| 小出 洋(こいで ひろし) | データ更新日:2024.04.24 |
教授 /
情報基盤研究開発センター
情報システムセキュリティ研究部門
大学院システム情報科学研究府 情報理工学専攻 先端情報システム工学講座
| 1. | 井上 幸紀, 小出 洋, 複数のプロキシを使用した経路変更Moving Target Defenseによるマルウェア検知・隔離, 情報処理学会九州支部, 2022.03, [URL], 近年のインターネットの普及により社内ネットワークを導入する企業が増加している. こうした社内ネットワークは大きな利便性をもたらすものの, こうした内部ネットワークを標的とするサイバー攻撃やウイルスもまた増加している.さらに,一つのターゲットに狙いを絞り複数の段階を経て長期的かつ計画的に攻撃を行う標的型攻撃による被害も報告されている.こうした標的型攻撃では,攻撃者は標的のネットワーク内部に侵入してもすぐに攻撃を実施するわけではなく,更なる攻撃のため標的ネットワークの構成の把握やバックドアの設置,管理者権限への昇格などを試みる場合が多い.そのため内部に侵入したマルウェアを監視して検知や隔離を行うことにより被害を小さくすることができる.本研究では複数のプロキシノードを切り替えて経路を変化させる Moving Target Defense(MTD) を用いたシステムを構築し, ネットワーク内のマルウェアを検知, 隔離するということを目的とする. この手法によって内部ネットワーク内に侵入し攻撃を行うマルウェアを検知してサイバー攻撃からシステムを防御することが可能になる. 本論文では提案したシステムのモデルを構築し, マルウェア検知と隔離について性能を評価した. その結果, 提案手法が有効であることが確認できた.. |
| 2. | Yihui, Y., Koide, H., Sakurai, K, Anomaly Detection of C&C Traffic using Chebyshev Theorem and Machine learning Based on URL Anomaly features, 電子情報通信学会 総合大会, 2021.03. |
| 3. | Mbow Mariama, Hiroshi Koide,Kouichi Sakurai, Adversarial Attack Against Network Intrusion Detection Systems with Deep Learning, 情報処理学会九州支部火の国シンポジウム, 2021.03. |
| 4. | 桝本武志,小出 洋, ネットワークレベルのMTDによるWebアプリケーションのサイバー攻撃からの防御, 情報処理学会九州支部火の国シンポジウム, 2020.03. |
| 5. | 寺嶋友哉,小出 洋, 分散環境における拡張性を持つサイバーレンジ構築手法の提案と評価, 情報処理学会九州支部火の国シンポジウム, 2020.03. |
| 6. | 田島裕也,小出 洋, 自己隠蔽挙動に基づいたIoTボットの振る舞い検知, 情報処理学会九州支部火の国シンポジウム, 2020.03. |
| 7. | YAN YIHUI, 櫻井 幸一, 小出 洋, URLとDNSの異常特性に基づくC&Cトラフィック異常検出システム, 情報処理学会九州支部火の国シンポジウム, 2020.03. |
| 8. | 長井克海,小出洋,櫻井幸一, インシデント対応における非技術的な能力の向上を目的とした訓練の提案と評価, 2020年暗号と情報セキュリティシンポジウム, 2020.01. |
| 9. | Hao Zhao, Yaokai Feng, Hiroshi Koide, Kouichi Sakurai, An ANN Based Sequential Detection Method for Balancing Performance Indicators of IDS, 7th International Symposium on Computing and Networking, CANDAR 2019, 2019.11, [URL], In recent years, the number of cyber attacks has been increasing rapidly and network security has become an important issue. As a vital component of defense against network threats, intrusion detection system (IDS) was introduced and machine learning algorithms have been widely used in such systems for high detection performance. There are several evaluation indices such as false positive rate, false negative rate, and so on. A problem is that these indices are often related to each other. For example, while we try to decrease the false positive rate, the false negative rate often tends to increase, and vice versa. In this study, we proposed an ANN based sequential classifier method to mitigate this problem. Specifically, we try to train ANN to have a low false positive rate, despite which may lead to high false negative rate. Then, the reported negative instances are sent to the next ANN to make a further investigation, where the false negative instances reported at the previous ANN may be classified correctly. In this way, the final false negative rate can also be improved greatly. The results of the experiment shows that the proposed method can bring lower false negative rate and higher accuracy of detection while making the false positive rate at an acceptable level. Moreover, the optimum number of ANNs for our proposal is also investigated and discussed in this study.. |
| 10. | Katsumi Nagai, Hiroshi Koide, Kouichi Sakurai, Proposal and evaluation of a security incident response training method using programming, 20th Annual Conference on Information Technology Education, SIGITE 2019, 2019.09, [URL], Nowadays, there are various cyber-attacks in the world. In terms of dealing with cyber incident, there are many non-technical factors. Table Top Exercises are available for improving it but need some fund, time and trainers who conduct it more smoothly. So, in this work, we propose a security incident response training method using programming. It aims to improve some non-technical skills. Our proposal is actually executed with questionnaires.. |
| 11. | Longjian Ye,小出 洋,Yaokai Feng,Dirceu Cavendish,櫻井 幸一, 分散XML処理のための複数経路を用いたルーティングアルゴリズムの提案と評価, 情報処理学会火の国シンポジウム2019予稿集, 2019.03. |
| 12. | 久保田 康平,小出 洋, Webアプリケーションのための攻撃手法の収集~攻撃者の誘導手法の実装と評価~, 情報処理学会火の国シンポジウム2019予稿集, 2019.03. |
| 13. | 趙 浩.小出 洋,馮 尭鍇,櫻井 幸一, U2RおよびR2L攻撃の効率的な検出に向けて, 情報処理学会火の国シンポジウム2019予稿集, 2019.03. |
| 14. | Ye Longjian, Hiroshi Koide, Dirceu Cavendish, Kouichi Sakurai, Efficient shortest path routing algorithms for distributed XML processing, 15th International Conference on Web Information Systems and Technologies, WEBIST 2019, 2019.01, This paper analyses the problem of efficiently routing XML documents on a network whose nodes are capable of distributed XML processing. The goal of our study is to find network paths for which XML documents' transmission will result in high likelihood that a large portion of the documents be processed within the network, decreasing the amount of XML processing at documents arrival at the destination site. We propose several routing algorithms for single route and multipath routing and evaluate them on a distributed XML network simulation environment. We show the benefits of the proposed XML routing algorithms as compared with widespread minimum hop routing strategy of the Internet.. |
