Kentaroh Toyoda

SPIT callers detection with unsupervised Random Forests classifier

As VoIP (Voice over IP) grows rapidly, it is expected to prevail tremendous unsolicited advertisement calls, which type of calls is referred to SPIT (SPam over Internet Telephony). SPIT detection is more difficult to execute than email SPAM detection since the callee or SPIT detection system does not tell whether it is SPIT or legitimate call until he/she actually takes a call. Recently, many SPIT detection techniques are proposed by finding outliers of call patterns. However, most of these techniques suffer from setting a threshold to distinguish that the caller is legitimate or not and this could cause to high false negative rate or low true positive rate. This is because these techniques analyse call pattern by a single feature e.g. call frequency or average call duration. In this paper, we propose a multi-feature call pattern analysis with unsupervised Random Forests classifier, which is one of the excellent classification algorithms. We also propose two simple but helpful features for better classification. We show the effectiveness of Random Forests based classification without supervised training data and which features contribute to classification.

A Novel Blockchain-Based Product Ownership Management System (POMS) for Anti-Counterfeits in the Post Supply Chain

For more than a decade now, radio frequency identification (RFID) technology has been quite effective in providing anti-counterfeits measures in the supply chain. However, the genuineness of RFID tags cannot be guaranteed in the post supply chain, since these tags can be rather easily cloned in the public space. In this paper, we propose a novel product ownership management system (POMS) of RFID-attached products for anti-counterfeits that can be used in the post supply chain. For this purpose, we leverage the idea of Bitcoin’s blockchain that anyone can check the proof of possession of balance. With the proposed POMS, a customer can reject the purchase of counterfeits even with genuine RFID tag information, if the seller does not possess their ownership. We have implemented a proof-of-concept experimental system employing a blockchain-based decentralized application platform, Ethereum, and evaluated its cost performance. Results have shown that, typically, the cost of managing the ownership of a product with up to six transfers is less than U.S.

Unsupervised Clustering-based SPITters Detection Scheme

1.

Low false alarm rate RPL network monitoring system by considering timing inconstancy between the rank measurements

VoIP /SIP is taking place of conventional telephony because of very low call charge but it is also attractive for SPITters who advertise or spread phishing calls toward many callees. Although there exist many feature-based SPIT detection methods, none of them provides the flexibility against multiple features and thus complex threshold settings and training phases cannot be avoided. In this paper, we propose an unsupervised and threshold-free SPITters detection scheme based on a clustering algorithm. Our scheme does not use multiple features directly to trap SPITters but uses them to find the dissimilarity among each caller pair and tries to separate the callers into a SPITters cluster and a legitimate one based on the dissimilarity. By computer simulation, we show that the combination of Random Forests dissimilarity and PAM clustering brings the best classification accuracy and our scheme works well when the SPITters account for more than 20% of the entire caller.

Fast target link flooding attack detection scheme by analyzing traceroute packets flow

The IPv6 Routing Protocol for Low-power and Lossy networks (RPL) is a standard routing protocol to realize the Internet of Things (IoT). In order to realize secure IoT network, the Destination-Oriented Directed Acyclic Graph (DODAG) root collects information such as neighbor and parent ranks in each node and then observes network consistency by comparing a rank that a node sends to DODAG root with the rank that the same node sends to its neighbor nodes. However, the scheme has a problem that false detection rate is high since the DODAG root might compare a certain nodes rank after update with its rank that its node sends to its neighbor nodes before update due to timing inconstancy between rank measurements. In this paper, we propose a low false alarm rate RPL network monitoring system by considering timing inconstancy between rank measurements. In the proposed scheme, each node sends ranks at the time when each node broadcasts the latest rank to the DODAG root so as to avoid inherent timing inconstancy, and each node attaches a timestamp at the time when each node sends and receives ranks and then sends the timestamp to the DODAG root in order to take timing inconstancy into consideration. We evaluate the false detection rates by computer simulation and we show that the proposed scheme reduces the false detection rate in comparison with the conventional scheme.

Secret sharing based unidirectional key distribution with dummy tags in Gen2v2 RFID-enabled supply chains

Recently, a botnet based DDoS (Distributed Denial of Service) attack, called target link flooding attack, has been reported that cuts off specific links over the Internet and disconnects a specific region from other regions. Detecting or mitigating the target link flooding attack is more difficult than legacy DDoS attack techniques, since attacking flows do not reach the target region. Although many mitigation schemes are proposed, they detect the attack after it occurs. In this paper, we propose a fast target link flooding attack detection scheme by leveraging the fact that the traceroute packets are increased before the attack caused by the attackers reconnaissance. Moreover, by analyzing the characteristic of the target link flooding attack that the number of traceroute packets simultaneously increases in various regions over the network, we propose a detection scheme with multiple detection servers to eliminate false alarms caused by sudden increase of traceroute packets sent by legitimate users. We show the effectiveness of our scheme by computer simulations.

