Research

Identifying a mailcious intent

The number of malware is still increasing and the types of internal activities with malicious intent got diversified. Existing analysis approaches such as static or dynamic analysis enable us to observe each instruction of malware as well as the series of behavior accompanying with its execution. However, to identify the type of malicious activity from its execution, we need to inspect each instruction and behavior. Recent malware of its functionalities got sophisticated, and furthermore, some malware implements a lot of functionalities, such as file-less, obfuscation and anti-sandboxing, to make analysis more difficult. In our research, we propose the VMM-based analysis method to perform adversary intention analysis more convenient.

Split-personality malware detection

In order to measure a new malware, we need to analyze the malware in detail. In the runtime malware analysis, which is one of malware analysis techniques, we actually execute the program code of malware on a computer and analyze its behavior in detail. The runtime analysis is quite efficient to unveil hidden functions of obfuscated malware. However, a malware developer makes a malware avoid to be observed with the runtime analysis. This kind of malware is called split-personality malware or analysis-aware malware. This study is trying to find such malware.

A study on the advanced detection of C2 communication of malware

Many malwares have the function of receiving commands from a remote attacker over the Internet, called command and control (C2 or C&C). In past, C2 sends commands over the text chat on Internet Relay Chat (IRC) but, today, is enhanced to embed commands in a web contents delivered over HTTP(s). For example, an attacker may embed commands into an image with the steganography. In this study, we tackle to find out such enhanced C2 communication based on a sophisticated way.

VMM-based Anomaly Detection

Aside from its rapid development and decreasing cost, cloud computing has not been fully embraced by organizations and industries around the world because of their concern over security. One main security threat in virtualization environments of cloud computing is the guest VMs. The challenge for monitoring public IaaS is how to collect a clear view of the guest VM’s behavior without interfering guest OS’s operation. In this research, we introduce a novel observation point, static instrumentation data, and study its applicability for VM-based Anomaly Detection System.

Efficient resource management based on wireless and Internet technologies collaboration

The amount of traffic keeps growing yet. All devices today transmits data over wireless and thus the network capacity of wireless network at the edge of the Internet is scarce. In the wireless communication, a device transmits electromagnetic signal through the air (shared medium) to establish communication; radio interference inevitably happens because there must be nearby devices. The CSMA protocol and a different orthogonal channel are used to avoid such interference and thus wireless resources are used efficiently. Independent to this, the network resources is efficiently utilized with optimizing end-to-end route and a flow control mechanism. This study conducts the collaboration of resource management on wireless and network technologies, which are working independently, and, for example, tackles to increase network performance and keep QoE of application. This study is collaboratively conducted with Fukuoka University, the University of Electro-Communications, Shinshu University, and Kyushu Institute of Technology.

Keyword: software-defined wireless network (or SDN), NFV, wireless

Geo-centric information platform that collects, processes, and supplies information at IoT era

The main stakeholders are changing from server and computer to people and things along with the spread of Internet of Things (IoT). Servers and clients transfer/process information following the Internet architecture with the identifier of IP address. However, people and things interacts with each other (transfer/process information from the digital perspective of IoT) following the real-world architecture with the identification of physical localtion. In IoT era, since these two architectures co-exist and affect each other, a lot of complex problems emerge due to the gap of different architecture. This study is trying to fill the gap and seamlessly connect physical and cyber things. This study is collaboratively conducted with Kyushu Institute of Technology, Ritsumeikan university, and Fukuoka Institute of Technology.

Keyword: distributed computing, routing, SDN, geo-centric information platform

Configuring LoRaWAN in IoT Use Cases and revision of LoRaWAN

Long Range Wide Area Network (LoRaWAN) as an IoT solutions enabler is one of the most popular software protocols instrumental in connecting low-power Machine to Machine (M2M) and IoT devices over a long range to the Internet. LoRaWAN communication protocol contains several features that contributes to uphold the low power wide area (LPWA) design criteria of low power, cost, implementation complexity and bandwidth. However, a major challenge of LoRaWAN is, its capacity is limited particularly by the duty cycle (Percentage of time on air due to regulation), transmission in the downlink through acknowledgement of frames and collision. Current methods towards improving the capacity do not provide the network with enough flexibility to adapt to network conditions and are not able to serve applications that require high capacity. This limits the possibility to use LoRaWAN in many IoT use case scenarios. Our research is geared towards evaluating, analyzing and comparing certain feature settings of specific IoT use cases in LoRaWAN and the impact on the capacity. We also propose a method to improve the capacity of IoT applications using LoRaWAN through opportunistic spectrum access.

On Finding the Quintessential Characteristics of a Security Vulnerability

Meltdown & Spectre came as natural disasters to the Information Technology world with several doomsday scenarios being professed. Yet, when we turn to the de facto standard body for assessing the severity of a security vulnerability, the Common Vulnerability Scoring System (CVSS), we surprisingly notice that Meltdown & Spectre do not command the highest scores. We witness a similar situation for other rock star vulnerabilities (vulnerabilities that have received a lot of media attention) such as Heartbleed and KRACKs. In this research, we investigate why the CVSS miserably fails at capturing the intrinsic characteristics of rock star vulnerabilities. We dissect the different elements of the CVSS (v2 and v3) to prove that there is nothing within it that can indicate why a particular vulnerability is a rock star. Further, we uncover a pattern that shows that, despite all the beautifully elaborated formulas, magic numbers and catch phrases of the CVSS, there is still a heavy presence human emotion into the scoring. We ought to leverage modern data analysis techniques and machine learning to propose a better solution for evaluating a security vulnerability.

Smartphone Security Adherence and correspondence Assistive Techniques

Billions of smartphones around the world are running an out-of-date Operating Systems(OS) despite users knowing the importance of an updated OS. We layout and analyze general users’ cybersecurity knowledge and attitudes towards their online interactions. We analyze password choices, smartphone lock behavior, phishing awareness and users’ attitudes in public Wi-Fi. We believe that insecure online behaviors are exhibited more by portable devices’ users due to their limited capability and easiness of being online most of the time. Thus, these users are more prone to various cyberattacks such as phishing, man-in-the-middle, and ARP poisoning.

We proposed and developed several strategies for assisting users not falling victims to those attacks and strategies for increasing users’ security compliance and awareness. We proposed UnPhishMe, a mobile application prototype that takes advantage of a particular weakness of phishing sites: they accept any kind of input information for authentication. It enables a mobile device user to create fake login account, with fake login credentials, that mimics user login procedure every time the user opens a login webpage and generates an alert to her. We also proposed a lightweight, scalable and immune to Single Point of Failure (SPOF) mobile application for addressing ARP poisoning attack in smart devices and IoT. The application is fundamentally based on the concept of mapping a legitimate copy of ARP cache of a device and save it to a secure long-term application memory, then later it periodically checks against the ARP cache map to determine the alteration and alert the user, so that appropriate actions can be taken.

To enforce security compliance, we redesigned smartphone security notification alerts by integrating them with free information services such as traffic status, weather tips, and others to determine whether they can increase software update compliance in comparison to ordinary plains notices.

Cyber security education

The shortage of security talent is getting worse recently. In addition, the scope of cyber security has expanded, and the damage to users who use IT technology is also expanding. In this research, we create cyber game exercise tools and educational games and measure the effect on learners. We aim to provide knowledge and capabilities related to cyber security for users and experts.