| 15. | Wai Kyi Kyi Oo, Hiroshi Koide, Danilo Vasconcellos Vargas, Kouichi Sakurai, A new design for evaluating moving target defense system, 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, 2018.12, [URL], Moving Target Defense (MTD) concept has been a feasible idea for reducing the possibility of attack happening through alternation attack surfaces or diversification the attribute or parameters of a protected system. As a result of applying MTD techniques to the system, an attacker would have more difficulties in exploiting a vulnerabilities of the target system. This study proposes an evaluation method of MTD systems combined with several different MTD techniques. The proposed method is a primary step in designing an evaluation model for the effectiveness of MTD. The main goal is to estimate the attack success ratio on the MTD systems mitigating from threats of executable binary file or malware injection. With the proposed evaluation method, we expect to prove that the MTD technology can enhance the security of a web server, and can be applied in a real-world information system. As our preliminary work done, we set up a prototype framework to validate the proposed work in a pseudo-experimental environment.. |
| 16. | Yao Xu, Hiroshi Koide, Danilo Vasconcellos Vargas, Kouichi Sakurai, Tracing MIRAI malware in networked system, 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, 2018.12, [URL], In 2021, it is anticipated that there will be approximately 30 billion Internet of Things (IoT) devices. The tremendous aggregate value of the IoT makes it a tempting and lucrative target for cyber criminals. The breakout of Mirai malware, which compromises poorly secured IoT devices with factory-default username and passphrase to launch Distributed Denial of Service (DDoS) attacks, has raised broad awareness towards the need for increased IoT security. To better defend against Mirai infection and spread, it is critical to know how the malware operates as the first step. In this paper, we give a combined static and dynamic analysis of Mirai, basing on the results of which, we introduce the application of Threat Tracer. Threat tracer is an information system simulator initially developed to help design a system robust against Advanced Persistent Attacks(APT). It offers an intuitive track on how a cyber threat behaves in a complicated networked system. The feedback simultaneously contributes to revealing vulnerabilities of a system. Our work focuses on the replication of Mirai Malware's operating processes in Threat Tracer simulation. By achieving doing so, we believe it could offer a comprehensible description of how Mirai acts. Also, considering the continuous emergence of Mirai variants, the simulation serves as a predictor on upcoming threats' behavior patterns.. |
| 17. | Wai Kyi Kyi Oo, Hiroshi Koide, Danilo Vasconcellos Vargas, Sakurai Kouichi, An Implementation of Moving Target Defense Technology on Web System, ISIP2018, 2018.05. |
| 18. | 近藤 秀樹,高橋 真奈茄,小出 洋, 実践的プログラミング教育の支援のための学習者の分類手法の実装と評価, 情報処理学会プログラミング研究会, 2018.02. |
| 19. | 野見山賢人,小出 洋, Web アプリケーションに対する攻撃検出・防御システム Hoppin の設計・実装, 情報処理学会プログラミング研究会, 2018.01. |
| 20. | 野見山賢人,小出 洋, Webアプリケーションのための攻撃検出と防御, 情報処理学会コンピュータセキュリティシンポジウム, 2017.10. |
| 21. | Hiroshi Koide, Kento Nomiyama, Research on Attack Detection for Network Applications, 12th International Conference on Internet Technology, 2017.06. |
| 22. | Takatoshi Murakami, Shuhei Kumano, Hiroshi Koide, An implementation of tracing attacks on advanced persistent threats by using actors model, 2014 Joint 7th International Conference on Soft Computing and Intelligent Systems, SCIS 2014 and 15th International Symposium on Advanced Intelligent Systems, ISIS 2014, 2014.02, Actors model, a general model of concurrent computation, is often used for specified applications. The attacks tracer on advanced persistent threats, APTs, is one of such applications. It investigates the act of information system consists of several elements, like routers, servers, terminals and networked applications. The authors describe an implementation of the attacks tracer by using actors model. The authors also show the actors model is more suitable to implement this application than other previous models.. |
