchain is also used to enhance the integrity of data in the authentication process [16,17]. The characteristic of CA is that authentication does not require physical contact. ...

Efficient Authentication System Based On Blockchain Using eID card
  • Citing Conference Paper
  • December 2023

... Their findings are aligned with those reported in [35]. In [42], the authors proposed a game theory model to estimate the gains received by selfish miners in the presence of invalid blocks in blockchain networks, considering different configurations of block interval time, block verification time, and mining hash rates. ...

The Validator’s Dilemma in PoW Blockchain: An Evolutionary Game Perspective
  • Citing Conference Paper
  • December 2023

... This study contributes to the existing literature on cryptocurrency adoption by offering a detailed analysis of the Slovak market, which has been underexplored in previous research. Unlike prior studies that focus on technical aspects or security challenges (Uchibori et al., 2024;Xu and Yu, 2024), this research emphasizes the marketing and consumer behavior perspective, providing actionable insights for practitioners. Moreover, incorporating emotional engagement strategies, as suggested by Vamossy (2021, could enhance the effectiveness of promotional campaigns by addressing the psychological and social factors influencing consumer decisions. ...

Honeypot Method to Lure Attackers Without Holding Crypto-Assets

IEEE Access

... Data Collaboration utilizes dimension reduction as a means of privacy protection. While evaluations of primary component analysis as a privacy-preserving method have been reported [6], [7], these researches only experimentally show that an attack accuracy decreases by dimension reduction, lacking theoretical privacy analysis. ...

A study of the privacy perspective on principal component analysis via a realistic attack model
  • Citing Conference Paper
  • December 2022

... Given the niche area of NFT research, especially in cybersecurity solutions, only a few papers attempted to investigate this problem, as summarized in Table XIII. Kimura et al. [277] proposed a distributed authenticity verification scheme integrating blockchain technology and deep learning. The study addresses blockchain poisoning, where malicious data aims to compromise blockchain integrity, focusing on NFTs as they are increasingly susceptible to such threats due to their growing popularity and market value. ...

A Distributed Authenticity Verification Scheme Using Deep Learning for NFT Market
  • Citing Conference Paper
  • April 2023

... Decentralized alternatives to digital signature management could help to avoid these problems. Specifically, smart contracts deployed on distributed ledgers could potentially issue digital signatures without the need for a centralized authority (Omote 2023). The smart contracts would be publicly verifiable and are immutable as long as the integrity and availability of the distributed ledger as a whole, in contrast to a single trusted authority, is ensured. ...

Towards Decentralized Autonomous Digital Signatures Using Smart Contracts
  • Citing Conference Paper
  • January 2023

... In recent years, a growing body of research has explored the potential applications of blockchain technology within single private organizations, focusing on enhancing trust, data integrity, and security. The studies conducted by Omote and Kazumasa [19] propose a novel permissionless private blockchain framework that can be self-managed and maintained by a single organization. This approach offers heightened security against fraud by leveraging the organization's trust, which numerous unspecified users verify. ...

Does Private Blockchain Make Sense?
  • Citing Conference Paper
  • January 2023