Papers - SASAKI Takayuki
about 34-
Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices
Takayuki Sasaki, Akira Fujita, Carlos Hernandez Ganan, Michel van Eeten, Katsunari Yoshioka, Tsutom … Show more authors
Takayuki Sasaki, Akira Fujita, Carlos Hernandez Ganan, Michel van Eeten, Katsunari Yoshioka, Tsutomu Matsumoto Hide authors
IEEE Symposium on Security and Privacy (IEEE S&P) 2022 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network
Takayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, T … Show more authors
Takayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, Tsutomu Matsumoto Hide authors
IEEE Symposium on Security and Privacy (IEEE S&P) 2024.5 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (international conference proceedings) Single Work
-
Observation of Human-Operated Accesses Using Remote Management Device Honeypot
SASAKI Takayuki, KAWAGUCHI Mami, KUMAGAI Takuhiro, YOSHIOKA Katsunari, MATSUMOTO Tsutomu
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E107.A ( 3 ) 291 - 305 2024.3
DOI Web of Science CiNii Research
Language:English Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>In recent years, cyber attacks against infrastructure have become more serious. Unfortunately, infrastructures with vulnerable remote management devices, which allow attackers to control the infrastructure, have been reported. Targeted attacks against infrastructure are conducted manually by human attackers rather than automated scripts. Here, open questions are how often the attacks against such infrastructure happen and what attackers do after intrusions. In this empirical study, we observe the accesses, including attacks and security investigation activities, using the customized infrastructure honeypot. The proposed honeypot comprises (1) a platform that easily deploys real devices as honeypots, (2) a mechanism to increase the number of fictional facilities by changing the displayed facility names on the WebUI for each honeypot instance, (3) an interaction mechanism with visitors to infer their purpose, and (4) tracking mechanisms to identify visitors for long-term activities. We implemented and deployed the honeypot for 31 months. Our honeypot observed critical operations, such as changing configurations of a remote management device. We also observed long-term access to WebUI and Telnet service of the honeypot.</p>
-
SPOT: In-depth Analysis of IoT Ransomware Attacks Using Bare Metal NAS Devices
Yasui Hiroki, Inoue Takahiro, Sasaki Takayuki, Tanabe Rui, Yoshioka Katsunari, Matsumoto Tsutomu
Journal of Information Processing 32 ( 0 ) 23 - 34 2024
Language:English Publishing type:Research paper (scientific journal) Publisher:一般社団法人 情報処理学会 Joint Work
<p>Ransomware attacks targeting Network Attached Storage (NAS) devices have occurred steadily in the threat landscape since 2019. Early research has analyzed the functionality of IoT ransomware binaries but failed to reveal its operation and attack infrastructure. In this paper, we propose an attack observation system named SPOT, which uses popular bare metal NAS devices, QNAP, as the honeypot and the malware sandbox to conduct an in-depth analysis of IoT ransomware attacks. During the six-month observation from September 2021 to March 2022, we observed on average, 130 hosts per day accessing from the Internet to compromise the NAS devices. Moreover, we executed 48 ransomware samples downloaded from VirusTotal in the SPOT sandbox. We identified seven remote Onion proxy servers used for C&C connection and successfully observed three samples infecting the NAS device to connect them to the C&C server behind the TOR network. The ransom notes gave two kinds of contact points; instruction web pages and email addresses. Though the email addresses were not reachable, we could access the instruction website. We kept monitoring the website and observed a “30% discount campaign” for ransom payments. We also interacted with the threat actor via online support chat on the website, but we were banned from the channel because we asked about their organization. We observe that the degree of automation in the attack operation is much higher compared to the carefully tailored and targeted ransomware attacks. While each case of successful ransom payment is limited to 0.03 BTC, the automated nature of the attacks would maximize the frequency of such successful cases.</p>
