| 1. |
Yihui, Y., Koide, H., Sakurai, K, Anomaly Detection of C&C Traffic using Chebyshev Theorem and Machine learning Based on URL Anomaly features, 電子情報通信学会 総合大会, 2021.03. |
| 2. |
Mbow Mariama, Hiroshi Koide,Kouichi Sakurai, Adversarial Attack Against Network Intrusion Detection Systems with Deep Learning, 情報処理学会九州支部火の国シンポジウム, 2021.03. |
| 3. |
Hao Zhao, Yaokai Feng, Hiroshi Koide, Kouichi Sakurai, An ANN Based Sequential Detection Method for Balancing Performance Indicators of IDS, 7th International Symposium on Computing and Networking, CANDAR 2019, 2019.11, In recent years, the number of cyber attacks has been increasing rapidly and network security has become an important issue. As a vital component of defense against network threats, intrusion detection system (IDS) was introduced and machine learning algorithms have been widely used in such systems for high detection performance. There are several evaluation indices such as false positive rate, false negative rate, and so on. A problem is that these indices are often related to each other. For example, while we try to decrease the false positive rate, the false negative rate often tends to increase, and vice versa. In this study, we proposed an ANN based sequential classifier method to mitigate this problem. Specifically, we try to train ANN to have a low false positive rate, despite which may lead to high false negative rate. Then, the reported negative instances are sent to the next ANN to make a further investigation, where the false negative instances reported at the previous ANN may be classified correctly. In this way, the final false negative rate can also be improved greatly. The results of the experiment shows that the proposed method can bring lower false negative rate and higher accuracy of detection while making the false positive rate at an acceptable level. Moreover, the optimum number of ANNs for our proposal is also investigated and discussed in this study.. |
| 4. |
Katsumi Nagai, Hiroshi Koide, Kouichi Sakurai, Proposal and evaluation of a security incident response training method using programming, 20th Annual Conference on Information Technology Education, SIGITE 2019, 2019.09, Nowadays, there are various cyber-attacks in the world. In terms of dealing with cyber incident, there are many non-technical factors. Table Top Exercises are available for improving it but need some fund, time and trainers who conduct it more smoothly. So, in this work, we propose a security incident response training method using programming. It aims to improve some non-technical skills. Our proposal is actually executed with questionnaires.. |
| 5. |
Ye Longjian, Hiroshi Koide, Dirceu Cavendish, Kouichi Sakurai, Efficient shortest path routing algorithms for distributed XML processing, 15th International Conference on Web Information Systems and Technologies, WEBIST 2019, 2019.01, This paper analyses the problem of efficiently routing XML documents on a network whose nodes are capable of distributed XML processing. The goal of our study is to find network paths for which XML documents' transmission will result in high likelihood that a large portion of the documents be processed within the network, decreasing the amount of XML processing at documents arrival at the destination site. We propose several routing algorithms for single route and multipath routing and evaluate them on a distributed XML network simulation environment. We show the benefits of the proposed XML routing algorithms as compared with widespread minimum hop routing strategy of the Internet.. |
| 6. |
Wai Kyi Kyi Oo, Hiroshi Koide, Danilo Vasconcellos Vargas, Kouichi Sakurai, A new design for evaluating moving target defense system, 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, 2018.12, Moving Target Defense (MTD) concept has been a feasible idea for reducing the possibility of attack happening through alternation attack surfaces or diversification the attribute or parameters of a protected system. As a result of applying MTD techniques to the system, an attacker would have more difficulties in exploiting a vulnerabilities of the target system. This study proposes an evaluation method of MTD systems combined with several different MTD techniques. The proposed method is a primary step in designing an evaluation model for the effectiveness of MTD. The main goal is to estimate the attack success ratio on the MTD systems mitigating from threats of executable binary file or malware injection. With the proposed evaluation method, we expect to prove that the MTD technology can enhance the security of a web server, and can be applied in a real-world information system. As our preliminary work done, we set up a prototype framework to validate the proposed work in a pseudo-experimental environment.. |
| 7. |
Yao Xu, Hiroshi Koide, Danilo Vasconcellos Vargas, Kouichi Sakurai, Tracing MIRAI malware in networked system, 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, 2018.12, In 2021, it is anticipated that there will be approximately 30 billion Internet of Things (IoT) devices. The tremendous aggregate value of the IoT makes it a tempting and lucrative target for cyber criminals. The breakout of Mirai malware, which compromises poorly secured IoT devices with factory-default username and passphrase to launch Distributed Denial of Service (DDoS) attacks, has raised broad awareness towards the need for increased IoT security. To better defend against Mirai infection and spread, it is critical to know how the malware operates as the first step. In this paper, we give a combined static and dynamic analysis of Mirai, basing on the results of which, we introduce the application of Threat Tracer. Threat tracer is an information system simulator initially developed to help design a system robust against Advanced Persistent Attacks(APT). It offers an intuitive track on how a cyber threat behaves in a complicated networked system. The feedback simultaneously contributes to revealing vulnerabilities of a system. Our work focuses on the replication of Mirai Malware's operating processes in Threat Tracer simulation. By achieving doing so, we believe it could offer a comprehensible description of how Mirai acts. Also, considering the continuous emergence of Mirai variants, the simulation serves as a predictor on upcoming threats' behavior patterns.. |
