• Search Research Projects
  • Search Researchers
  • How to Use
  1. Back to previous page

Development of intellectual networks forensic technologies against targeted attacks

Research Project

Project/Area Number 26330161
Research Category

Grant-in-Aid for Scientific Research (C)

Allocation TypeMulti-year Fund
Section一般
Research Field Information security
Research InstitutionTokyo Denki University

Principal Investigator

Sasaki ryoichi  東京電機大学, 東京電機大学, 教授 (70333531)

Project Period (FY) 2014-04-01 – 2017-03-31
Project Status Completed (Fiscal Year 2016)
Budget Amount *help
¥4,680,000 (Direct Cost: ¥3,600,000、Indirect Cost: ¥1,080,000)
Fiscal Year 2016: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000)
Fiscal Year 2015: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000)
Fiscal Year 2014: ¥1,690,000 (Direct Cost: ¥1,300,000、Indirect Cost: ¥390,000)
Keywordsセキュアネットワーク / デジタルフォレンジクス / ネットワークフォレンジクス / 人工知能 / ルールベース / イベントログ / ネットワークフォレンジック
Outline of Final Research Achievements

We established the basic method of the LIFT (Live and Intelligent Network Forensic Technologies) system in order to enable the proper guide to the operation manager and semi-automatic operation of the IT systems, when there is a target type mail attack.
This method uses the rule base system and Bayesian network which are classified as AI technology to describe the relationship between symptom - event - countermeasures and clarify the event and countermeasures from the symptom group. We have developed prototype program of LIFT system consisting of about 2000 steps using C #.
By conducting the evaluation experiment using this prototype program, we showed that 6 out of 6 cases can be correctly found for events similar to what happened in the past, and confirmed the basic effectiveness.

Report

(4 results)
  • 2016 Annual Research Report   Final Research Report ( PDF )
  • 2015 Research-status Report
  • 2014 Research-status Report

Research Products

(36 results)

All 2017 2016 2015 2014

All Journal Article (7 results) (of which Peer Reviewed: 6 results,  Open Access: 2 results) Presentation (26 results) (of which Int'l Joint Research: 2 results) Book (2 results) Patent(Industrial Property Rights) (1 results)

  • [Journal Article] プロセス情報と関連づけた通信情報保全手法の提案2016

    • Author(s)
      三村聡志、佐々木良一
    • Journal Title

      情報処理学会論文誌,

      Volume: Vol.57,No.9 Pages: 1944-1953

    • NAID

      170000131043

    • Related Report
      2016 Annual Research Report
    • Peer Reviewed / Open Access
  • [Journal Article] マルウエアによるネットワーク内の挙動を利用した標的型攻撃における感染経路検知ツールの開発と評価2016

    • Author(s)
      佐藤信、杉本暁彦、林直樹、磯部義明、佐々木良一
    • Journal Title

      情報処理学会論文誌

      Volume: Vol.58,No.2 Pages: 1-9

    • Related Report
      2016 Annual Research Report
    • Open Access
  • [Journal Article] デジタル・フォレンジックのためのガイドライン総合支援システムの提案と開発2015

    • Author(s)
      天野貴通、上原哲太郎、佐々木良一
    • Journal Title

      情報処理学会論文誌,

      Volume: 56-9 Pages: 1889-1899

    • NAID

      170000130731

    • Related Report
      2015 Research-status Report
    • Peer Reviewed
  • [Journal Article] Proposal and evaluation of an evidence preservation method for use in a common number system2015

    • Author(s)
      Naoki Kobayashi, Ryoichi Sasaki
    • Journal Title

      International Journal of Electronic Commerce Studies

      Volume: 6-1 Pages: 51-68

    • Related Report
      2015 Research-status Report
    • Peer Reviewed
  • [Journal Article] Development and Evaluation of a Continuity Operation Plan Support System for an Information Technology System2015

    • Author(s)
      Ichiro Matsunaga,Ryoichi Sasaki
    • Journal Title

      International Journal of Cyber-Security and Digital Forensics (IJCSDF)

