Showing papers by "Hiroki Takakura published in 2016"

A fully meshed backbone network for data-intensive sciences and SDN services

Abstract: This paper gives a brief report on a new 100-Gbps academic backbone network, called SINET5, which started full-scale operations in April 2016. SINET5 has more than 50 backbone routers and forms a fully meshed topology by using MPLS-TP systems to provide researchers in every Japanese prefecture with 100-Gbps access, minimized-latency, and SDN-friendly environments. SINET5 gives a multi-layer, dynamically configurable, and performance-tunable platform for a wide range of network applications including inter-cloud services. The multi-layer network design, new functions including SDN and cloud-oriented functions, and field test results on performance and reliability are reported.

An incident response support system based on seriousness of infection

Abstract: Recently, cyber attacks become so sophisticated that conventional countermeasures that focus on preventing intrusion are becoming less effective. Thus, recent countermeasures are focusing on after intrusion such as an incident response. We previously proposed a system in order to support network administrators performing incident responses. However, our previous system uses only anomaly detection technique to detect signs of cyber attacks so that we may overlook some signs. In addition, we bother with a lot of unimportant detection reports including many false positives. Our previous system deals with detected malware one by one. Such behavior cannot cope with various situations of incidents. As a solution, this paper proposes an incident response support system based on seriousness of infection. The system combines various types of detection techniques and raises the large number of detection report. To manage detection reports, we define Infection Suspicious Level (ISL) that represents degree of suspicious about malware infection. By assigning ISL to all network segments, the system performs appropriate monitoring, analysis, and takes countermeasure semi-automatically based on ISL. The proposed system can raise a number of detection reports, reduce the false positive problem, and provide several strategies against attack.

An Automated ACL Generation System for Secure Internal Network

Abstract: Recently, targeted cyber attacks have been sophisticated. In case of such attacks, attackers use dedicated malwares against target organizations. Dedicated malwares slip through the conventional countermeasures, e.g., firewall, intrusion detection systems, and so on, which focus on preventing intrusion of malwares. Against such situation, recent countermeasures focus on the mitigation of damages like information leakage after intrusion. Separated network, e.g., separating internal networks, and controlling access among separated sub-networks, is one of the effective countermeasure. It can prevent malicious communication by malwares, and can easily take countermeasure like isolating of infected hosts. However, we need a lot of cost to construct such network. This paper proposes an automated ACL (Access Control List) generation system for secure internal network. The proposed system refers directory service information and network traffic data, and generates proper access controls based on such information. By using this system, we can construct secure internal network which is applied proper access control easily.

An Automated ACL Generation System for Secure Internal Network.

Abstract: Recently, targeted cyber attacks have been sophisticated. In case of such attacks, attackers use dedicated malwares against target organizations. Dedicated malwares slip through the conventional countermeasures, e.g., firewall, intrusion detection systems, and so on, which focus on preventing intrusion of malwares. Against such situation, recent countermeasures focus on the mitigation of damages like information leakage after intrusion. Separated network, e.g., separating internal networks, and controlling access among separated sub-networks, is one of the effective countermeasure. It can prevent malicious communication by malwares, and can easily take countermeasure like isolating of infected hosts. However, we need a lot of cost to construct such network. This paper proposes an automated ACL (Access Control List) generation system for secure internal network. The proposed system refers directory service information and network traffic data, and generates proper access controls based on such information. By using this system, we can construct secure internal network which is applied proper access control easily.

Evaluation on Malware Classification by Session Sequence of Common Protocols

Abstract: Recent malware is becoming sophisticated year by year. It often uses common protocols like HTTP to imitate normal communications. So, we have to consider activities in common protocols when we analyze malware. Meanwhile, the number of malware analysts is insufficient compared to new malware generation speed. To solve this problem, there is expectation to a malware classification method which classifies huge number malware with quickness and accurate. With this method, malware analysts can dedicate to the investigation of new types of malware. In this paper, we propose a malware classification method using Session Sequence of common protocols which classifies malware into new or existing one. Furthermore, if the malware is classified as existing malware, the proposed method also classifies it into existing malware families. We evaluated our proposed method with traffics of 502 malware samples. The experimental results shows that our method can correctly judge and classify in 84.5 % accuracy.