| 8. |
Wai Kyi Kyi Oo, Hiroshi Koide, Danilo Vasconcellos Vargas, Sakurai Kouichi, An Implementation of Moving Target Defense Technology on Web System, ISIP2018, 2018.05. |
| 9. |
Hiroshi Koide, Kento Nomiyama, Research on Attack Detection for Network Applications, 12th International Conference on Internet Technology, 2017.06. |
| 10. |
Takatoshi Murakami, Shuhei Kumano, Hiroshi Koide, An implementation of tracing attacks on advanced persistent threats by using actors model, 2014 Joint 7th International Conference on Soft Computing and Intelligent Systems, SCIS 2014 and 15th International Symposium on Advanced Intelligent Systems, ISIS 2014, 2014.02, Actors model, a general model of concurrent computation, is often used for specified applications. The attacks tracer on advanced persistent threats, APTs, is one of such applications. It investigates the act of information system consists of several elements, like routers, servers, terminals and networked applications. The authors describe an implementation of the attacks tracer by using actors model. The authors also show the actors model is more suitable to implement this application than other previous models.. |
| 11. |
Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Distributed XML processing over multicore servers, 10th International Conference on Web Information Systems and Technologies, WEBIST 2014, 2014, Nowadays, multicore CPU become popular technology to enhance services quality in Web services. This paper characterizes parallel distributed XML processing which can off-load the amount of processing at their servers to networking nodes with varying number of CPU cores. Our implemented distributed XML processing system sends XML documents from a sender node to a server node through relay nodes, which process the documents before arriving at the server. When the relay nodes are connected in tandem, the XML documents are processed in a pipelining manner. When the relay nodes are connected in parallel, the XML documents are processed in a parallel fashion. For well-formedness and grammar validation tasks, the parallel processing reveals inherent advantages compared with pipeline processing regardless of document type, number of CPU cores and processing environment. Moreover, the number of CPU cores impacts efficiency of distributed XML processing via buffer access contention.. |
| 12. |
Natsuki Kai, Ryoji Nishinohara, Hiroshi Koide, A SIMD parallelization method for an application for LSI logic simulation, 41st International Conference on Parallel Processing Workshops, ICPPW 2012, 2012, This paper proposes and evaluates a SIMD parallelization method for an application for LSI logic simulation. The proposal method converts a net list into a parallel and distributed program code so as to make the code SIMD parallelized. As experiments to evaluate our proposal method, tasks in SIMD arithmetic logical units on Cell/B.E., and we measure that elapsed time. In the results of experiments, over 80% tasks are SIMD parallelized and the program with a shuffle instruction and a SIMD instruction reduces computation time by over 90%.. |
| 13. |
Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Distributed XML processing over various topologies
Pipeline and parallel processing characterization, 8th International Conference on Web Information Systems and Technologies, WEBIST 2012, 2012, This paper characterizes distributed XML processing on networking nodes. XML documents are sent from a client node to a server node through relay nodes, which process the documents before arriving at the server. According as the node topology, the XML documents are processed in a pipelining manner or a parallel fashion. We evaluate distributed XML processing with synthetic and realistic XML documents on real and virtual environments. Characterization of well-formedness and grammar validation processing via pipelining and parallel models reveals inherent advantages of the parallel processing model.. |
| 14. |
Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Distributed XML processing over various topologies
Characterizing XML document processing efficiency, 7th International Conference on Web Information Systems and Technologies, WEBIST 2011, 2012, This study characterizes distributed XML processing on networking nodes. XML documents are sent from a client node to a server node through relay nodes, which process the documents before arriving at the server. When the relay nodes are connected in tandem, the XML documents are processed in a pipelining manner. When the relay nodes are connected in parallel, the XML documents are processed in a parallel fashion. We evaluate distributed XML processing with synthetic and realistic XML documents. Well-formedness and grammar validation pipelining and parallel processing characterization reveals inherent advantages of the parallel processing model.. |
| 15. |
Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Characterizing distributed XML processing
Moving XML processing from servers to networking nodes, 7th International Conference on Web Information Systems and Technologies, WEBIST 2011, 2011, This study characterizes distributed XML processing on networking nodes. XML documents are sent from a client node to a server node through relay nodes, which process the documents before arriving at the server. When the relay nodes are connected tandem, the XML documents are processed in a pipelining manner. When the relay nodes are connected parallel, the XML documents are processed in a parallel fashion. Well-formedness and grammar validation pipelining and parallel processing characterization reveals inherent advantages of the parallel processing model.. |