-
Mitigate: Toward Comprehensive Research and Development for Analyzing and Combating IoT Malware
NAKAO Koji, YOSHIOKA Katsunari, SASAKI Takayuki, TANABE Rui, HUANG Xuping, TAKAHASHI Takeshi, FUJIT … Show more authors
NAKAO Koji, YOSHIOKA Katsunari, SASAKI Takayuki, TANABE Rui, HUANG Xuping, TAKAHASHI Takeshi, FUJITA Akira, TAKEUCHI Jun'ichi, MURATA Noboru, SHIKATA Junji, IWAMOTO Kazuki, TAKADA Kazuki, ISHIDA Yuki, TAKEUCHI Masaru, YANAI Naoto Hide authors
IEICE Transactions on Information and Systems E106.D ( 9 ) 1302 - 1315 2023.9
DOI Web of Science CiNii Research
Language:English Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>In this paper, we developed the latest IoT honeypots to capture IoT malware currently on the loose, analyzed IoT malware with new features such as persistent infection, developed malware removal methods to be provided to IoT device users. Furthermore, as attack behaviors using IoT devices become more diverse and sophisticated every year, we conducted research related to various factors involved in understanding the overall picture of attack behaviors from the perspective of incident responders. As the final stage of countermeasures, we also conducted research and development of IoT malware disabling technology to stop only IoT malware activities in IoT devices and IoT system disabling technology to remotely control (including stopping) IoT devices themselves.</p>
-
Who are you? OSINT-based Profiling of Infrastructure Honeypot Visitors
Takayuki Sasaki, Katsunari Yoshioka, Tsutomu Matsumoto
The 11th International Symposium on Digital Forensics and Security (ISDFS 2023) 2023.5 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (international conference proceedings) Single Work
-
An Internet-Wide View of Connected Cars: Discovery of Exposed Automotive Devices
Takahiro Ueda, Takayuki Sasaki, Katsunari Yoshioka, and Tsutomu Matsumoto
The 2nd International Workshop on Security and Privacy in Intelligent Infrastructures 2022 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Single Work
-
ドアを開け放したのは誰か?IoT機器のセキュリティ問題の改善に向けた根本原因調査
乃万 誉也, 佐々木 貴之, 神野 亮, 萩原 雄一, 志村 俊也, 吉岡 克成, 松本 勉
暗号と情報セキュリティシンポジウム(SCIS) 2022
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
NASを標的とするランサムウェア攻撃のハニーポットと動的解析による分析
安井浩基, 井上貴弘, 佐々木貴之, 田辺瑠偉, 吉岡克成, 松本勉,
暗号と情報セキュリティシンポジウム(SCIS) 2022
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
重要施設に設置されたIoT機器のインターネット全域探索
平工瑞希, 佐々木貴之, 吉岡克成, 松本 勉,
電子情報通信学会情報システムセキュリティ研究会 2022
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
am I infected? エンドユーザのIoT機器のマルウェア感染と脆弱性の有無を検査するWebサービスの提案
何 松伟, 乃万誉也, 佐々木貴之, 吉岡克成, 松本 勉
電子情報通信学会情報システムセキュリティ研究会 2022
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
ハニーポットによる攻撃観測と多角的分析のための統合アーキテクチャの提案
佐々木貴之, 九鬼琉, 植田岳洋, 鮫嶋海地, Guo Binnan, 市川詩恩, 山口陽平, 岡田晃市郎, 吉岡克成, 松本勉
情報処理学会コンピュータセキュリティ研究会 2022
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
ハニーポットで観測されたサイバー攻撃の対象機器及び脆弱性の自動推定手法の提案
九鬼琉, 植田岳洋, 佐々木貴之, 吉岡克成, 松本勉
情報処理学会コンピュータセキュリティ研究会 2022
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
Multifaceted Analysis of Malicious Ethereum Accounts and Corresponding Activities,
Jia Wang, Takayuki Sasaki, Kazumasa Omote, Katsunari Yoshioka, Tsutomu Matsumoto
6th International Conference on Cryptography, Security and Privacy (CSP 2022) 2022 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
SPOT: Analyzing IoT Ransomware Attacks using Bare Metal NAS Devices
Yasui Hiroki, Inoue Takahiro, Sasaki Takayuki, Tanabe Rui, Yoshioka Katsunari, Matsumoto Tsutomu
2022 17TH ASIA JOINT CONFERENCE ON INFORMATION SECURITY, ASIAJCIS 16 - 23 2022
Language:Japanese Publishing type:Research paper (scientific journal) Joint Work
-
IoTマルウェアが狙う脆弱性の変遷の動的解析による分析
鮫嶋海地, 佐々木貴之, 田辺瑠偉, 吉岡克成, 中尾康二, 松本 勉
電子情報通信学会情報システムセキュリティ研究会 2021
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
Etherpot: A honeypot for observing cyberattacks on Ethereum client
Wang Jia, Sasaki Takayuki, Omote Kazumasa, Yoshioka Katsunari, Matsumoto Tsutomu
電子情報通信学会情報システムセキュリティ研究会 2021
Language:English Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
コネクテッドカーはインターネット上から発見可能か?
