|
所属組織 |
先端科学高等研究院 |
|
職名 |
特任教員(准教授) |
代表的な業績 【 表示 / 非表示 】
-
【論文】 Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices 2022年
直近の代表的な業績 (過去5年) 【 表示 / 非表示 】
-
【論文】 Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices 2022年
学内所属歴 【 表示 / 非表示 】
-
2023年4月-現在
専任 横浜国立大学 先端科学高等研究院 特任教員(准教授)
-
2021年4月-2023年3月
専任 横浜国立大学 先端科学高等研究院 特任教員(助教)
学位論文 【 表示 / 非表示 】
-
Defense Against Cyber Attacks Based on Analysis of Relationship Between Attackers' Motivation and Activities
Takayuki Sasaki
2021年3月
学位論文(博士) 単著
論文 【 表示 / 非表示 】
-
Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices
Takayuki Sasaki, Akira Fujita, Carlos Hernandez Ganan, Michel van Eeten, Katsunari Yoshioka, Tsutom … 全著者表示
Takayuki Sasaki, Akira Fujita, Carlos Hernandez Ganan, Michel van Eeten, Katsunari Yoshioka, Tsutomu Matsumoto 閉じる
IEEE Symposium on Security and Privacy (IEEE S&P) 2022年 [査読有り]
担当区分:筆頭著者 記述言語:英語 掲載種別:研究論文(国際会議プロシーディングス) 共著
-
Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network
Takayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, T … 全著者表示
Takayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, Tsutomu Matsumoto 閉じる
IEEE Symposium on Security and Privacy (IEEE S&P) 2024年5月 [査読有り]
担当区分:筆頭著者 記述言語:英語 掲載種別:研究論文(国際会議プロシーディングス) 単著
-
Observation of Human-Operated Accesses Using Remote Management Device Honeypot
SASAKI Takayuki, KAWAGUCHI Mami, KUMAGAI Takuhiro, YOSHIOKA Katsunari, MATSUMOTO Tsutomu
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E107.A ( 3 ) 291 - 305 2024年3月
DOI Web of Science CiNii Research
記述言語:英語 掲載種別:研究論文(学術雑誌) 出版者・発行元:一般社団法人 電子情報通信学会 共著
<p>In recent years, cyber attacks against infrastructure have become more serious. Unfortunately, infrastructures with vulnerable remote management devices, which allow attackers to control the infrastructure, have been reported. Targeted attacks against infrastructure are conducted manually by human attackers rather than automated scripts. Here, open questions are how often the attacks against such infrastructure happen and what attackers do after intrusions. In this empirical study, we observe the accesses, including attacks and security investigation activities, using the customized infrastructure honeypot. The proposed honeypot comprises (1) a platform that easily deploys real devices as honeypots, (2) a mechanism to increase the number of fictional facilities by changing the displayed facility names on the WebUI for each honeypot instance, (3) an interaction mechanism with visitors to infer their purpose, and (4) tracking mechanisms to identify visitors for long-term activities. We implemented and deployed the honeypot for 31 months. Our honeypot observed critical operations, such as changing configurations of a remote management device. We also observed long-term access to WebUI and Telnet service of the honeypot.</p>
-
SPOT: In-depth Analysis of IoT Ransomware Attacks Using Bare Metal NAS Devices
Yasui Hiroki, Inoue Takahiro, Sasaki Takayuki, Tanabe Rui, Yoshioka Katsunari, Matsumoto Tsutomu
Journal of Information Processing 32 ( 0 ) 23 - 34 2024年
記述言語:英語 掲載種別:研究論文(学術雑誌) 出版者・発行元:一般社団法人 情報処理学会 共著
