A study on security and vulnerability management of facility networks

• Project/Area Number: 18K11257
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Review Section: Basic Section 60060:Information network-related
• Research Institution: The University of Tokyo
• Principal Investigator: Ochiai Hideya 東京大学, 大学院情報理工学系研究科, 准教授 (10615652)
• Project Period (FY): 2018-04-01 – 2022-03-31
• Project Status: Completed (Fiscal Year 2021)
• Budget Amount: ¥4,420,000 (Direct Cost: ¥3,400,000、Indirect Cost: ¥1,020,000); Fiscal Year 2020: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000); Fiscal Year 2019: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000); Fiscal Year 2018: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000)
• Keywords: IoT / セキュリティ / 設備ネットワーク / LAN Security / OT Security / LAN / サイバーセキュリティ

Outline of Final Research Achievements

We developed an algorithm for learning and controlling communication flows for improving the security of IoT device connected networks. We also developed anomaly detection devices for local area networks (LANs) based on our own new method, and deployed 50 devices around the regions of South East Asia where are suffuring from severe malware encounter rates. We could successfully make a taxonomy of suspicious LAN internal device-to-device communications and visualization of them with the collected events. We further developed another anomaly detection scheme for improving the physical security of facility networks where are connected at the edges of IoT systems.

Academic Significance and Societal Importance of the Research Achievements

ネットワーク・セキュリティの研究は、これまでネットワークの上流での異常検知や管理が一般的であったが、本研究はIoTを取り巻く環境すなわちLAN内部の通信管理や異常検知に主眼を置いている。また本手法で確立した装置をマルウェア感染が深刻な地域に実際に多数展開し、そこからLAN内不審活動の可視化・体系化を行ったことは、これまでにない学術的な意義を持つ。

