学位論文 【 表示 ／ 非表示 】

学位論文 【 表示 ／ 非表示 】

• Defense Against Cyber Attacks Based on Analysis of Relationship Between Attackers' Motivation and Activities

  Takayuki Sasaki

  2021年3月

  学位論文（博士）   単著  

論文 【 表示 ／ 非表示 】

論文 【 表示 ／ 非表示 】

• Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices

  Takayuki Sasaki, Akira Fujita, Carlos Hernandez Ganan, Michel van Eeten, Katsunari Yoshioka, Tsutom … 全著者表示

  IEEE Symposium on Security and Privacy (IEEE S&P)   2022年  [査読有り]

  　詳細を見る

  担当区分：筆頭著者   記述言語：英語   掲載種別：研究論文（国際会議プロシーディングス）   共著  

• Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network

  Takayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, T … 全著者表示

  IEEE Symposium on Security and Privacy (IEEE S&P)   2024年5月  [査読有り]

  　詳細を見る

  担当区分：筆頭著者   記述言語：英語   掲載種別：研究論文（国際会議プロシーディングス）   単著  

• Observation of Human-Operated Accesses Using Remote Management Device Honeypot

  SASAKI Takayuki, KAWAGUCHI Mami, KUMAGAI Takuhiro, YOSHIOKA Katsunari, MATSUMOTO Tsutomu

  IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences   E107.A ( 3 )   291 - 305   2024年3月

  DOI Web of Science CiNii Research

  　詳細を見る

  記述言語：英語   掲載種別：研究論文（学術雑誌）   出版者・発行元：一般社団法人 電子情報通信学会   共著  

  <p>In recent years, cyber attacks against infrastructure have become more serious. Unfortunately, infrastructures with vulnerable remote management devices, which allow attackers to control the infrastructure, have been reported. Targeted attacks against infrastructure are conducted manually by human attackers rather than automated scripts. Here, open questions are how often the attacks against such infrastructure happen and what attackers do after intrusions. In this empirical study, we observe the accesses, including attacks and security investigation activities, using the customized infrastructure honeypot. The proposed honeypot comprises (1) a platform that easily deploys real devices as honeypots, (2) a mechanism to increase the number of fictional facilities by changing the displayed facility names on the WebUI for each honeypot instance, (3) an interaction mechanism with visitors to infer their purpose, and (4) tracking mechanisms to identify visitors for long-term activities. We implemented and deployed the honeypot for 31 months. Our honeypot observed critical operations, such as changing configurations of a remote management device. We also observed long-term access to WebUI and Telnet service of the honeypot.</p>

• SPOT: In-depth Analysis of IoT Ransomware Attacks Using Bare Metal NAS Devices

  Yasui Hiroki, Inoue Takahiro, Sasaki Takayuki, Tanabe Rui, Yoshioka Katsunari, Matsumoto Tsutomu

  Journal of Information Processing   32 ( 0 )   23 - 34   2024年

  DOI CiNii Research

  　詳細を見る

  記述言語：英語   掲載種別：研究論文（学術雑誌）   出版者・発行元：一般社団法人 情報処理学会   共著  

  <p>Ransomware attacks targeting Network Attached Storage (NAS) devices have occurred steadily in the threat landscape since 2019. Early research has analyzed the functionality of IoT ransomware binaries but failed to reveal its operation and attack infrastructure. In this paper, we propose an attack observation system named SPOT, which uses popular bare metal NAS devices, QNAP, as the honeypot and the malware sandbox to conduct an in-depth analysis of IoT ransomware attacks. During the six-month observation from September 2021 to March 2022, we observed on average, 130 hosts per day accessing from the Internet to compromise the NAS devices. Moreover, we executed 48 ransomware samples downloaded from VirusTotal in the SPOT sandbox. We identified seven remote Onion proxy servers used for C&C connection and successfully observed three samples infecting the NAS device to connect them to the C&C server behind the TOR network. The ransom notes gave two kinds of contact points; instruction web pages and email addresses. Though the email addresses were not reachable, we could access the instruction website. We kept monitoring the website and observed a “30% discount campaign” for ransom payments. We also interacted with the threat actor via online support chat on the website, but we were banned from the channel because we asked about their organization. We observe that the degree of automation in the attack operation is much higher compared to the carefully tailored and targeted ransomware attacks. While each case of successful ransom payment is limited to 0.03 BTC, the automated nature of the attacks would maximize the frequency of such successful cases.</p>

• Mitigate: Toward Comprehensive Research and Development for Analyzing and Combating IoT Malware

  NAKAO Koji, YOSHIOKA Katsunari, SASAKI Takayuki, TANABE Rui, HUANG Xuping, TAKAHASHI Takeshi, FUJIT … 全著者表示

  IEICE Transactions on Information and Systems   E106.D ( 9 )   1302 - 1315   2023年9月

  DOI Web of Science CiNii Research

  　詳細を見る

  記述言語：英語   掲載種別：研究論文（学術雑誌）   出版者・発行元：一般社団法人 電子情報通信学会   共著  

  <p>In this paper, we developed the latest IoT honeypots to capture IoT malware currently on the loose, analyzed IoT malware with new features such as persistent infection, developed malware removal methods to be provided to IoT device users. Furthermore, as attack behaviors using IoT devices become more diverse and sophisticated every year, we conducted research related to various factors involved in understanding the overall picture of attack behaviors from the perspective of incident responders. As the final stage of countermeasures, we also conducted research and development of IoT malware disabling technology to stop only IoT malware activities in IoT devices and IoT system disabling technology to remotely control (including stopping) IoT devices themselves.</p>

全件表示 >>

産業財産権 【 表示 ／ 非表示 】

産業財産権 【 表示 ／ 非表示 】

• Method for managing data traffic within a network

  Ghassan Karame, Felix Klaedtke, Takayuki Sasaki

  　詳細を見る

  出願番号：17082045 

• 通信端末、通信方法、通信システムおよび制御装置

  園田　健太郎, 水越　康博, 下西　英之, 波多野　洋一, 中江　政行, 山形　昌也, 森田　陽一郎, 佐々木　貴之

  　詳細を見る

  出願番号：2014512203 

• 通信システム、ポリシー管理装置、通信方法およびプログラム

  森田　陽一郎, 中江　政行, 山形　昌也, 佐々木　貴之, 下西　英之, 園田　健太郎, 波多野　洋一

  　詳細を見る

  出願番号：PCT/JP2012/073711 

• 仮想マシン運用システム、仮想マシン運用方法およびプログラム

  佐々木　貴之

  　詳細を見る

  出願番号：2013022602 

• 仮想マシン運用システム、仮想マシン運用方法およびプログラム

  佐々木　貴之

  　詳細を見る

  出願番号：2013022651 

全件表示 >>

受賞 【 表示 ／ 非表示 】

受賞 【 表示 ／ 非表示 】

• 情報通信システムセキュリティ研究賞

  2022年   電子情報通信学会情報システムセキュリティ研究会   重要施設に設置されたIoT機器のインターネット全域探索  

  受賞者：平工瑞希, 佐々木貴之, 吉岡克成, 松本勉

• CSS優秀論文賞

  2021年   情報処理学会   コネクテッドカーはインターネット上から発見可能か？  

  受賞者：植田 岳洋, 佐々木 貴之, 吉岡 克成, 松本 勉,

学会誌・論文誌編集等 【 表示 ／ 非表示 】

学会誌・論文誌編集等 【 表示 ／ 非表示 】

• 情報処理学会誌

  編集委員 

  2017年4月

  -

  2022月7日