Kyushu University Academic Staff Educational and Research Activities Database
Researcher information (To researchers) Need Help? How to update
Yoshiaki Kasahara Last modified date:2018.02.14





Academic Degree
Doctor of Engineering
Country of degree conferring institution (Overseas)
No
Field of Specialization
Internet
Total Priod of education and research career in the foreign country
00years00months
Outline Activities
Research topics

* Information service administration/monitoring/optimization for
better service quality

Information services are abundant in the Internet. In Kyushu University, there are various kinds of information and communication services for faculty and students through campus network, too. Due to rapidly inflating service infrastructure, some servers tend to be overlooked and are under-performing. Virtualization technology allows to introduce new services more easily, but it introduces more layers and complexity for administration.

I'm studying to improve the situation through experiences of the real service administration and operation.

* Intrusion and back door detection based on network traffic monitoring
Incidents and its damage caused by malicious activities over the Internet is increasing. To protect users from these activities, we need layered protection among end-nodes and network itself.

In this research, I focus on network-level countermeasures. As a backbone administrator of an organization, I'm studying methods to observe and detect malicious activities inside our own network. To achieve this, I'm studying methods to classify network traffic at the edge of our network without using specific signatures. Using such methods, I want to detect unknown or malicious activities which are hard to detect by traditional signature based intrusion detection system.