      Volume: 4(2) Pages: 327-338

    • Related Report
      2014 Research-status Report
    • Peer Reviewed
  • [Journal Article] Technology of Federated Identity and Secure Loggings in Cloud Computing Environment2014

    • Author(s)
      Takashi Shitamichi,Ryoichi Sasaki
    • Journal Title

      International Journal of Electronic Commerce Studies

      Volume: Vol.5, No.1 Pages: 39-62

    • DOI

      10.7903/ijecs.1157

    • Related Report
      2014 Research-status Report
    • Peer Reviewed
  • [Journal Article] 証拠性保全のための安全で効率的なログ署名方式の提案と評価2014

    • Author(s)
      小林直樹,佐々木良一
    • Journal Title

      日本セキュリティマネジメント学会誌

      Volume: 28巻第2号

    • NAID

      40020230042

    • Related Report
      2014 Research-status Report
    • Peer Reviewed
  • [Presentation] 標的型攻撃における侵害範囲特定ツールの開発と評価2017

    • Author(s)
      島川 貴裕
    • Organizer
      第76回コンピュータセキュリティ合同研究発表会
    • Place of Presentation
      厚木市神奈川工科大学
    • Year and Date
      2017-03-02
    • Related Report
      2016 Annual Research Report
  • [Presentation] Digital Forensics Trends in Japan(Keynote Presenatation)2016

    • Author(s)
      Ryoichi Sasaki
    • Organizer
      SADFE 2016
    • Place of Presentation
      京都市立命館衣笠キャンパス
    • Year and Date
      2016-09-20
    • Related Report
      2016 Annual Research Report
  • [Presentation] Proposal of Unified Data Management and Recovery Tool Using Shadow Copy2016

    • Author(s)
      Naoki Matsutaka,
    • Organizer
      The Third International Conference on Digital Security and Forensics (DigitalSec2016)
    • Place of Presentation
      Kuala Lumpur, Malaysia
    • Year and Date
      2016-09-06
    • Related Report
      2016 Annual Research Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックシステムLIFTの開発 -ユーザインタフェースの開発と評価-2016

    • Author(s)
      杉原 崚介
    • Organizer
      情報処理学会DICOMO2016
    • Place of Presentation
      三重県鳥羽シーサイドホテル
    • Year and Date
      2016-07-06
    • Related Report
      2016 Annual Research Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックシステムLIFTの開発-ベイジアンネットワークの適用-2016

    • Author(s)
      鈴木 文仁
    • Organizer
      情報処理学会DICOMO2016
    • Place of Presentation
      三重県鳥羽シーサイドホテル
    • Year and Date
      2016-07-06
    • Related Report
      2016 Annual Research Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックシステムLIFTの開発 -標的型攻撃マルウェアの解析と亜種の予測-2016

    • Author(s)
      渋谷 健太
    • Organizer
      情報処理学会DICOMO2016
    • Place of Presentation
      三重県鳥羽シーサイドホテル
    • Year and Date
      2016-07-06
    • Related Report
      2016 Annual Research Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックシステムLIFTの開発-模擬C&Cサーバを用いたマルウェアの挙動解析-2016

    • Author(s)
      島川 貴裕
    • Organizer
      情報処理学会DICOMO2016
    • Place of Presentation
      三重県鳥羽シーサイドホテル
    • Year and Date
      2016-07-06
    • Related Report
      2016 Annual Research Report
  • [Presentation] シャドウコピーを利用したデータ管理・復元ツールの提案と評価2016

    • Author(s)
      松高 直輝
    • Organizer
      情報処理学会DICOMO2016
    • Place of Presentation
      三重県鳥羽シーサイドホテル
    • Year and Date
      2016-07-06
    • Related Report
      2016 Annual Research Report
  • [Presentation] Development of intellectual networks forensic system LIFT against targeted attacks2015

    • Author(s)
      Kazuki Hashimoto, Hiroyuki Himura,Takashi Matsumoto,et al.
    • Organizer
      CyberSec2015
    • Place of Presentation
      Sampoerna University, Jakarta, Indonesia
    • Year and Date
      2015-10-29
    • Related Report
      2015 Research-status Report
    • Int'l Joint Research
  • [Presentation] Proposal of a Method for Identififying the Infection Route for Targeted Attacks Based on Malware Behavior in a Netwaork2015