Research Products

• [Int'l Joint Research] Prince of Songkla University(タイ)
• [Int'l Joint Research] Brawijaya University(インドネシア)
• [Int'l Joint Research] Royal Melbourne Institute of Technology(オーストラリア)
• [Int'l Joint Research] Prince of Songkla University(タイ)
• [Int'l Joint Research] Brawijaya University(インドネシア)
• [Int'l Joint Research] University of Computer Studies, Yangon/University of Information Technology(ミャンマー)
• [Journal Article] Honeyboost: Boosting honeypot performance with data fusion and anomaly detection (2022)
  • Author(s): Sevvandi Kandanaarachchi, Hideya Ochiai, Asha Rao
  • Journal Title: Elsevier journal on Expert Systems with Applications Volume: 未定
  • Peer Reviewed / Int'l Joint Research
• [Journal Article] Adaptive Intrusion Detection in the Networking of Large-Scale LANs With Segmented Federated Learning (2020)
  • Author(s): Yuwei Sun, Hiroshi Esaki, Hideya Ochiai
  • Journal Title: IEEE Open Journal of the Communications Society Volume: Vol.2 Pages: 102-112
  • Peer Reviewed / Open Access / Int'l Joint Research
• [Presentation] Smart Meter RS-485 Spoofing Attack Detection by LSTM Deep Learning Approach (2022)
  • Author(s): Md Delwar Hossain, Hideya Ochiai, Tatsuya Arisawa, Youki Kadobayashi
  • Organizer: IEEE Swiss Conference on Data Science
  • Int'l Joint Research
• [Presentation] Feature Extraction Pipeline and Analysis of Suspicious Events in Large-Scale LANs for Cyberattack Categorization (2022)
  • Author(s): Pawissakan Chirupphapa, Hiroshi Esaki, Hideya Ochiai
  • Organizer: ACM International Conference on Big Data Engineering
  • Int'l Joint Research
• [Presentation] Suspicious ARP Activity Detection and Clustering Based on Autoencoder Neural Networks (2021)
  • Author(s): Yuwei Sun, Hideya Ochiai, Hiroshi Esaki
  • Organizer: IEEE Consumer Communications and Networking Conference
  • Int'l Joint Research
• [Presentation] SDNHive: A Proof-of-Concept SDN and Honeypot System for Defending Against Internal Threats (2021)
  • Author(s): Meatasit Karakate, Hiroshi Esaki, Hideya Ochiai
  • Organizer: ACM International Conference on Communication and Network Security
  • Int'l Joint Research
• [Presentation] INTAP: Integrated Network Traffic Analysis Pipeline for LAN Monitoring System (2021)
  • Author(s): Pawissakan Chirupphapa, Hiroshi Esaki and Hideya Ochiai
  • Organizer: IEEE ICIM
  • Int'l Joint Research
• [Presentation] XGBoosted Misuse Detection in LAN-Internal Traffic Dataset (2020)
  • Author(s): Zhiqing Zhang, Pawissakan Chirupphapa, Hiroshi Esaki, Hideya Ochiai
  • Organizer: IEEE International Conference on Intelligence and Security Informatics
  • Int'l Joint Research
• [Presentation] Mitigating Privacy Leak by Injecting Unique Noise into the Traffic of Smart Speakers (2020)
  • Author(s): Rikura Furuta, Hideya Ochiai, Hiroshi Esaki
  • Organizer: IEEE SMARTCOMP
  • Int'l Joint Research
• [Presentation] Intrusion Detection with Segmented Federated Learning for Large-Scale Multiple LANs (2020)
  • Author(s): Yuwei Sun, Hideya Ochiai, Hiroshi Esaki
  • Organizer: IEEE WCCI/IJCNN
  • Int'l Joint Research
• [Presentation] Scan-based Self Anomaly Detection: Client-side Mitigation of Channel-based Man-in-the-Middle Attacks against Wi-Fi (2020)
  • Author(s): Sheng Gong, Hideya Ochiai, Hiroshi Esaki
  • Organizer: IEEE COMPSAC
  • Int'l Joint Research
• [Presentation] Visual Analytics for Anomaly Classification in LAN Based on Deep Convolutional Neural Network (2020)
  • Author(s): Yuwei Sun, Hideya Ochiai, Hiroshi Esaki
  • Organizer: IEEE International Conference on Informatics, Electronics and Vision
  • Int'l Joint Research
• [Presentation] Text-based Malicious Domain Names Detection Based on Variational Autoencoder and Supervised Learning (2020)
  • Author(s): Yuwei Sun, Ng S. T. Chong, Hideya Ochiai
  • Organizer: IEEE CISS
  • Int'l Joint Research
• [Presentation] Classification of TCP 445 Attacks and Global Snapshot with Honeypot Analysis (2019)
  • Author(s): Ying Luo, Zhiqing Zhang, Hiroshi Esaki, Hideya Ochiai
  • Organizer: IEEE ICAIT
  • Int'l Joint Research
• [Presentation] Aircraft Detection Based on Saliency Map and Convolution Neural Network (2019)
  • Author(s): Yuwei Sun, Nagul Cooharojananone, Hideya Ochiai
  • Organizer: IEEE ICSEC
  • Int'l Joint Research
• [Presentation] Detection and Classification of Network Events in LAN using CNN (2019)
  • Author(s): Yuwei Sun, Hiroshi Esaki, Hideya Ochiai
  • Organizer: IEEE InCIT
  • Int'l Joint Research
• [Presentation] Unveiling Malicious Activities in LAN with Honeypot (2019)
  • Author(s): Zhiqing Zhang, Hiroshi Esaki, Hideya Ochiai
  • Organizer: IEEE InCIT
  • Int'l Joint Research
• [Presentation] Probing Firewalls of Malware-Infected Networks with Honeypot (2019)
  • Author(s): Hyuga Kobayashi, Zhiqing Zhang, Hiroshi Esaki, Hideya Ochiai
  • Organizer: ACM CFI
  • Int'l Joint Research
• [Presentation] Analysis of Malware Hidden Behind Firewalls with Back Scans (2019)
  • Author(s): Zhiqing Zhang, Hiroshi Esaki, Hideya Ochiai
  • Organizer: IEEE International Symposium on Digital Forensics and Security
  • Int'l Joint Research
• [Presentation] ARP Request Trend Fitting for Detecting Malicious Activity in LAN (2019)
  • Author(s): Kai Matsufuji, S.Kobayashi, H.Esaki, H.Ochiai
  • Organizer: 13th International Conference on Ubiquitous Information Management and Communication
  • Int'l Joint Research
• [Presentation] A Rule-based Algorithm of Finding Valid Hosts for IoT Device Using Its Network Traffic (2019)
  • Author(s): Porapat Ongkanchana, H.Esaki, H.Ochiai
  • Organizer: 13th International Conference on Ubiquitous Information Management and Communication
  • Int'l Joint Research
• [Presentation] IoT-VuLock: Locking IoT Device Vulnerability with Enhanced Network Scans (2019)
  • Author(s): S.Limjitti, H.Ochiai, H.Esaki, K.Sripanidkulchai
  • Organizer: 13th International Conference on Ubiquitous Information Management and Communication
  • Int'l Joint Research
• [Presentation] 深層学習に基づくLAN内活動の検出システム (2019)
  • Author(s): 孫 昱偉、落合秀也、江崎 浩
  • Organizer: 電子情報通信学会 NS研究会
• [Presentation] Visualizing Remote Network Reactions with Firewall Probe (2018)
  • Author(s): Hyuga Kobayashi, Hideya Ochiai, Hiroshi Esaki
  • Organizer: IEEE Symposium on Visualization for Cyber Security
  • Int'l Joint Research
• [Presentation] INSTRUCT: A Clustering Based Identification of Valid Communications in IoT Networks (2018)
  • Author(s): Mohd Saalim Jamal, Venkata Keerthy S, Hideya Ochiai, Hiroshi Esaki, Kotaro Kataoka
  • Organizer: IEEE International Conference on Internet of Things: Systems, Management and Security
  • Int'l Joint Research
• [Presentation] 遠方LAN監視システムの開発 (2018)
  • Author(s): 松岡勝也、水谷将也、落合秀也、江崎 浩
  • Organizer: 電子情報通信学会 ICSS研究会
• [Presentation] IoT機器の安全性を高める動的通信分別手法の研究 (2018)
  • Author(s): 長嶋 秀幸, 落合 秀也, 江崎 浩
  • Organizer: 情報処理学会 DICOMO
• [Remarks] LANセキュリティ監視プロジェクト
  • URL: https://www.lan-security.net/
• [Remarks] LANセキュリティ監視プロジェクト
  • URL: http://www.hongo.wide.ad.jp/~jo2lxq/meta/LAN-security-project.pdf
• [Remarks] サイバーセキュリティ
  • URL: http://www.hongo.wide.ad.jp/~jo2lxq/meta/cyber_security_white_paper_201810.pdf