Investigation on Research Ethics and Building a Benchmark

When dealing with leading edge cyber security research, especially when operating from the perspective of an attacker or a red team, it becomes necessary for one to at times consider how ethics comes into play. There are currently no cyber security-specific ethics standards, which in particular is one reason more adversarial cyber security research lags behind in Japan. In this research, using machine learning and manual methods we extracted best practices for research ethics from past top conference papers. Using this knowledge we constructed an ethics knowledge base for cyber security research. Such a knowledge base can be used to properly distinguish grey-area research so that it is not wrongly forbidden. Using a decision tree-style user interface that we created for our knowledge base, researchers may be able to efficiently identify which aspects of their research require ethical consideration. In this work, as a preliminary step we focused on only a portion of the areas of research covered by cyber security conferences, but our results are applicable to any area of research.