Masatsugu Ichino

Evaluating payload features for malware infection detection

Analysis of malware-infected traffic data revealed the payload features that are the most effective for detecting infection. The traffic data was attack traffic using the D3M2012 dataset and CCC DATAsets 2009, 2010, and 2011. Traffic flowing on an intranet at two different sites was used as normal traffic data. Since the type of malware (worm, Internet connection confirmation, etc.) affects the type of traffic generated, the malware was divided into three types—worm, Trojan horse, and file-infected virus—and the most effective features were identified for each type.

Fusion of iris and periocular user authentication by AdaBoost for mobile devices

Todays mobile devices are likely to store various kinds of personal information, making it important to authenticate mobile device users. Since various types of mobile devices now have cameras, there has been growing interest in authentication based on images of the areas surrounding the eye due to the case of combing with iris and periocular from an image. We propose a method for authenticating mobile device users that uses AdaBoost to derive a fusion score from iris and periocular authentication scores. The use of AdaBoost provides better performance than the use of the weighted sum of the two authentication scores.

Soft Biometrics and Its Application to Security and Business

Biometric technology enables automatic identification or verification of an individual based on the persons physiological or behavioural characteristics. Soft biometrics is a research topic that has attracted a lot of attention recently. The application of soft biometrics in security technology is very promising because it has strong privacy measures and it improves service quality because service is provided that is appropriate to each subject of the soft biometrics application, i.e., the person picked up on camera. Soft biometrics is defined as characteristics that provide some information about an individual but that lack high distinctiveness and performance to sufficiently differentiate any two individuals. We introduce here a summary of soft biometrics and its applications. We also introduce our work in this field.

Text independent speaker gender recognition using lip movement

The conventional mouth gender recognition is based on a static image and ignore the dynamic information. In this paper, we propose a lip movement gender recognition method to improve the accuracy by exploring the dynamic information while a user is speaking. In order to overcome the difficulty caused by the nonlinear distribution of the lip images, Gausian Mixture Models (GMM) is adopted to represent the lip images. A similarity measure is defined to measure the difference between the successive frames. Gender recognition, as a soft biometric trait, can provide useful information for improving the performance of the speaker recognition systems. The accuracy of voice-based speaker gender recognition is high if the condition of the environment is good. But it will be drastically decreased if the test is conducted in a noisy environment. In this paper, we showed that lip movement, considered as a sequence of mouth images, can provide additional information than mouth alone for recognizing gender Experimental result obtained showed the effectiveness of the proposed method which is comparable to using just the voice information.

Altitude estimation using mobile terminal's pressure sensor and external weather information

We investigated ways to apply the ICAO standard atmosphere to altitude estimation using the atmospheric pressure sensor in mobile terminal. Two error factors in particular were found to affect estimation accuracy. We tested an estimation method that corrects for the current sea-level pressure and current sea-level temperature by using external weather information. We were able to estimate altitude with an average error of 1-2 m by using highly reliable and accurate atmospheric pressure measured at a distance at long intervals and less reliable atmospheric pressure measured nearby at short intervals.

Ineluctable background checking on social networks: Linking job seeker's résumé and posts

A growing source of concern is that the privacy of individuals can be violated by linking information from multiple sources. For example, the linking of a persons anonymized information with other information about that person can lead to de-anonymization of the person. To investigate the social risks of such linking, we investigated the use of social networks for background checking, which is the process of evaluating the qualifications of job seekers, and evaluated the risk posed by the linking of information the employer already has with information on social networks. After clarifying the risk, we developed a system that links information from different sources: information extracted from a job seekers résumé and anonymous posts on social networks. The system automatically calculates the similarity between information in the résumé and in the posts, and identifies the job seekers social network accounts even though the profiles may have been anonymized. As a part of our system, we developed a novel method for quantifying the implications of terms in a résumé by using the posts on social networks. In an evaluation using the résumés of two job seekers and the tweets of 100 users, the system identified the accounts of both job seekers with reasonably good accuracy (true positive rate of 0.941 and true negative rate of 0.999). These findings reveal the real social threat of linking information from different sources. Our research should thus form the basis for further study of the relationship between privacy in social networks and the freedom to express opinions.

Anonymizing Face Images by Using Similarity-Based Metric

Vast numbers of face images are posted and circulated daily on social network and photo-sharing sites. Some face images are linked to the persons name, like those on user profile pages, while others are anonymized due to privacy concerns. If an anonymized face image is linked to a named one, that persons privacy is infringed. One way to overcome this privacy problem is to anonymize face images when they are posted on social networks. However, current face anonymization methods fail to meet two key requirements: being provably secure against de-anonymization and enabling users to control the trade-off between security and usability (similarity to the original face) of the anonymized face images. We are developing a similarity-based method for face anonymization that meets both requirements in those cases where a new face image of a person is to be posted when many face images including those of that person are already posted. The basic idea is to hide the new face image in s face images that are equally similar to the face image of the same person. We theoretically demonstrated that the probability of an attacker correctly linking the anonymized face image to an image of the same person is less than 1/s. We also showed theoretically and confirmed experimentally, with 150 sample face images, that the larger the s, the less usable the anonymized face image. The security of our method holds in spite of future improvements in face recognition tools.

Content-Based De-anonymisation of Tweets

Various types of personal information are accessible through the Web, and they can be accessed in number of ways. Linking of the personal information obtained with other personal information can lead to a serious violation of privacy. To address this problem, we developed a method that matches the information individuals place in a profile to the information they post on social media sites. It uses an algorithm we developed for quantifying the correlation between a word and a document even if the word itself does not appear in document.

A study on gait recognition using LPC cepstrum for mobile terminal

The use of mobile terminals has been expanding dramatically in recent years as they evolve from a means of dispatching and gathering information to a highly functional tool that supports personal lifestyles and behavior. A mobile terminal is likely to store various kinds of personal information such as a calendar and contact information as well as key data to carry out online transactions. Losing ones mobile terminal therefore creates the possibility that ones personal information may fall into the wrong hands and be used for malicious purposes. We therefore propose a method of personal authentication using sensor data in a mobile terminal. First, we applied the LPC cepstrum to this authentication and checked for validity. We also evaluated the effectiveness of gait authentication using several frames.

Evaluation of Secular Changes in Statistical Features of Traffic for the Purpose of Malware Detection

Applications and malware affecting them are dramatically changing. It isn’t certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.