* other activities
I'm working on administration and maintanance of Kyushu University campus network, including detection of malicious activities inside our network, and enlightenment of end users about network security, etc.
Research
Research Interests
  • Information service administration/monitoring/optimization for better service quality
    keyword : Information System, Server Administration/Operation, Virtualization
    2012.04.
  • Intrusion and Anomaly Detection based on Network Monitoring
    keyword : Internet, Network Management and Operation, Intrusion Detection, Network Security
    2001.04Intrusion and/or anomaly detection based on network traffic monitoring, including signature based detection and statistical detection..
Current and Past Project
  • Our research themes are divided into researches of base technologies for NGI and researches of applications using NGI. i.e. Technologies for Networking,
    Security, GRID, e-Learning, Virtual Reality/Museum and
    Digital Library.
Academic Activities
Papers
1. Yoshiaki Kasahara, Takao Shimayoshi, Masahiro Obana, Naomi Fujimura, Our experience with introducing microsoft office 365 in Kyushu University, 45th ACM Annual SIGUCCS Conference, SIGUCCS 2017 SIGUCCS 2017 - Proceedings of the 2017 ACM Annual Conference on SIGUCCS, 10.1145/3123458.3123491, Part F131713, 109-112, 2017.10, Information Infrastructure Initiative of Kyushu University started serving Office 365 Education for all students and staff members at Kyushu University in November 2016. Since 2007, the university had signed Microsoft EES (Enrollment for Education Solutions) including licenses for the latest Microsoft Windows and Office suite. The EES agreement includes an advantage to provide Office 365 Education to the university members with minimum investments, and there was a demand for Skype for Business which is included in Office 365. To deploy Office 365 for our users, we first needed to configure our on-premises user authentication infrastructure to coordinate with Office 365. During trials, we had a couple of difficulties attributed to some disagreements between Microsoft's and our policy on whether the user identifier, namely the user principal name in Active Directory, was open or private. Additionally, we had to consider which services should be applied to the users, because we have been operating an on-premises email service which is competing with Microsoft Exchange mail service. In this presentation, we share our experiences in Office 365 deployment..
2. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, An Analysis of Relationship between Storage Usage Distribution and Per-User Quota Value, SIGUCCS '16 (Proceedings of the 2016 ACM SIGUCCS Annual Conference on User Services Conference), 10.1145/2974927.2974936, 153-158, 2016.11, To prevent resource (especially storage) shortage, information systems such as storage services and email services usually impose an upper bound of resource consumption (quota) per user. In a conservative way, an administrator tends to set a quota value such as the storage capacity divided by the expected maximum number of users for safety and fairness, but it tends to leave large unused storage space, because the users’ storage usage pattern shows a long-tailed distribution. In this paper, we analyzed storage usage distribution of some email services to approximate the distribution using a power-law distribution, and proposed a method to calculate an optimal quota value from a target size of storage consumption to increase storage utilization. We applied an optimal quota value we calculated to a real email service and analyzed the effect of quota change. Then, we analyzed actual distributions further to find a better model to approximate the distribution, and found that a log-normal distribution explained the distribution better than power-law. We also analyzed two other universities’ email service to find similar distribution in these systems..
3. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana, Introduction of Unchanging Student User ID for Intra-Institutional Information Service, SIGUCCS '15 (Proceedings of the 2015 ACM SIGUCCS Annual Conference on User Services Conference), 10.1145/2815546.2815578, 141-144, 2015.11, In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This paper reports the design of new user ID, ID management system we are using, and the effect of introduction of new user ID..
4. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, Naomi Fujimura, Optimization of Storage Quota Based on User's Usage Distribution, Proceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference Workshops (COMPSACW 2015), 10.1109/COMPSAC.2015.221, 149-154, 2015.07, To prevent shortage of storage space in a service
system, an administrator usually set per-user quota as an upper
limit of usable space for each user. To avoid service failure
caused by resource exhaustion, the administrator tends to set
a conservative quota value such as the storage capacity divided
by the expected maximum number of users. In this research, we
analyzed long-term storage usage history of our email system
and file sharing system in Kyushu University. Mostly through
the analyzed period, the usage pattern showed a long-tailed
distribution similar to log-normal distribution. Also the overall
storage consumption slowly increased during the analyzed period.
Based on these analysis, we defined “storage utilization ratio” to
evaluate how the storage was effectively used. By approximating
a storage utilization pattern as a power-law distribution, we
proposed a method to calculate the optimal quota value to
maximize the utilization ratio..
5. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Introduction of New Kyushu University Primary Mail Service for Staff Members and Students, SIGUCCS '14 (Proceedings of the 2014 ACM SIGUCCS Annual Conference on User Services Conference), 10.1145/2661172.2662965, 103-106, 2014.11, In the end of fiscal year 2013 (March 2014), Kyushu University Information Infrastructure Initiative introduced new Primary Mail Service for Staff Members and Students. The previous service for staff members had been built using proprietary mail and LDAP appliance, but tight user license and the nature of proprietary system caused several troubles. The previous service for students had been built using open source software (Postfix and Dovecot), but there were some issues with the old implementation of LDAP authentication. With these experiences, we decided to design a new system by merging both system using open source software including Postfix, Dovecot, OpenLDAP, and Squirrelmail. We also extended alias address setting service (previously available for students only) to all the members including staff members. In this paper, we explain the design and implementation, user migration, current status and future works of our new mail service. .
6. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Gulliver's Toss: Google's Chronic Big Load to University Mail Server and Its Sudden Resolution, Proceedings of the 2013 ACM annual conference on Special interest group on university and college computing services, 10.1145/2504776.2504815, 169-174, 2013.11, Traditionally, Kyushu University has been providing email service internally using its own domain name for staff members and students of the university. Around January 2012, we noticed that the high load of the university authentication server, and we realized that one of causes was the access from the mail server for students (called Student Primary Mail Service). Detailed analysis showed that there was chronic big load produced by Gmail's Mail Fetcher, especially toward nonexistent accounts removed due to graduation. In this paper, we explain the situation and reasons of the big load induced by Google, its possible countermeasures, and its sudden resolution by Google's silent change. .
7. Eisuke Ito, Yoshiaki Kasahara, Naomi Fujimura, Implementation and operation of the Kyushu university authentication system, Proceedings of the 2013 ACM annual conference on Special interest group on university and college computing services, 10.1145/2504776.2504788, 137-142, 2013.11, Nowadays, a university needs to build and maintain a central ID database and authentication system for better ICT (information and communication technology) services. In 2008, the headquarters of Kyushu University had defined medium-range policy of ICT infrastructure preparation, and the policy had indicated construction of a central authentication system. According to the policy, the authors elaborated an installation plan of the Kyu(Q)shu University authentication system (QUAS, for short). Since 2009, Information Infrastructure Initiative of Kyushu University, to which the authors belong, has been issuing ID cards to all employees, and also operating LDAP servers. This paper introduces the action plan and outline of QUAS. This paper also describes two recent topics of QUAS. One is high load of LDAP servers because of rapid increase of mobile devices, and the other one is development of a multifactor authentication Shibboleth Identity Provider (IdP). .
8. Yoshiaki Kasahara, Eisuke Ito, A study of network issues for implementing large-scale academic cloud service, IEICE Technical Report, 113, 240, 35-40, 2013.10, The virtualization technology of computer resources has matured enough for production services, and cloud services became popular in various fields. Cloud services are also gradually incorporated in universities' research and education activities. There is a demand for cloud infrastructure suitable for academic activities. To implement practical and user-friendly services on private, community, or public cloud services, we need to consider about network design. This paper tries to clarify network issues for implementing cloud services considering use cases, the number of instances, utilization of IP addresses, virtual private network, client access networks, and so on..
9. A Bot Detection Method Using Hierarchical Clustering Based on Mechanical Communication Behavior Model .
10. Naomi Fujimura, Tadatsugu Togawa, Yoshiaki Kasahara, Eisuke Ito, Introduction and Experience with the Primary Mail Service based on their Names for Students, ACM SIGUCCS'12, 10.1145/2382456.2382460, 11-14, 2012.10, Kyushu University provided mail service based on student IDs such as "1AB10123X" to the university students for many years. Using this model, we had problems communicating with the students who graduated from the University and enrolled in the graduate school. The students received new mail addresses based on their new student IDs such as "2AB12789Y". Faculty members were forced to change the student mail addresses in the mailing lists and in their mail client address book. Furthermore, students were forced to notify the e-mail address change to all of their existing contacts. We introduced a new mail system to provide addresses based on the student name, as well as student ID in April 2011. The new naming convention uses the following format: lastname.firstname.999 where 999 is a random number of 3 digits. Students can select some combination patterns of their first and last names for Japanese. We also consider the middle names for foreign students. In the system implementation, we did not have the formal information of alphabetical names for students. We generated alphabetical names from Japanese Katakana names. It is not easy for us to get the appropriate name in this manner. We implemented a confirmation stage of the alphabetical name at first use, and then students can select their mail addresses for their convenience. We paid much attention to the user interface in the system. Since April 2011, the number of users who use the mail address based on their own name has been increasing gradually. This paper will detail the usage status of the new system. .
11. M. Nakakuni, E. Ito, Y.Kasahara, S. Inoue, H. Dozono, Construction and Use Examples of Private Electronic Notary Service in Educational Institutions, WSEAS Transactions on Advances in Engineering Education, Issue 10, Vol. 5, 2008.10, [URL].
12. C.S. Hong, Y. Kasahara, D.H. Lee, DDoS Attack Defense Architecture Using Active Network Technology, International Conference on Computational Science and Its Applications - ICCSA 2004, 3043, 915-923, LNCS 3043, pp. 915-923, 2004.05.
Presentations
1. Yoshiaki Kasahara, Takao Shimayoshi, Masahiro Obana, Naomi Fujimura, Our experience with introducing microsoft office 365 in Kyushu University, 45th ACM Annual SIGUCCS Conference, SIGUCCS 2017, 2017.10, Information Infrastructure Initiative of Kyushu University started serving Office 365 Education for all students and staff members at Kyushu University in November 2016. Since 2007, the university had signed Microsoft EES (Enrollment for Education Solutions) including licenses for the latest Microsoft Windows and Office suite. The EES agreement includes an advantage to provide Office 365 Education to the university members with minimum investments, and there was a demand for Skype for Business which is included in Office 365. To deploy Office 365 for our users, we first needed to configure our on-premises user authentication infrastructure to coordinate with Office 365. During trials, we had a couple of difficulties attributed to some disagreements between Microsoft's and our policy on whether the user identifier, namely the user principal name in Active Directory, was open or private. Additionally, we had to consider which services should be applied to the users, because we have been operating an on-premises email service which is competing with Microsoft Exchange mail service. In this presentation, we share our experiences in Office 365 deployment..
2. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, An Analysis of Relationship between Storage Usage Distribution and Per-User Quota Value, 2016 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '16), 2016.11, [URL], To prevent resource (especially storage) shortage, information systems such as storage services and email services usually impose an upper bound of resource consumption (quota) per user. In a conservative way, an administrator tends to set a quota value such as the storage capacity divided by the expected maximum number of users for safety and fairness, but it tends to leave large unused storage space, because the users’ storage usage pattern shows a long-tailed distribution. In this paper, we analyzed storage usage distribution of some email services to approximate the distribution using a power-law distribution, and proposed a method to calculate an optimal quota value from a target size of storage consumption to increase storage utilization. We applied an optimal quota value we calculated to a real email service and analyzed the effect of quota change. Then, we analyzed actual distributions further to find a better model to approximate the distribution, and found that a log-normal distribution explained the distribution better than power-law. We also analyzed two other universities’ email service to find similar distribution in these systems..
3. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana, Introduction of Unchanging Student User ID for Intra-Institutional Information Service, 2015 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '15), 2015.11, [URL], In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This paper reports the design of new user ID, ID management system we are using, and the effect of introduction of new user ID..
4. Yoshiaki Kasahara, POODLE and related SSL vulnerabilities, Network Security Workshop in APAN 39th Meeting, 2015.03, [URL], In October 2014, Google Security Team discovered and published yet-another SSL vulnerability called POODLE (Padding Oracle On Downgraded Legacy Encryption), which allows a man-in-the-middle attacker to decipher an encrypted text without knowing the encryption key (one byte per 256 requests). It induced urged action to exterminate SSLv3 support from various services in the Internet, but it also caused troubles with some users. In this talk, Ill try to summarize what is POODLE attack, how it works, its workaround, and influence on ordinary users..
5. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Introduction of New Kyushu University Primary Mail Service for Staff Members and Students
, 2014 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '14), 2014.11, [URL], In the end of fiscal year 2013 (March 2014), Kyushu University Information Infrastructure Initiative introduced new Primary Mail Service for Staff Members and Students. The previous service for staff members had been built using proprietary mail and LDAP appliance, but tight user license and the nature of proprietary system caused several troubles. The previous service for students had been built using open source software (Postfix and Dovecot), but there were some issues with the old implementation of LDAP authentication. With these experiences, we decided to design a new system by merging both system using open source software including Postfix, Dovecot, OpenLDAP, and Squirrelmail. We also extended alias address setting service (previously available for students only) to all the members including staff members. In this paper, we explain the design and implementation, user migration, current status and future works of our new mail service..
6. Yoshiaki Kasahara, OpenSSL Heartbleed and aftermath, Network Security Workshop in APAN 38th Meeting, 2014.08, [URL], Recently revealed OpenSSL's "Heartbleed" vulnerability had shaken various parts of the Internet community abruptly. In this talk, I'll (re-)introduce some recent vulnerabilities including "Heartbleed," and some interesting events around them..
7. Yoshiaki Kasahara, DNS Amp and its mitigation, Network Security Workshop in APAN 37th Meeting, 2014.01, [URL], DNS is one of the fundamental and indispensable services in the Internet. Almost all the services rely on it. Because DNS is (basically) UDP based protocol, there are some security issues such as poisoning and amplification attack. In this talk, I'll explain DNS Amp attack and its mitigation with some experience in Kyushu University campus network..
8. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Gulliver's Toss: Google's Chronic Big Load to University Mail Server and Its Sudden Resolution, 2013 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '13), 2013.11, [URL], Traditionally, Kyushu University has been providing email service internally using its own domain name for staff members and students of the university. Around January 2012, we noticed that the high load of the university authentication server, and we realized that one of causes was the access from the mail server for students (called Student Primary Mail Service). Detailed analysis showed that there was chronic big load produced by Gmail's Mail Fetcher, especially toward nonexistent accounts removed due to graduation. In this paper, we explain the situation and reasons of the big load induced by Google, its possible countermeasures, and its sudden resolution by Google's silent change..
9. Yoshiaki Kasahara, Eisuke Ito, A Study of Network Issues for Implementing Large-scale Academic Cloud Service, IEICE Workshop on Internet Architecture 2013 (IA2013), 2013.10, The virtualization technology of computer resources has matured enough for production services, and cloud services became popular in various fields. Cloud services are also gradually incorporated in universities' research and education activities. There is a demand for cloud infrastructure suitable for academic activities. To implement practical and user-friendly services on private, community, or public cloud services, we need to consider about network design. This paper tries to clarify network issues for implementing cloud services considering use cases, the number of instances, utilization of IP addresses, virtual private network, client access networks, and so on..
10. Yoshiaki Kasahara, Yasuichi Kitamura, APAN CIF Server Update, Network Security Workshop in APAN 36th Meeting, 2013.08, From 2012, APAN Security WG is working with REN-ISAC (Research and Education Networking Information Sharing and Analysis Center) for a test pilot of federated sharing of security intelligence information over Collective Intelligence Framework (CIF) developed by REN-ISAC. Until recently we were running CIFv0, but due to underlying OS upgrade/reinstall, now we need to migrate to CIFv1, which is still in testing stage. In this talk, we will introduce the current status of APAN CIF server and its software upgrade experience..
11. A feasibility study of educational system on IaaS cloud.
12. Eisuke Ito, Yoshiaki Hori, Yoshiaki Kasahara, Koji Inoue, A Study of VCL in Graduate School of ICT, IPSJ SIG Technical Report, Vol. 2013-CLE-9, No.9, pp.1-6, 2013..
13. Kevin Benton, Gabriel Iovino, Yoshiaki Kasahara, Yasuichi Kitamura, International Collaboration for Security Event Information Sharing , Tech in Paradise 2013, 2013.01, [URL], At the Summer 2009 JointTechs, the REN-ISAC Security Event System (SES) was introduced. SES provides for collection of security event data from participating institutions, data correlation, and output of threat indicators. Participants use the indicators in local protections, such as IDS and sinkholes, and in incident analysis. SES is a production tool serving the REN-ISAC community.