| 23. | Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Distributed XML processing over multicore servers, 10th International Conference on Web Information Systems and Technologies, WEBIST 2014, 2014, Nowadays, multicore CPU become popular technology to enhance services quality in Web services. This paper characterizes parallel distributed XML processing which can off-load the amount of processing at their servers to networking nodes with varying number of CPU cores. Our implemented distributed XML processing system sends XML documents from a sender node to a server node through relay nodes, which process the documents before arriving at the server. When the relay nodes are connected in tandem, the XML documents are processed in a pipelining manner. When the relay nodes are connected in parallel, the XML documents are processed in a parallel fashion. For well-formedness and grammar validation tasks, the parallel processing reveals inherent advantages compared with pipeline processing regardless of document type, number of CPU cores and processing environment. Moreover, the number of CPU cores impacts efficiency of distributed XML processing via buffer access contention.. |
| 24. | Natsuki Kai, Ryoji Nishinohara, Hiroshi Koide, A SIMD parallelization method for an application for LSI logic simulation, 41st International Conference on Parallel Processing Workshops, ICPPW 2012, 2012, This paper proposes and evaluates a SIMD parallelization method for an application for LSI logic simulation. The proposal method converts a net list into a parallel and distributed program code so as to make the code SIMD parallelized. As experiments to evaluate our proposal method, tasks in SIMD arithmetic logical units on Cell/B.E., and we measure that elapsed time. In the results of experiments, over 80% tasks are SIMD parallelized and the program with a shuffle instruction and a SIMD instruction reduces computation time by over 90%.. |
| 25. | Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Distributed XML processing over various topologies Pipeline and parallel processing characterization, 8th International Conference on Web Information Systems and Technologies, WEBIST 2012, 2012, This paper characterizes distributed XML processing on networking nodes. XML documents are sent from a client node to a server node through relay nodes, which process the documents before arriving at the server. According as the node topology, the XML documents are processed in a pipelining manner or a parallel fashion. We evaluate distributed XML processing with synthetic and realistic XML documents on real and virtual environments. Characterization of well-formedness and grammar validation processing via pipelining and parallel models reveals inherent advantages of the parallel processing model.. |
| 26. | Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Distributed XML processing over various topologies Characterizing XML document processing efficiency, 7th International Conference on Web Information Systems and Technologies, WEBIST 2011, 2012, This study characterizes distributed XML processing on networking nodes. XML documents are sent from a client node to a server node through relay nodes, which process the documents before arriving at the server. When the relay nodes are connected in tandem, the XML documents are processed in a pipelining manner. When the relay nodes are connected in parallel, the XML documents are processed in a parallel fashion. We evaluate distributed XML processing with synthetic and realistic XML documents. Well-formedness and grammar validation pipelining and parallel processing characterization reveals inherent advantages of the parallel processing model.. |
| 27. | Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Characterizing distributed XML processing Moving XML processing from servers to networking nodes, 7th International Conference on Web Information Systems and Technologies, WEBIST 2011, 2011, This study characterizes distributed XML processing on networking nodes. XML documents are sent from a client node to a server node through relay nodes, which process the documents before arriving at the server. When the relay nodes are connected tandem, the XML documents are processed in a pipelining manner. When the relay nodes are connected parallel, the XML documents are processed in a parallel fashion. Well-formedness and grammar validation pipelining and parallel processing characterization reveals inherent advantages of the parallel processing model.. |
| 28. | Yuki Nakamizo, Hiroshi Koide, Kazumi Yoshinaga, Dirceu Cavendish, Yuji Oie, MVA modeling of multi-core server distributed systems, 3rd IEEE International Conference on Intelligent Networking and CollaborativeSystems, INCoS 2011, 2011, In this paper, we propose an extension to our previous MVA based methodology for estimating performance of transactions executed on multi-server systems for multicore servers. The extension is based on the characterization of message processing service times for each server core under zeroload conditions, and building an MVA model that accounts for each available core. Core utilization is characterized, as well as message routing probabilities within the multi-core machine. We illustrate the extended methodology on a prototype multi-server system.. |
