Brute force attacks are used to obtain pairs of user names and passwords illegally by using all existing pairs to login to network services. These are a major security threat faced by network service administrators. In general, to prevent brute force attacks, administrators can set limitations on the number of login trials and shut down the traffic of brute force attacks with an intrusion prevention system (IPS) at the entry point to their services. In recent years, stealthy brute force attacks that can avoid the security rules and IPS and intrusion detection system (IDS) detection have appeared. Attackers tend to arrange a large amount of hosts and allocate them fewer login trials than the limitations administrators set. In this paper, we report a kind of distributed brute force attack event (brute force attacks with disciplined IPs, or DBF) against the (RDP) by analyzing IDS logs integrated from multiple sites. In DBF, a particular number of attacks is repeated automatically from a host to a service over a period. For this reason, existing countermeasures have no effect on DBF. We investigate the structure of DBF and improve the existing countermeasure system. We also present TOPASE, which is replaced at each step of the existing countermeasure system and is suitable for DBF countermeasures. TOPASE analyzes the regularity of login trials between a source host and a destination host. Furthermore, TOPASE intercepts the network traffic from the source host of the brute force attack for a specific period. As a result of the evaluation with our IDS log, we estimate the performance of TOPASE and clarify the factors that maximize TOPASE's effectiveness.

抄録全体を表示

　近年，病院情報システムの端末をデスクトップ仮想基盤上で構築する医療機関が増えている．デスクトップ仮想化を実現するための技術は，仮想サーバ内で処理された画面をクライアントPCへ伝送し表示するため，従来までのクライアントサーバ方式と画面表示方法が大きく異なる．このような環境で構築された病院情報システムでは，画像診断への影響度および医用画像表示モニタの品質管理方法は未知である．一般的に，医用画像表示モニタは，診断精度を維持するために品質管理が必要であり，その方法は日本画像医療システム工業会が提供する「医用画像表示モニタの品質管理に関するガイドライン」で定められている．本論文では，今までに多くの施設で導入されてきたクライアントサーバ方式と，デスクトップ仮想化の実現手法であるVDI方式とRDP方式について，ガイドラインが定める評価方法に基づき，医用画像表示モニタ上に正しく画像が表示されているか比較を行った．その結果，ガイドラインの定める品質管理方法で測定した評価値に差異は認められなかったため，デスクトップ仮想化が導入された医療機関でも画像診断の精度が維持できていることが示唆された．また，医用画像表示モニタの品質管理も従来と同じ評価方法が適応できることが明らかになった．

抄録全体を表示

Dynamic analysis that automatically analyzes malware has become the defacto standard for coping with the huge amount of current malware types. One analysis support is a function that maps the malware behavior to each element of the MITRE ATT&CK^® Technique. This function has been adopted in many online sandboxes and contributes to the efficiency of analysis. On the other hand, this function depends on the implementation of the mapping rules, which may affect the analysis results. Therefore, we investigated the actual situation of online sandboxes that have a function for mapping to the attack technique. In this study, we analyzed a total of 26,078 malware analysis results from three online sandboxes, found that the characteristics for matching to each technique differed among the sandboxes, and clarified the ease of matching each technique. We also compared the mapping characteristics of techniques with those of static analysis-based techniques and manually written reports and showed that the mapping characteristics differed among the techniques. Furthermore, we derived best practices for utilization on the basis of each survey. We believe that these results will lead to a better understanding of online sandboxes and to more efficient malware analysis using online sandboxes.