    • Author(s)
      Makoto Sato,Ryoichi Sasaki,Akihiko Sugimoto,et al.
    • Organizer
      CyberSec 2015
    • Place of Presentation
      Sampoerna University, Jakarta, Indonesia
    • Year and Date
      2015-10-29
    • Related Report
      2015 Research-status Report
    • Int'l Joint Research
  • [Presentation] Eディスカバリ効率化のための機械学習アルゴリズムの提案2015

    • Author(s)
      三戸智浩、佐々木良一
    • Organizer
      CSS2015
    • Place of Presentation
      長崎ブリックホール (長崎県長崎市)
    • Year and Date
      2015-10-21
    • Related Report
      2015 Research-status Report
  • [Presentation] 大学院におけるデジタルフォレンジックの教育カリキュラムの調査と提案2015

    • Author(s)
      澤邉直幸、佐々木良一
    • Organizer
      CSS2015
    • Place of Presentation
      長崎ブリックホール (長崎県長崎市)
    • Year and Date
      2015-10-21
    • Related Report
      2015 Research-status Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックスシステムLIFTの開発(その3)-今後の研究構想―2015

    • Author(s)
      佐々木良一、八槇博史
    • Organizer
      DICOMO2015(岩手)
    • Place of Presentation
      ホテル安比グランド(岩手県八幡平市)
    • Year and Date
      2015-07-08
    • Related Report
      2015 Research-status Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックスシステムLIFTの開発(その1)-予兆検知と対策方法の提案―2015

    • Author(s)
      比留間裕幸、橋本一紀、柿崎淑郎、八槇博史、上原哲太郎他
    • Organizer
      DICOMO2015(岩手)
    • Place of Presentation
      ホテル安比グランド(岩手県八幡平市)
    • Year and Date
      2015-07-08
    • Related Report
      2015 Research-status Report
  • [Presentation] 標的型攻撃に対する知的ネットワークフォレンジックスシステムLIFTの開発(その2)-プロトプログラムの開発と評価―2015

    • Author(s)
      橋本一紀、比留間裕幸、上原哲太郎、佳山こうせつ他
    • Organizer
      DICOMO2015(岩手)
    • Place of Presentation
      ホテル安比グランド(岩手県八幡平市)
    • Year and Date
      2015-07-08
    • Related Report
      2015 Research-status Report
  • [Presentation] マルウエアのネットワーク内の挙動を利用した動的検知方式の提案2015

    • Author(s)
      佐藤信、杉本暁彦、林直樹、磯部義明、佐々木良一他
    • Organizer
      DICOMO2015
    • Place of Presentation
      ホテル安比グランド(岩手県八幡平市)
    • Year and Date
      2015-07-08
    • Related Report
      2015 Research-status Report
  • [Presentation] 知的ネットワークフォレンジックにおける事象推定のためのプロダクションシステムの適用2014

    • Author(s)
      八槇博史、比留間裕幸、橋本一紀、佐々木良一他4名
    • Organizer
      合同エージェントワークショップ&シンポジウム2014(JAWS2014)
    • Place of Presentation
      ANAホリデイインリゾート宮崎(宮崎)
    • Year and Date
      2014-10-27 – 2014-10-29
    • Related Report
      2014 Research-status Report
  • [Presentation] 情報システムの継続的運用計画支援システムの拡張2014

    • Author(s)
      松永一朗 佐々木良一
    • Organizer
      情報処理学会CSS2014(札幌)
    • Place of Presentation
      札幌コンベンションセンタ(札幌)
    • Year and Date
      2014-10-22 – 2014-10-24
    • Related Report
      2014 Research-status Report
  • [Presentation] Method for Estimating Unjust Communication Causes Using Network Packets Associated with Process Information2014

    • Author(s)
      Satoshi Mimura, Ryoichi Sasaki
    • Organizer
      The International Conference on Information Security and CyberForensics (InfoSec2014)
    • Place of Presentation
      Kuala Terenggaru, Malaysia
    • Year and Date
      2014-10-08 – 2014-10-10
    • Related Report
      2014 Research-status Report
  • [Presentation] Extension and Evaluation of Guideline Total Support System for Digital Forensics2014