| 29. | Kazumi Yoshinaga, Washizu Shohei, Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Characterizing transactions with data transfer on multi-server systems, 2nd International Conference on Intelligent Networking and Collaborative Systems, INCOS 2010, 2010, In this paper, we propose an extension to our previous MVA based methodology for estimating performance of transactions executed on multi-server systems to transactions involving variable data transfers. The extension is based on the characterization of data transfers between servers under zeroload conditions, and a curve fitting step to capture server message processing time dependency with the size of the data transferred. We illustrate the extended methodology on two prototype multiserver systems.. |
| 30. | Dirceu Cavendish, Yuji Oie, Hiroshi Koide, Mario Gerla, A mean value analysis approach to transaction performance evaluation on multi-server systems, IEEE Symposium on Computers and Communications 2009, ISCC 2009, 2009, In this paper, we introduce a Mean Value Analysis based methodology for performance evaluation of transactions executed in a multi server distributed system. We first present probabilistic arguments to investigate under which conditions MVA models provide worst case response times, without large overshoots. Then, we show how to characterize the distributed server system so as to construct a model to predict response times as well as estimate system capacity. Finally, we exemplify the methodology usage via transactions implemented in two distributed Linux systems.. |
| 31. | Dirceu Cavendish, Yuji Oie, Hiroshi Koide, Mario Gerla, Characterizing transactions on multi-server systems, International Conference on Intelligent Networking and Collaborative Systems, INCoS 2009, 2009, In this paper, we demonstrate how to characterize transactions executed on multi-server systems. The characterization is performed with the help of readily available open source components, and is used to build a Mean Value Analysis model in order to estimate transaction response times for arbitrary loads, as well as system capacity. Although an E-Commerce system is used, the characterization method described is applicable to any multi-server system.. |
| 32. | Toshiyuki Imamura, Yuichi Tsujita, Hiroshi Koide, Hiroshi Takemiya, An architecture of stampi MPI library on a cluster of parallel computers, 7th European Parallel Virtual Machine and Message Passing Interface Users’ Group Meeting, PVM/MPI 2000, 2000.01, In this paper, we present a communication library which extends an MPI application on a single parallel machine to a cluster of parallel machines. Stampi provides some functionality which are required for constructing distributed applications and environments based on the MPI2 standard with a focus on dynamic process management. Since the mechanism of communication bridge is transparent for users, it is very useful to assemble and link MPI applications on meta-computer systems. Furthermore Stampi supports novel functions; one is the communication between a Java applet to the backend parallel computer. Another is supporting remote file-IO. Both give us a framework of distributed resource management based on an MPI communication infrastructure. This paper covers the architecture of Stampi.. |
| 33. | Mitsugu Suzuki, Hiroshi Koide, Motoaki Terashima, Moa — a fast sliding compaction scheme for a large storage space, International Workshop on Memory Management, IWMM 1995, 1995.01, [URL], The design and analysis of a new GC scheme called MOA is presented with its implementation on PLisp (Portable Lisp). MOA is "stop-and-collect" type GC and is based on a Morris's sliding compaction scheme. MOA has the excellent features such as: (1) it can perform sliding compaction with a time proportional nearly to the size of all data objects in use, (2) it requires an additional space of a small size to achieve such a time cost saving, (3) it can skip a GC process for a special cluster called an "anchor", reducing the total GC processing time considerably. MOA has been successfully implemented on PLisp which provides a large amount of storage space. MOA is superior to other GC based on conventional sliding compaction and copying collection, as shown in several experiments.. |
| 34. | Hiroshi Koide, Generated order preserving real-time garbage collection, Proceedings of the 1995 2nd International Workshop on Real-Time Computing Systems and Applications, 1995, This paper proposes a new real-time garbage collection that always preserves the order of object creation. Some programming languages and application programs need to preserve the generated order of objects. The proposed method is the first type of the garbage collection that can be used to make them run in real-time. Since the generated order preserving scavenging garbage collection is partly employed, the complexity of the proposed method is not related to the heap size. The requirements for the real-time processing is also presented.. |
本データベースの内容を無断転載することを禁止します。