Secure parent node selection scheme in route construction to exclude attacking nodes from RPL network

Recently, a secret sharing scheme is found to be effective to solve the key distribution problem between parties in RFID-enabled supply chains. However, there is a problem that an attacker might recover the legitimate key by collecting sufficient secret shares when products are carried in the public transportation. In this paper, we propose an effective secret sharing scheme by introducing sufficient number of dummy tags which possess a bogus secret share when the tag-attached products are conveyed. Since an attacker cannot see the tags themselves from the outside of the carrying vehicle, he/she cannot distinguish between the legitimate tags and dummy tags and thus has to find out the correct key by iteratively trying each combination of secret shares. On the other hand, the party who receives products can distinguish dummy tags since they are not attached to any product. We also adopt a file privilege and untraceable option which are newly ratified by Gen2v2 (Gen2 version 2) to realize secure and practical RFID-enabled supply chains. We prove that our construction is secure in both the privacy and robustness aspect. We also confirm that our scheme is easily implemented with the off-the-shelf RFID reader and tags.

Opportunistic routing protocol with grid-based relay slot selection in Energy Harvesting WSNs

The IPv6 Routing Protocol for Low-power and Lossy networks (RPL) is a standard routing protocol to realize the Internet of Things (IoT). Since RPL is a tree-based topology network, an attacking node may falsely claim its rank towards neighbor nodes in order to be chosen as a parent of them and to collect more packets to tamper. In this paper, we propose a secure parent selection scheme so that each child node can select a legitimate node as its parent. In the proposed scheme, each node chooses a parent after excluding the best candidate if multiple parent candidates exist. Our scheme utilizes the fact that an attacking node claims falsely a lower rank than that of a legitimate nodes. We show that attacking nodes have no merits to claim lower ranks than true ones in a secure parent node selection scheme. By the computer simulation, we show that the proposed scheme reduces the total number of child nodes attached to attacking nodes in comparison with the conventional RPL scheme.

Practical key distribution scheme with less dummy tags in RFID-enabled supply chains

Energy Harvesting (EH) technologies are getting attractive to realize the battery-less wireless sensing networks (WSNs). In EH-WSNs, opportunistic routing that the intermediate nodes relay packets is preferred due to the extremely constrained energy. However, in the conventional scheme, intermediate nodes rigidly determine its relaying slot by calculating distances between a source and a destination and this causes heavy computation for nodes. In this paper, we propose a lightweight grid-based relay slot selection scheme in EH-WSNs. In our scheme, we use square-shaped grid and divide the network virtually to give each node primitive coordination and each intermediate node decides its relaying slot by calculating the differential of grid-index between a sender and a receiver. Based on grid-based coordination, our scheme turns multiplications into lightweight subtractions and this reduces the computational complexity and required memory. In addition, we also propose a probabilistic relaying scheme to reduce collisions in each relaying slot. We evaluate the conventional and proposed schemes through the computer simulation and show that our scheme reduces the computational complexity and achieves comparable throughput to the conventional scheme.

Concurrent Moving-Based Connection Restoration Scheme between Actors to Ensure the Continuous Connectivity in WSANs

In RFID-enabled supply chains, in order to securely deliver products, a secret sharing scheme has been proposed. An encryption key of tags is split into shares and the key can be recovered with the sufficient number of correct shares. The conventional scheme introduces sufficient number of dummy tags with bogus shares and prevents an attacker who reads all tags during shipping from obtaining tag information. The number of required dummy tags is decided so that the success probability of the attack becomes lower than that in the brute force manner. When the number of shipping products is small, too many dummy tags are required to prevent the attacker from selecting correct shares with a small number of trial. In this paper, we propose a practical scheme which reduces the number of tags by using extra legitimate tags. An encryption key and its share for legitimate tags are assigned to not only the conventional legitimate tags but also extra legitimate tags, and thus, the number of legitimate tags is virtually increased. By doing this, the number of required dummy tags can be reduced. Extra legitimate tags are separately composed from conventional legitimate tags and dummy tags, then they can be distinguished easily. We show the effectiveness of our scheme by computer simulation.