| 16. |
Yuki Nakamizo, Hiroshi Koide, Kazumi Yoshinaga, Dirceu Cavendish, Yuji Oie, MVA modeling of multi-core server distributed systems, 3rd IEEE International Conference on Intelligent Networking and CollaborativeSystems, INCoS 2011, 2011, In this paper, we propose an extension to our previous MVA based methodology for estimating performance of transactions executed on multi-server systems for multicore servers. The extension is based on the characterization of message processing service times for each server core under zeroload conditions, and building an MVA model that accounts for each available core. Core utilization is characterized, as well as message routing probabilities within the multi-core machine. We illustrate the extended methodology on a prototype multi-server system.. |
| 17. |
Kazumi Yoshinaga, Washizu Shohei, Yoshiyuki Uratani, Hiroshi Koide, Dirceu Cavendish, Yuji Oie, Characterizing transactions with data transfer on multi-server systems, 2nd International Conference on Intelligent Networking and Collaborative Systems, INCOS 2010, 2010, In this paper, we propose an extension to our previous MVA based methodology for estimating performance of transactions executed on multi-server systems to transactions involving variable data transfers. The extension is based on the characterization of data transfers between servers under zeroload conditions, and a curve fitting step to capture server message processing time dependency with the size of the data transferred. We illustrate the extended methodology on two prototype multiserver systems.. |
| 18. |
Dirceu Cavendish, Yuji Oie, Hiroshi Koide, Mario Gerla, A mean value analysis approach to transaction performance evaluation on multi-server systems, IEEE Symposium on Computers and Communications 2009, ISCC 2009, 2009, In this paper, we introduce a Mean Value Analysis based methodology for performance evaluation of transactions executed in a multi server distributed system. We first present probabilistic arguments to investigate under which conditions MVA models provide worst case response times, without large overshoots. Then, we show how to characterize the distributed server system so as to construct a model to predict response times as well as estimate system capacity. Finally, we exemplify the methodology usage via transactions implemented in two distributed Linux systems.. |
| 19. |
Dirceu Cavendish, Yuji Oie, Hiroshi Koide, Mario Gerla, Characterizing transactions on multi-server systems, International Conference on Intelligent Networking and Collaborative Systems, INCoS 2009, 2009, In this paper, we demonstrate how to characterize transactions executed on multi-server systems. The characterization is performed with the help of readily available open source components, and is used to build a Mean Value Analysis model in order to estimate transaction response times for arbitrary loads, as well as system capacity. Although an E-Commerce system is used, the characterization method described is applicable to any multi-server system.. |
| 20. |
Toshiyuki Imamura, Yuichi Tsujita, Hiroshi Koide, Hiroshi Takemiya, An architecture of stampi
MPI library on a cluster of parallel computers, 7th European Parallel Virtual Machine and Message Passing Interface Users’ Group Meeting, PVM/MPI 2000, 2000.01, In this paper, we present a communication library which extends an MPI application on a single parallel machine to a cluster of parallel machines. Stampi provides some functionality which are required for constructing distributed applications and environments based on the MPI2 standard with a focus on dynamic process management. Since the mechanism of communication bridge is transparent for users, it is very useful to assemble and link MPI applications on meta-computer systems. Furthermore Stampi supports novel functions; one is the communication between a Java applet to the backend parallel computer. Another is supporting remote file-IO. Both give us a framework of distributed resource management based on an MPI communication infrastructure. This paper covers the architecture of Stampi.. |
| 21. |
Mitsugu Suzuki, Hiroshi Koide, Motoaki Terashima, Moa — a fast sliding compaction scheme for a large storage space, International Workshop on Memory Management, IWMM 1995, 1995.01, The design and analysis of a new GC scheme called MOA is presented with its implementation on PLisp (Portable Lisp). MOA is "stop-and-collect" type GC and is based on a Morris's sliding compaction scheme. MOA has the excellent features such as: (1) it can perform sliding compaction with a time proportional nearly to the size of all data objects in use, (2) it requires an additional space of a small size to achieve such a time cost saving, (3) it can skip a GC process for a special cluster called an "anchor", reducing the total GC processing time considerably. MOA has been successfully implemented on PLisp which provides a large amount of storage space. MOA is superior to other GC based on conventional sliding compaction and copying collection, as shown in several experiments.. |
| 22. |
Hiroshi Koide, Generated order preserving real-time garbage collection, Proceedings of the 1995 2nd International Workshop on Real-Time Computing Systems and Applications, 1995, This paper proposes a new real-time garbage collection that always preserves the order of object creation. Some programming languages and application programs need to preserve the generated order of objects. The proposed method is the first type of the garbage collection that can be used to make them run in real-time. Since the generated order preserving scavenging garbage collection is partly employed, the complexity of the proposed method is not related to the heap size. The requirements for the real-time processing is also presented.. |
