Yoshiaki Hori

An effective SVD-based image tampering detection and self-recovery using active watermarking

In this paper, an effective tamper detection and self-recovery algorithm based on singular value decomposition (SVD) is proposed. This method generates two distinct tamper detection keys based on the singular value decomposition of the image blocks. Each generated tamper detection and self-recovery key is distinct for each image block and is encrypted using a secret key. A random block-mapping sequence and three unique optimizations are employed to improve the efficiency of the proposed tamper detection and the robustness against various security attacks, such as collage attack and constant-average attack. To improve the proposed tamper localization, a mixed block-partitioning technique for 4×4 and 2×2 blocks is utilized. The performance of the proposed scheme and its robustness against various tampering attacks is analyzed. The experimental results demonstrate that the proposed tamper detection is superior in terms of tamper detection efficiency with a tamper detection rate higher than 99%, security robustness and self-recovery image quality for tamper ratio up to 55%. HighlightsA novel SVD-based image tamper detection and self-recovery by active watermarking is proposed.A new aspect of singular values for each images block is utilized to improve the detection rate.The combination of 4×4 and 2×2 block sizes improved the recovered images quality.The proposed optimizations improved the schemes security against several malicious attacks.The results showed the superiority of the algorithm in terms of accuracy, security and recovery.

Detection of Android API Call Using Logging Mechanism within Android Framework

Android based smartphones have become popular. Accordingly, many malwares are developed. The malwares target information leaked from Android. However, it is difficult for users to judge the availability of application by understanding the potential threats in the application. In this paper, we focus on acquisition of information by using a remote procedure call when we invoke the API to acquire phone ID. We design a methodology to record invocation that are concerned the API by inserting Log.v methods. We examined our method, and confirm empirically the record of the call behavior of the API to acquire phone ID.

A Proposal for Detecting Distributed Cyber-Attacks Using Automatic Thresholding

Distributed attacks have reportedly caused the most serious losses in the modern cyber environment. Thus, how to avoid and detect distributed attacks has become one of the most important topics in the cyber security community. Of many approaches for avoiding and detecting cyber-attacks, behavior-based method has been attracting great attentions from many researchers and developers. It is well known that, for behavior-based cyber-attack detections, the algorithm for extracting normal modes from historic traffic is critically important. In this paper, after the newest algorithms for extracting normal behavior mode from historic traffics are discussed, a novel algorithm is proposed. Its efficiency is examined by experiments using dark net traffic data.

Development of Network User Authentication System Using OpenFlow

Although a university is a public space, only members can use the network of the university. Therefore, when members use the network, it is necessary to authenticate. We are using Single Sign-On authentication by shibboleth authentication in Saga University. On the other hand, the concept of SDN (Software Defined Network) came out. This is a way of thinking that we can control a network by software. Open Flow is new implementation to control a network and well known as a standard of SDN recently. In this research, we have developed a flexible network user authentication system by combine shibboleth authentication and OpenFlow-controller which has been programmed.

Secrecy Capacity of Wireless LAN

We address secure secret key distribution in wireless communication systems. There is the secrecy capacity concept that it can distribute information which the third parties can not eavesdrop because of the noise over the distribution channel. Then, we address secure secret key distribution in wireless communication systems using secrecy capacity concept. Wireless channel is noisier compared with wired channel. Specifically, we investigate about wiretap channel coding that it can implement in the existing wireless LAN systems. We have investigated the coding parameters and the conditions that it can implement.

A behavior-based online engine for detecting distributed cyber-attacks

Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.

Behavioral Anomaly Detection System on Network Application Traffic from Many Sensors

For a computer network in the era of big data, we discuss a behavioral anomaly detection system which makes it possible to analyze and immediately detect anomaly traffic behavior. Many sensor devices connect to the network and tend to generate their application traffic at quite a low communication rate. In order to observe necessary traffic information for traffic analysis in a short time, the monitoring system integrates traffic statistics of flows sent from devices which are considered to generate the same application. It detects anomaly traffic behavior on the basis of application analysis using NMF(Non-Negative Matrix Factorization).

A Detection System for Distributed DoS Attacks Based on Automatic Extraction of Normal Mode and Its Performance Evaluation

Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.

A Comprehensive Security Analysis Checksheet for OpenFlow Networks

Software-defined networking (SDN) enables the exible and dynamic configuration of a network, and OpenFlow is one practical SDN implementation. Although it has been widely deployed in actual environments, it can cause fatal aws. In this paper, we consolidate the security threats to OpenFlow mentioned in previous work and introduce a new security checksheet that includes risk assessment methods. We compare the Kreutz et al. threat vectors with the SDNSecurity.org attack list to discover new threats. Our checksheet enables the security of a given OpenFlow network design to be comprehensively assessed. Furthermore, we evaluate the performance of an OpenFlow network with two attack scenarios using the checksheet and identify critical performance degradations.

Detection of Android ad library focusing on HTTP connections and view object redraw behaviors

In recent years, the smart phone application market has expanded rapidly. One of reasons is the popularity of free applications. A developer acquires his revenues by including advertising libraries in his own application. However, some problems about these advertising libraries become clear from recent researches. Especially in the leakage of privacy information is known as a typical problem which advertising libraries cause. In order to solve this problem, the technology which detects advertisement libraries is important. In this paper, we propose a method for detection of Android ad library. We focus on the acquisition and redraw of advertising image operation which are the basic operations of mobile advertisement. Firstly, we tried running some applications with advertisements. Then, It turned out that mobile advertisements acquire advertising images from server and set that image on the screen at a fixed interval. By modifying AndroidOS, logging HTTP connections and View object redraw behaviors, we confirmed the ad image acquisition behavior. Moreover, to take advantage of the periodicity of this behavior, we carried out Fourier-transform the invocation time data of HTTP connections and redraw of View objects. Then, we extracted the periodicity by calculating correlation coefficient for these two data. From the value of correlation coefficient, it is possible to judge whether advertisement library is incorporated into an application or not. As a result, our proposal method results in a output of about 76 % detection rate.