植田 岳洋, 佐々木 貴之, 吉岡 克成, 松本 勉
コンピュータセキュリティシンポジウム2021 2021
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
セキュリティ設定に不備のあるIoT機器の所有者に対する専用アプリを介した注意喚起の効果検証
村上 颯人, 藤田 彬, 佐々木 貴之, 田辺 瑠偉, 山田 明, 吉岡 克成, 松本 勉,
コンピュータセキュリティシンポジウム2021 2021
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers
SASAKI Takayuki, HERNANDEZ GAÑÁN Carlos, YOSHIOKA Katsunari, VAN EETEN Michel, MATSUMOTO Tsutomu
IEICE Transactions on Communications E103.B ( 4 ) 389 - 404 2020.4 [Reviewed]
DOI Web of Science CiNii Research
Authorship:Lead author Language:English Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.</p>
-
遠隔制御監視システムを模したハニーポットへのアクセス者の挙動の分析
熊谷 拓洋, 佐々木 貴之, 藤田 彬, 吉岡 克成, 松本 勉
コンピュータセキュリティシンポジウム2020 2020
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
適応的サンドボックスによる持続感染型IoTマルウェアの動的解析
井上貴弘, 原 悟史, 榊 博史, 岡田晃市郎, 塩治榮太朗, 秋山満昭, 佐々木貴之, 田辺瑠偉, 吉岡克成, 中尾康二, 松本 勉
電子情報通信学会情報システムセキュリティ研究会 2020
Language:Japanese Publishing type:Research paper (research society, symposium materials, etc.) Joint Work
-
Secure IoT Device Architecture Using TrustZone
Takayuki Sasaki, Koki Tomita, Yuto Hayaki, Seng Pei Liew, Norio Yamagaki
2nd IEEE Workshop on Security Trust Privacy in Emerging Cyber-Physical Systems (STP-CPS) 2020 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
Access Control Architecture for Smart City IoT Platform
Takayuki Sasaki, Yusuke Morita, Astha Jada
THE 3RD INTERNATIONAL WORKSHOP ON SECURE SMART SOCIETY IN NEXT GENERATION NETWORKING PARADIGM 2019 [Reviewed]
Language:English Publishing type:Research paper (scientific journal) Joint Work
-
Toward Collaborative Defense Across Organizations
Takayuki Sasaki, Katsunari Yoshioka, Tsutomu Matsumoto
IPSJ Journal of Information Processing 52 ( 12 ) 2018.11 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (scientific journal) Joint Work
-
Alcatraz: Data Exfiltration-Resilient Corporate Network Architecture
Daniele E. Asoni, Takayuki Sasaki and Adrian Perrig
4th IEEE International Conference on Collaboration and Internet Computing (CIC) 2018
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
SAFES: Sand-boxed Architecture for Frequent Environment Self-measurement
Toshiki Kobayashi, Takayuki Sasaki, Astha Jada, Daniele E. Asoni and Adrian Perrig
3rd Workshop on System Software for Trusted Execution (SysTEX) 2018 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (scientific journal) Joint Work
-
SDNsec: Forwarding Accountability for the SDN Data Plane
Takayuki Sasaki, Christos Pappas, Taeho Lee, Torsten Hoefler, Adrian Perrig
The IEEE International Conference on Computer Communication and Networks (ICCCN) 2016
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
Control-plane isolation and recovery for a secure SDN architecture
T. Sasaki, A. Perrig and D. E. Asoni
IEEE NetSoft Conference and Workshops (NetSoft) 2016 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
Load Distribution of an OpenFlow Controller for Role-based Network Access Control
Takayuki Sasaki, Yoichi Hatano, Kentaro Sonoda, Yoichiro Morita, Hideyuki Shimonishi, Toshihiko Oka … Show more authors
Takayuki Sasaki, Yoichi Hatano, Kentaro Sonoda, Yoichiro Morita, Hideyuki Shimonishi, Toshihiko Okamura Hide authors
The 15th Asia-Pacific Network Operations and Management Symposium 2013 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
A Framework for Detecting Insider Threats using Psychological Triggers
Takayuki Sasaki
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 99 - 119 2012 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
Towards Detecting Suspicious Insiders by Triggering Digital Data Sealing
Takayuki Sasaki
Third International Conference on Managing Insider Security Threats 2011 [Reviewed]
Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
Content Oriented Virtual Domains For Secure Information Sharing Across Organizations
Takayuki Sasaki, Masayuki Nakae, Ryuichi Ogawa
The ACM Cloud Computing Security Workshop 2010 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (international conference proceedings) Joint Work
-
A technique of adaptive bandwidth estimation for SACK-based TCP over wireless networks
Takayuki Sasaki, Hiroshi Tsunoda, Kohei Ohta, Nei Kato, Yoshiaki Nemoto
Electronics and Communications in Japan 88 ( 11 ) 32 - 43 2005.11 [Reviewed]
Authorship:Lead author Language:English Publishing type:Research paper (scientific journal) Joint Work