Tetsuro Kito

Development of qualification of security status suitable for cloud computing system

Cloud services have recently been expanding rapidly, but business users are still in the minority compared with consumer users. From the viewpoint of organizational risk management, it is necessary to control the risks of the cloud computing environment used as part of an organizations information system in order to minimize any negative influence on the organizations mission or business processes. In a previous article, the authors divided cloud security metrics into two security levels. One level shows how the security metrics influence the mission or business processes in 27 dimensions. The other level shows the security status at the time and the influence range when an incident occurs. This article focuses the latter variable security level and describes the results of developing a cloud security visualization system that was designed based on collection, analysis, and visualization architecture to calculate the level. From the viewpoint of security risk management, the system is considerered to be effective for cloud service providers because it reduces the time needed to investigate the cause of incidents and to recover from them, it helps in triage assessment when many incidents happen simultaneously, and it can detect warnings of an incident and forestall such incidents before they occur.

Enhancing Network Based Bot Detection with Contextual Information

In this paper, we propose a bot detection method that enhances traffic analysis of Network based IDS (NIDS) by using process contextual information obtained from monitored machines. Existing NIDS classifies hosts suspected of doing both of the Command and Control (C&C) communication and infection activities as bots. However, this approach cannot conduct finer-grained analysis than IP address level, and which leads to false positives and negatives. To address this problem, this proposed method enables NIDS to achieve process-grained detection by feeding the contextual information of the processes that perform network activities. Through experiments using a prototype implementation on Xen and a bot sample, we demonstrate that the proposed method enables to detect bots appropriately.

Detection and control system for Peer-to-Peer file exchange application

As P2P (Peer-to-Peer) file sharing software is widely deployed, it causes some serious problems, such as network traffic congestion, unwanted file sharing by computer viruses that abuse P2P software, and so on. Detecting and controlling traffic of P2P software is an important issue to solve these problems. In this paper, we propose a basic architecture to observe large-scale network traffic, identify the P2P traffic and control them. This architecture consists of four units, the observation unit, the analysis unit, the control unit and the managing unit. We evaluate the architecture using lOGbps full duplex traffic, and demonstrate that this system can control the P2P traffic properly.