抄録全体を表示

東京農工大学総合情報メディアセンター（以下，本学）では，技術的な業務を担う職員と事務的な業務を担う職員がそれぞれ存在する．事務的な業務を担う職員は基本的な機器操作はできても，技術的な知識を十分に持っているわけではない．こういったユーザ向けの端末としては，ユーザにとって分かりやすいシステムを構成すること，管理者が想定する利用方法をユーザが行わないケースを想定し，システムとしての堅牢さを高めることなどを検討していく必要がある．これは，大学における多くの事務職員についても同様と言え，これら職員に向けた電子計算機システムはセキュリティ的な観点からもシンクライアント化されるケースが近年増えてきている．そこで本稿では，本学センター事務職員向けの端末システムに対し，端末・提供方式・OSの観点から要件の検討を行った．検討の結果より，HTML5準拠ブラウザのみを利用可能なリモートデスクトップシステムと端末内に補助記憶装置を持たないLinuxディスクレスシステムによるシンクライアントシステムを設計した．設計に基づき，実際に稼働するシステムを構築し，その内容、実際の運用結果等を詳述した．本システムにより，端末の自由度を高めることが可能であり，かつ，事務職員が利用するリモートデスクトップシステムとして十分な性能も持つものであることが確認された．

抄録全体を表示

Image analysis is crucial to medical and biological applications. Recent advances in imaging technology have led to the demand for processing and visualizing a large amount of three-dimensional (3D) biomedical images. In addition, cloud computing has become popular for managing big data. Unfortunately, conventional image-processing systems either lack cloud computing services or advanced 3D processing abilities. In this paper, we present a novel cloud-based system for sharing, processing, and visualizing 3D biomedical images. Our system employs a standard web browser as a client interface that interactively communicates with high-performance servers. Thus, an inexpensive tablet PC without an advanced graphics processing unit (GPU) can be used for 3D image processing and visualization. Our system provides the sharing of limited software and hardware resources, and it allows for effective collaboration between researchers. We demonstrate the applicability and functionality of the system by examining typical case studies on biomedical images. We also examine the performance of our system numerically.

抄録全体を表示

While thin-client systems are diffusing as an effective security method in enterprises and organizations, there is a new approach called pseudo thin-client system. In this system, local disks of clients are write-protected and user data is forced to save on the central file server to realize the same security effect of conventional thin-client systems. Since it takes purely the software-based simple approach, it does not require the hardware enhancement of network and servers to reduce the installation cost. However there are several problems such as no write control to external media, memory depletion possibility, and lower security because of the exceptional write permission to the system processes. In this paper, we propose WriteShield, a pseudo thin-client system which solves these issues. In this system, the local disks are write-protected with volume filter driver and it has a virtual cache mechanism to extend the memory cache size for the write protection. This paper presents design and implementation details of WriteShield. Besides we describe the security analysis and simulation evaluation of paging algorithms for virtual cache mechanism and measure the disk I/O performance to verify its feasibility in the actual environment.

抄録全体を表示

RC4 is a well-known stream cipher designed by Rivest. Due to considerable cryptanalysis efforts over past 20 years, several kinds of statistic biases in a key stream of RC4 have been observed so far. Finally, practical full plaintext recovery attacks on RC4 in SSL/TLS were independently proposed by AlFardan et al. and Isobe et al. in 2013. Responded to these attacks, usage of RC4 has drastically decreased in SSL/TLS. However, according to the research by Trustworthy Internet Movement, RC4 is still used by some websites for the encryption on SSL/TLS. In this paper, we shows a new plaintext recovery attack for RC4 under the assumption of HTTPS. We develop a method for exploiting single-byte and double-byte biases together to efficiently guess the target bytes, while previous attacks use either single-byte biases or double-byte biases. As a result, target plaintext bytes can be extracted with higher probability than previous best attacks given 2²⁹ ciphertexts encrypted by randomly-chosen keys. In the most efficient case, the success probability of our attack are more than twice compared to previous best attacks.

抄録全体を表示

This article is a follow-up report of the status of the electrostatic levitation furnace research activities onboard the International Space Station (ISS). Capability of drop oscillation to measure surface tension and viscosity of molten samples was evaluated using Al2O3. Experimental results were consistent with the values measured with a ground-based electrostatic levitator as well as some data in literature, which proved that surface tension and viscosity could be measured by drop oscillation method in microgravity. This technique was then applied to molten terbium oxide (Tb2O3) whose surface tension and viscosity have not been reported. Measured surface tension could be expressed as γ(Τ) = 733.4-3.9x10-2(T-Tm) (10-3N/m), where Tm=2683 K and the viscosity as η(T)=0.33exp[9.75x104/(RT)] (10-3Pa·s) over the 2745 to 3259 K temperature span.

