Nobutaka Kawaguchi

Building suspiciousness cascading graph over multiple hosts for detecting targeted attacks

In this paper, we propose a novel approach to detect a targeted attack by visualizing the paths of lateral movement in which the attacker compromises several hosts in the targeted network step by step to achieve his final goal. To this end, we first identify a pair of hosts that has a relationship in which a host can have compromised the other host based on the suspiciousness of their activities and communication patterns between them. Then we cluster such pairs as a graph visualizing an attack path. The attack is finally detected based on the graph size. Since this approach is agnostic to specific signatures, it can cope with a wide variety of attacks. The evaluation experiments show our approach achieves both the high detection rate of 97%, and the low false positives, which is 10% of an existing approach.

Detection and control system for Peer-to-Peer file exchange application

As P2P (Peer-to-Peer) file sharing software is widely deployed, it causes some serious problems, such as network traffic congestion, unwanted file sharing by computer viruses that abuse P2P software, and so on. Detecting and controlling traffic of P2P software is an important issue to solve these problems. In this paper, we propose a basic architecture to observe large-scale network traffic, identify the P2P traffic and control them. This architecture consists of four units, the observation unit, the analysis unit, the control unit and the managing unit. We evaluate the architecture using lOGbps full duplex traffic, and demonstrate that this system can control the P2P traffic properly.