A5077981225- Advanced Malware Detection Techniques
- Network Security and Intrusion Detection
- Security and Verification in Computing
- Advanced Data Storage Technologies
- Distributed and Parallel Computing Systems
- Cloud Computing and Resource Management
- Parallel Computing and Optimization Techniques
- Distributed systems and fault tolerance
- Software Testing and Debugging Techniques
- Cloud Computing and Remote Desktop Technologies
- Logic, programming, and type systems
- Anomaly Detection Techniques and Applications
- Adversarial Robustness in Machine Learning
- Caching and Content Delivery
- Spam and Phishing Detection
- Digital Media Forensic Detection
- Scientific Computing and Data Management
- Internet Traffic Analysis and Secure E-voting
- IoT and Edge/Fog Computing
- Digital and Cyber Forensics
- Peer-to-Peer Network Technologies
- Formal Methods in Verification
- Real-Time Systems Scheduling
- Artificial Immune Systems Applications
- Innovation in Digital Healthcare Systems
University of Tsukuba
2001-2022
University of Electro-Communications
2006-2016
Japan Science and Technology Agency
2003-2016
Centre de Recherche en Économie et Statistique
2014
Centre for Research in Engineering Surface Technology
2014
The University of Tokyo
1997-2005
Tokyo University of Science
1997-2000
Tokyo University of Information Sciences
2000
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components providing virtual hardware devices and sharing protecting system resources among machines (VMs), enlarging the code size of reducing reliability VMMs.This paper introduces hypervisor architecture, called parapass-through, designed to minimize hypervisors by allowing most I/O access from guest operating (OS)...
This paper presents a proposal of method to extract important byte sequences in malware samples reduce the workload human analysts who investigate functionalities samples. method, by applying convolutional neural network (CNN) with technique called attention mechanism an image converted from binary data, enables calculation "attention map," which shows regions having higher importance for classification image. distinction extraction characteristic peculiar family data and can provide useful...
Multiple virtual machines on a single machine monitor are isolated from each other. A malicious user one usually cannot relay secret data to other without using explicit communication media such as shared files or network. However, this isolation is threatened by in which CPU load used covert channel. Unfortunately, threat has not been fully understood evaluated. In study, we quantitatively evaluate the of CPU-based channels between Xen hypervisor. We have developed CCCV, system that creates...
Many studies have been conducted to detect malware based on machine learning of program features extracted using static analysis. In this study, we consider the task distinguishing between and benign programs by their surface features, such as general file information imported functions. To make attempts practical, a good balance among accuracy, time, feature-data sizes is required. Although only subset can reduce required time data sizes, it not trivial select an appropriate features....
A virtual machine monitor (VMM) can isolate machines (VMs) for trusted programs from VMs untrusted ones. The security of be enhanced by monitoring and controlling the behavior with systems running in a VM programs. However, outside monitored usually obtain only low-level events states such as interrupts register values. Therefore, it is not straight-forward to understand high-level an operating system control resources managed system. In this paper, we propose that controls execution...
Enhancement of security using hypervisors is an effective approach that has been extensively studied. This paper concerned with the parapass-through architecture, in which most I/O accesses from operating system are passed through hypervisor, while minimum necessary to implement functionality mediated by hypervisor. Parapass-through can provide various functionalities such as encryption storage data and creation virtual private networks. Although a previous study detailed method for...
Modern distributed file systems can store huge amounts of information while retaining the benefits high reliability and performance. Many these are prototyped with FUSE, a popular framework for implementing user-level systems. Unfortunately, when mounted on client that uses they suffer from I/O overhead caused by extra memory copies context switches during local access. Overhead imposed FUSE is not small becomes more pronounced This may significantly degrade performance data-intensive...
We have developed a malware analysis system based on process-level virtualization. Our BitSaucer can dynamically generate number of virtual execution environments as honeypots one machine. It confines by creating file tree in environment and redirecting outgoing network communication to another the same has minimal resource consumption runtime overhead. Even when 1000 were hosted machine, applications running worked well they normally do. deployed honeypot Internet collected information...
This paper presents a method to extract important byte sequences in malware samples by application of convolutional neural network (CNN) images converted from binary data. method, combining technique called the attention mechanism into CNN, enables calculation an "attention map," which shows regions having higher importance for classification image. The extracted region with can provide useful information human analysts who investigate functionalities unknown samples. Results our evaluation...
Sandboxing systems are extremely useful for secure execution of untrusted applications. Many the sandboxing proposed so far provide security by intercepting system calls invoked an application and controlling their execution. However, a problem in existing is amount overhead required checks performed after call interceptions. In this paper, we propose that executes speculative checks. The predicts behavior sandboxed parallel with application, thus reducing overhead. Behavior predicted based...
Once malware has infected a system, it may lie dormant (or asleep) to control resource consumption speeds, remain undetected until the time of an attack, and thwart dynamic analysis. Because their aggressive abnormal use sleep behavior, programs are expected exhibit traits that distinguish them from other programs. However, details behavior real not sufficiently understood, diversity among different samples or families is also unclear. In this paper, we discuss characteristic recent explore...
Operating system jitter is one of the major causes runtime overhead in applications high performance computing. Jitter results from execution services by operating kernel, such as interrupt handling and tasklets, or various daemon processes developed order to provide services, memory management daemons. This interrupts application computations increases their time. significantly affects where many threads frequently synchronize with each other. In this paper, we investigate impact caused...
An essential phase in the testing of a security system is to attack target software test environment and then check response system. However, obtaining or developing sufficient number vulnerable exploits not straightforward. One approach for collecting information on how reacts various attacks ``fabricate'' effects by using fault-injection tool. In this paper, we propose Hyper Attacker, which software-implemented fault injection systems. Attacker injects faults according scenarios provided...
We propose HyperShield, which is a hypervisor that can be inserted into and removed from running operating system, for improving security. While many existing security-oriented hypervisors require modifying or rebooting an overlying HyperShield does not this. intended to general framework various security mechanisms. The current implementation provides two mechanisms preventing kernel-level buffer overflow. One detects the execution of user code with kernel privilege, other malicious...
Migration of virtual computing environments is a useful mechanism for advanced management servers and utilization uniform environment on different machines. There have been number studies migration based machine monitors (e.g., VMware) or language-level machines Java). However, systems CPU emulator not received much attention their viability in practical setting clear. In this paper, we describe Quasar, (VM) system implemented top the QEMU emulator. Quasar can migrate whole operating between...
The performance of a distributed file system significantly affects data-intensive applications that frequently execute I/O operations on large amounts data. Although many modern systems are geared to provide highly efficient performance, their nonetheless affected by runtime overhead in data transfer between client nodes and servers. A part the is caused memory copies executed interface using FUSE framework or special kernel module. In this paper, we propose method based InfiniBand RDMA...
We have designed and implemented a virtual machine monitor (VMM) for utilizing non-dedicated clusters. The VMM virtualizes shared-memory multi-processor on commodity cluster. In addition, it hides dynamic changes of physical hardware configurations. experimental result demonstrates the feasibility our approach.