SES continues to evolve, as the Collective Intelligence Framework (CIF), receiving National Science Foundation support. CIF provides additional capabilities, including a broader base of data from public, private, and participant sources, additional data types, scaling, improved API, and inter-federated sharing. Core indicator sharing occurs within a multi-institutional trust community, such as within the community of REN-ISAC members. In CIF inter-federated, data collected in one trust community can be exchanged, through policy, with other communities. Among TransPAC3 project deliverables, linking APAN and US networks, is to engage the respective communities to address security threats and incidents. In that context, US and APAN researchers established pilot inter-federation sharing of security event information among CIF systems, one operated by REN-ISAC at Indiana University, and another by researchers at Kyushu University and APAN-JP. This presentation provides background on CIF, and details the APAN-US international security information sharing pilot. .
14. Yoshiaki Kasahara, Eisuke Ito, Yoshiaki Hori, Naomi Fujimura: Google makes a chronic big load to university mail server, IPSJ SIG Technical Report Vol.2012-IOT-19 No.5, Sep.28, 2012..
15. Yoshiaki Kasahara, Yasuichi Kitamura, Toward federated sharing of security intelligence information over Collective Intelligence Framework (CIF), Network Security Workshop in APAN 34th Meeting, 2012.08, [URL], REN-ISAC (Research and Education Networking Information Sharing nd Analysis Center - http://www.ren-isac.net/) has been working for SES (Security Event System) Project. CIF (Collective Intelligence Framework) is a framework developed through the project as an open source tool/framework to collect intelligence concerning malicious actors and reputation of Internet elements. As SESv3, they started to explore inter-federation information sharing, and APAN Security WG is involved as one of counterparts. In this talk, I'll (re)introduce CIF, explain the current status of the cooperation, and call for more participants from APAN community..
16. , [URL].
17. Akira Ono, Eiji Abe, Masanori Nakakuni, Yoshiaki Kasahara, Eisuke Ito: A study of community based authorization on distributed SSO platform, IPSJ Kyushu Chapter Symposium 2009.
18. SPAM Sender Detection by using SMTP Traffic Monitoring.
19. Bot Detection Based on Observation of Behavior Focusing on Data Transmission Interval.
20. Masanori Nakakuni, Eisuke Ito, Yoshiaki Kasahara and Horoshi Dozono: Private Electronic Notary Service in Universities and Its Utilization in Education, Proceedings of the 4th WSEAS/IASME Int. Conf. on EDUCATIONAL TECHNOLOGIES (EDUTE'08), CD-ROM, (2008.10)..
21. Yoshiaki Kasahara: Confidentiality and Anonymity over the network, APII Workshop 2008 (Panel Discussion), March 2008., [URL].
22. Eisuke Ito, Yoshiaki Kasahara, Megumi Nogita and Takahiko Suzuki:
Institutional authentication platform for trustful inter/intra-institutional ubiquitous services,
Proc. of the 2nd International Conference of Ubiquitous Information Technology (2nd ICUT), pp.103-108, Dec.20-22, 2007..
23. Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai:
"Bot Detection based on Traffic Analysis",
IEEE Computer Society, The 2007 International Conference on Intelligent
Pervasive Computing, pp303-306,
October 2007.
24. Eisuke Ito, Yoshiaki Kasahara, Megumi Nogita, Takahiko Suzuki: Wireless LAN roaming on ID-Federation environment - A case study for UPKI and eduroam in Kyushu University -, 2007-DPS-132/2007-GN-65/2007-EIP-37, pp. 141-146, Sep. 2007.

.
25. Megumi Nogita, Yoshiaki Kasahara, Eisuke Itoh, Takahiko Suzuki: A Study of Identifier Naming Conventions Suitable for User Authentication, Technical report of IEICE. ISEC Vol.106, No.411(20061206), pp. 67-72, Dec. 2006 .
Membership in Academic Society
  • Information Processing Society of Japan
  • The Institute of Electronics, Information and Communication Engineers