    • Author(s)
      Takamichi Amano, Tetsutaro Uehara and Ryoichi Sasaki,
    • Organizer
      The International Conference on Information Security and CyberForensics (InfoSec2014)
    • Place of Presentation
      Kuala Terenggaru, Malaysia
    • Year and Date
      2014-10-08 – 2014-10-10
    • Related Report
      2014 Research-status Report
  • [Presentation] Development and trial application of a continuity operation plan support system for Information Technology System2014

    • Author(s)
      Ichiro Matsunaga, Ryoichi Sasaki
    • Organizer
      The International Conference on Information Security and Cyber Forensics (InfoSec2014)
    • Place of Presentation
      Kuala Terenggaru, Malaysia
    • Year and Date
      2014-10-08 – 2014-10-10
    • Related Report
      2014 Research-status Report
  • [Presentation] User Centric Trusted Log Archival Architecture in Cloud Computing Environments2014

    • Author(s)
      Takashi Shitamichi , Ryoichi Sasaki,
    • Organizer
      The International Conference on Information Security and Cyber Forensics (InfoSec2014)
    • Place of Presentation
      Kuala Terenggaru, Malaysia
    • Year and Date
      2014-10-08 – 2014-10-10
    • Related Report
      2014 Research-status Report
  • [Presentation] Proposal and evaluation of safe and efficient log signature scheme for the preservation of evidence2014

    • Author(s)
      Naoki Kobayashi, Ryoichi sasaki
    • Organizer
      CFSE2014 Held in Conjunction with COMPSAC2014
    • Place of Presentation
      Vasteras, Sweden
    • Year and Date
      2014-07-21 – 2014-07-25
    • Related Report
      2014 Research-status Report
  • [Presentation] 標的型メール攻撃に対する知的ネットワクフォレンジのための予兆検知と対策方法提案2014

    • Author(s)
      比留間裕幸,橋下一紀,佐々木良一他5名
    • Organizer
      情報処理学会DICOMO2014
    • Place of Presentation
      月岡温泉ホテル(新発田)
    • Year and Date
      2014-07-09 – 2014-07-11
    • Related Report
      2014 Research-status Report
  • [Presentation] 標的型メール攻撃に対する計画・運用問題解決のためのイベントツリーを用いた最適な対策案の選定手法の提案2014

    • Author(s)
      橋下一紀,比留間裕幸,佐々木良一他5名
    • Organizer
      情報処理学会DICOMO2014
    • Place of Presentation
      月岡温泉ホテル(新発田)
    • Year and Date
      2014-07-09 – 2014-07-11
    • Related Report
      2014 Research-status Report
  • [Presentation] プロセス情報と関連づけたパケットを利用した不正通信原因推定手法の提案2014

    • Author(s)
      三村聡志,佐々木良一
    • Organizer
      情報処理学会DICOMO2014
    • Place of Presentation
      月岡温泉ホテル(新発田)
    • Year and Date
      2014-07-09 – 2014-07-11
    • Related Report
      2014 Research-status Report
  • [Book] デジタル・フォレンジックの基礎と実践2017

    • Author(s)
      佐々木良一編著
    • Total Pages
      290
    • Publisher
      東京電機大学出版局
    • Related Report
      2016 Annual Research Report
  • [Book] 改訂版 デジタル・フォレンジック事典2014

    • Author(s)
      佐々木良一(監修)
    • Total Pages
      300
    • Publisher
      日科技連出版
    • Related Report
      2014 Research-status Report
  • [Patent(Industrial Property Rights)] ログ取得装置及び取得プログラム2014

    • Inventor(s)
      佐々木良一,三村聡志
    • Industrial Property Rights Holder
      佐々木良一,三村聡志
    • Industrial Property Rights Type
      特許
    • Filing Date
      2014-06-23
    • Related Report
      2014 Research-status Report

URL: 

Published: 2014-04-04   Modified: 2018-03-22  

Information User Guide FAQ News Terms of Use Attribution of KAKENHI

Powered by NII kakenhi