抄録全体を表示

With the growth of internet of things (IoT) devices, cyberattacks, such as distributed denial of service, that exploit vulnerable devices infected with malware have increased. Therefore, vendors and users must keep their device firmware updated to eliminate vulnerabilities and quickly handle unknown cyberattacks. However, it is difficult for both vendors and users to continually keep the devices safe because vendors must provide updates quickly and the users must continuously manage the conditions of all deployed devices. Therefore, to ensure security, it is necessary for a system to adapt autonomously to changes in cyberattacks. In addition, it is important to consider network-side security that detects and filters anomalous traffic at the gateway to comprehensively protect those devices. This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks. The proposed system comprises a honeypot server and a gateway. The honeypot server continuously captures traffic and adaptively generates an anomaly detection model using real-time captured traffic. Thereafter, the gateway uses the generated model to detect anomalous traffic. Thus, the proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic. Three experiments were conducted to evaluate the proposed system: a virtual experiment using pre-captured traffic from various regions across the world, a demonstration experiment using real-time captured traffic, and a virtual experiment using a public dataset containing the traffic generated by malware. The results of all experiments showed that the detection model with the dynamic update method achieved higher accuracy for traffic anomaly detection than the pre-generated detection model. The experimental results indicate that a system adaptable in real time to evolving cyberattacks is a novel approach for ensuring the comprehensive security of IoT devices against both known and unknown attacks.

抄録全体を表示

Given the finite nature of an organization's security resources, effectively countering all risks can be quite challenging. Threat hunting involves gathering information to make informed decisions about the allocation of security resources. Part of this responsibility for security personnel includes investigating the attack methods made possible by existing vulnerabilities, identifying potential attackers, and understanding their attack strategies. This study aims to support threat hunting efforts, ultimately aiding in the optimal distribution of security resources. To achieve this goal, we propose a system that combines data from NVD (National Vulnerability Database) and MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge). This system enables us to identify the attack methods that could be executed by exploiting specific vulnerabilities and the potential attackers who may leverage these methods. Through several examples, we have verified that the insights provided by our system align with information available from other sources. By leveraging the proposed system, investigations into attack methods and potential attackers can be conducted more efficiently, requiring fewer steps compared to manual investigations.

抄録全体を表示

Modern Web services provide advanced features by utilizing hardware resources on the user's device. Web browsers implement a user consent-based permission model to protect user privacy. In this study, we developed P_ERMIUM, a web browser analysis framework that automatically analyzes the behavior of permission mechanisms implemented by various browsers. We systematically studied the behavior of permission mechanisms for 22 major browser implementations running on five different operating systems. We found fragmented implementations. Implementations between browsers running on different operating systems are not always identical. We determined that implementation inconsistencies could lead to privacy risks. We identified gaps between browser permission implementations and user perceptions from the user study corresponding to the analyses using P_ERMIUM. Based on the implementation inconsistencies, we developed two proof-of-concept attacks and evaluated their feasibility. The first attack uses permission information to secretly track the user. The second attack aims to create a situation in which the user cannot correctly determine the origin of the permission request and the user mistakenly grants permission. Finally, we clarify the technical issues that must be standardized in privacy mechanisms and provide recommendations to OS/browser vendors to mitigate the threats identified in this study.

抄録全体を表示

An extension to the software model checker Java Path nder for verifying networked applications using the User Datagram Protocol (UDP) is presented.UDP maximizes performance by omitting ow control and connection handling. For instance,media-streaming services often use UDP to reduce delay and jitter. However, because UDP is unreliable (packets are subject to loss, duplication, and reordering), veri cation of UDP-based applications becomes an issue. Even though unreliable behavior occurs only rarely during testing, it often appears in a production environment due to a larger number of concurrent network accesses.Our tool systematically tests UDP-based applications by producing packet loss, duplication,and reordering for each packet. We have evaluated the performance of our tool in a multi-threaded client/server application and detected incorrectly handled packet duplicates in a le transfer client.

抄録全体を表示