Matsuura Laboratory Members
Update: Jun, 2024
List
Members
Interest
Publications
-
Kanta Matsuura,
Takurou Hosoi.
Mechanism Design of Data Sharing for Cybersecurity Research,
IPSI Transactions on Advanced Research,
Vol.11,
No.1,
pp.35-40,
2015
[detail]
abstract
If we want to realize a scientific approach to cybersecurity, we need objective
and reproducible evaluation of security.
Although some of cryptographic
technologies have rigorous security proofs, a lot of cybersecurity technologies
rely on experimental evaluation which needs good datasets.
One may expect that
sharing such datasets would help at least the reproducibility of the evaluation.
At the same time, one may be afraid that effective mechanism design is difficult
because there have been a lot of studies on disincentive problems
(e.g.
free-riding) associated with information sharing in cybersecurity.
However, the requirements and typical solutions for data sharing would be
different from those for information sharing.
In this paper, we comprehensively
discuss the features of "data sharing for cybersecurity research" based on a
systematic comparison with "information sharing for cybersecurity practice".
We
also report a Japanese case in the field of malware analysis.
One important finding is that considering human resource development is an
important factor in the activities associated with data sharing.
-
Kanta Matsuura,
Takurou Hosoi.
Data Sharing for Cybersecurity Research and Information Sharing for Cybersecurity Practice,
The 8th International Workshop on Security (IWSEC2013),
2013
[detail]
abstract
When we want to realize a scientific approach to cybersecurity,
we need objective and reproducible evaluation of security properties.
Although some of cryptographic technologies have rigorous security proofs,
a lot of cybersecurity technologies rely on experimental security evaluation
which needs good datasets.
One may expect that sharing such datasets would help
at least the reproducibility of the evaluation.
At the same time, one may be afraid
that effective mechanism design is not trivial because there have been a lot of
studies on disincentive problems (e.g.
free-riding) associated with information
sharing for cybersecurity practice.
However, the requirements and typical solutions
for data sharing would be different from those for information sharing.
In this poster,
we comprehensively discuss the features of data sharing for cybersecurity research
based on a systematic comparison with information sharing for cybersecurity practice.
We also identify some intrinsic limitations of the data sharing approach.
-
Takurou Hosoi,
Kanta Matsuura.
Effectiveness of a Change in TCP Retransmission Timer Management for Low-rate DoS Attack Mitigation and Attack Variants,
The 8th International Workshop on Security (IWSEC2013),
2013
[detail]
abstract
The mechanism of TCP retransmission timeout
is essential to the Internet congestion control.
But existing research pointed out
that this mechanism allows DoS attack
with low-rate mean traffic.
We proposed a change in TCP retransmission timeout management,
in which
length of TCP retransmission timer is increased
not to precisely twice of the prior timer length
in successive timeout waiting.
We investigate its effectiveness
in DoS attack mitigation analytically,
and some attack variants under this countermeasure.
-
Kanta Matsuura,
Takurou Hosoi.
Data Sharing for Cybersecurity Research: A Comparison with Information Sharing for Cybersecurity Practice,
Ninth Annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective,
2013
-
Takurou HOSOI,
Kanta Matsuura.
Evaluation of the Common Dataset Used in Anti-Malware Engineering Workshop 2009,
Lecture Notes in Computer Science (Recent Advances in Intrusion Detection,
13th International Symposium on Recent Advances in Intrusion Detection: RAID 2010),
Vol.6307,
pp.496-497,
2010
-
Takuro Hosoi,
Kanta Matsuura,
Hideki Imai.
IP Trace Back by Packet Marking Method with Bloom Filters,
Proceedings of the 2007 IEEE International Carnahan Conference on Security Technology (2007 ICCST) 41st Annual Conference,
pp.255-263,
2007
Interest
- Digital forensics, Control system security
Publications
-
Kensuke Tamura,
Kanta Matsuura.