<p>Ransomware attacks targeting Network Attached Storage (NAS) devices have occurred steadily in the threat landscape since 2019. Early research has analyzed the functionality of IoT ransomware binaries but failed to reveal its operation and attack infrastructure. In this paper, we propose an attack observation system named SPOT, which uses popular bare metal NAS devices, QNAP, as the honeypot and the malware sandbox to conduct an in-depth analysis of IoT ransomware attacks. During the six-month observation from September 2021 to March 2022, we observed on average, 130 hosts per day accessing from the Internet to compromise the NAS devices. Moreover, we executed 48 ransomware samples downloaded from VirusTotal in the SPOT sandbox. We identified seven remote Onion proxy servers used for C&C connection and successfully observed three samples infecting the NAS device to connect them to the C&C server behind the TOR network. The ransom notes gave two kinds of contact points; instruction web pages and email addresses. Though the email addresses were not reachable, we could access the instruction website. We kept monitoring the website and observed a “30% discount campaign” for ransom payments. We also interacted with the threat actor via online support chat on the website, but we were banned from the channel because we asked about their organization. We observe that the degree of automation in the attack operation is much higher compared to the carefully tailored and targeted ransomware attacks. While each case of successful ransom payment is limited to 0.03 BTC, the automated nature of the attacks would maximize the frequency of such successful cases.</p>
-
Mitigate: Toward Comprehensive Research and Development for Analyzing and Combating IoT Malware
NAKAO Koji, YOSHIOKA Katsunari, SASAKI Takayuki, TANABE Rui, HUANG Xuping, TAKAHASHI Takeshi, FUJIT … 全著者表示
NAKAO Koji, YOSHIOKA Katsunari, SASAKI Takayuki, TANABE Rui, HUANG Xuping, TAKAHASHI Takeshi, FUJITA Akira, TAKEUCHI Jun'ichi, MURATA Noboru, SHIKATA Junji, IWAMOTO Kazuki, TAKADA Kazuki, ISHIDA Yuki, TAKEUCHI Masaru, YANAI Naoto 閉じる
IEICE Transactions on Information and Systems E106.D ( 9 ) 1302 - 1315 2023年9月
DOI Web of Science CiNii Research
記述言語:英語 掲載種別:研究論文(学術雑誌) 出版者・発行元:一般社団法人 電子情報通信学会 共著
<p>In this paper, we developed the latest IoT honeypots to capture IoT malware currently on the loose, analyzed IoT malware with new features such as persistent infection, developed malware removal methods to be provided to IoT device users. Furthermore, as attack behaviors using IoT devices become more diverse and sophisticated every year, we conducted research related to various factors involved in understanding the overall picture of attack behaviors from the perspective of incident responders. As the final stage of countermeasures, we also conducted research and development of IoT malware disabling technology to stop only IoT malware activities in IoT devices and IoT system disabling technology to remotely control (including stopping) IoT devices themselves.</p>
産業財産権 【 表示 / 非表示 】
-
COMMUNICATION SYSTEM, CONTROL APPARATUS, COMMUNICATION APPARATUS, COMMUNICATION CONTROL METHOD, AND PROGRAM
Kentaro SONODA, Hideyuki SHIMONISHI, Toshio KOIDE, Yoichi HATANO, Masayuki NAKAE, Masaya YAMAGATA, Yoichiro MORITA, Takayuki SASAKI, Yuki ASHINO, Takeo OHNO
出願番号:15909087
-
ファームウェア書き換え装置、ファームウェア書き換え方法、及び、プログラムが格納された非一時的なコンピュータ可読媒体
小林 俊輝, 森田 佑亮, 佐々木 貴之
出願番号:PCT/JP2019/011174
-
半導体装置、制御フロー検査方法、非一時的なコンピュータ可読媒体及び電子機器
JADA Astha, 小林 俊輝i, 佐々木 貴之, ASONI Daniele Enrico, PERRIG Adria
出願番号:PCT/JP2019/025133
-
半導体装置、制御フロー検査方法、非一時的なコンピュータ可読媒体及び電子機器
JADA Astha, 小林 俊輝i, 佐々木 貴之, ASONI Daniele Enrico, PERRIG Adria
出願番号:PCT/JP2019/025100
-
セキュリティ管理装置、セキュリティ管理方法、及び非一時的なコンピュータ可読媒体
森田 佑亮, 佐々木 貴之, 小林 俊輝
出願番号:PCT/JP2019/028680
受賞 【 表示 / 非表示 】
-
情報通信システムセキュリティ研究賞
2022年 電子情報通信学会情報システムセキュリティ研究会 重要施設に設置されたIoT機器のインターネット全域探索
受賞者:平工瑞希, 佐々木貴之, 吉岡克成, 松本勉 -
CSS優秀論文賞
2021年 情報処理学会 コネクテッドカーはインターネット上から発見可能か?
受賞者:植田 岳洋, 佐々木 貴之, 吉岡 克成, 松本 勉,