Improvement of Anomaly Detection Performance using Packet Flow Regularity in Industrial Control Networks,
IEICE Transactions on Fundamentals of Electronics,
Communications and Computer Sciences,
Vol.E102-A,
No.1,
pp.65-73,
2019
[detail]
abstract
Since cyber attacks such as cyberterrorism against Industrial
Control Systems (ICSs) and cyber espionage against companies managing
them have increased, the techniques to detect anomalies in early
stages are required.
To achieve the purpose, several studies have developed
anomaly detection methods for ICSs.
In particular, some techniques
using packet flow regularity in industrial control networks have achieved
high-accuracy detection of attacks disrupting the regularity, i.e.
normal
behavior, of ICSs.
However, these methods cannot identify scanning attacks
employed in cyber espionage because the probing packets assimilate
into a number of normal ones.
For example, the malware called Havex is
customized to clandestinely acquire information from targeting ICSs using
general request packets.
The techniques to detect such scanning attacks
using widespread packets await further investigation.
Therefore, the goal of
this study was to examine high performance methods to identify anomalies
even if elaborate packets to avoid alert systems were employed for attacks
against industrial control networks.
In this paper, a novel detection model
for anomalous packets concealing behind normal traffic in industrial control
networks was proposed.
For the proposal of the sophisticated detection
method, we took particular note of packet flow regularity and employed the
Markov-chain model to detect anomalies.
Moreover, we regarded not only
original packets but similar ones to them as normal packets to reduce false
alerts because it was indicated that an anomaly detection model using the
Markov-chain suffers from the ample false positives affected by a number
of normal, irregular packets, namely noise.
To calculate the similarity between
packets based on the packet flow regularity, a vector representation
tool called word2vec was employed.
Whilst word2vec is utilized for the
calculation of word similarity in natural language processing tasks, we applied
the technique to packets in ICSs to calculate packet similarity.
As a
result, the Markov-chain with word2vec model identified scanning packets
assimilating into normal packets in higher performance than the conventional
Markov-chain model.
In conclusion, employing both packet flow
regularity and packet similarity in industrial control networks contributes
to improving the performance of anomaly detection in ICSs.
- Associate Research Fellow
Interest
- Anonymous communication system
Interest
Publications
-
Ryuya Hayashi,
Taiki Asano,
Junichiro Hayata,
Takahiro Matsuda,
Shota Yamada,
Shuichi Katsumata,
Yusuke Sakai,
Tadanori Teruya,
Jacob C.
N.
Schuldt,
Nuttapong Attrapadung,
Goichiro Hanakoka,
Kanta Matsuura,
Tsutomu Matsumoto.
Signature for Objects: Formalizing How to Authenticate Physical Data and More,
Lecture Notes in Computer Science (The 27th International Conference on Financial Cryptography and Data Security: FC2023),
Vol.13950,
pp.182-199,
2023
[detail]
abstract
While the integrity of digital data can be ensured via digital signatures,
ensuring the integrity of physical data,
i.e., objects, is a more challenging task.
For example, constructing a digital signature on data extracted
from an object does not necessarily guarantee that an adversary
has not tampered with the object or replaced this
with a cleverly constructed counterfeit.
This paper proposes a new concept called signatures for objects
to guarantee the integrity of objects cryptographically.
We first need to consider a mechanism that allows us to mathematically
treat objects which exist in the physical world.
Thus, we define a model called an object setting in which
we define physical actions, such as a way to extract data
from objects and test whether two objects are identical.
Modeling these physical actions via oracle access enables
us to naturally enhance probabilistic polynomial-time algorithms
to algorithms having access to objects - we denote
these physically enhanced algorithms (PEAs).
Based on the above formalization, we introduce two security definitions
for adversaries modeled as PEAs.
The first is unforgeability, which is the natural extension
of EUF-CMA security, meaning that any adversary
cannot forge a signature for objects.
The second is confidentiality, which is a privacy notion,
meaning that signatures do not leak any information about signed objects.
With these definitions in hand,
we show two generic constructions: one satisfies unforgeability
by signing extracted data from objects; the other satisfies unforgeability
and confidentiality by combining a digital signature with obfuscation.
Interest
- Blockchain, Network Security
|
