MWS 2016

• October 11 (Tue) - 13 (Thu), 2016
• Akita Castle Hotel, Akita, Japan

Photo story of MWS2016 / MWS Cup 2016

	Venue: Akita Castle Hotel

Award Ceremony

	MWS2016 Best Paper Award: "Towards Automatically Detecting Promotional Attacks in Mobile App Store" Bo Sun (Waseda University), Mitsuaki Akiyama (NTT Secure Platform Laboratories), Tatsuya Mori (Waseda University)
	MWS2016 Student Paper Award: (Japanese version only) Tomomi Nishizoe (Yokohama National University), Daisuke Makita (Yokohama National University), Katsunari Yoshioka (Yokohama National University), Tsutomu Matsumoto (Yokohama National University), Michel van Eeten (Yokohama National University / Delft University of Technology)
	MWS2016 Best Practical Research Award: "Effectiveness of Malicious Email Detection based on Double Bounce Emails" Takahiro Kasama (National Institute of Information and Communications Technology), Masato Jingu (National Institute of Information and Communications Technology / Hitachi Systems, Ltd.), Yusuke Shimizu (NTT Advanced Technology Corporation), Daisuke Inoue (National Institute of Information and Communications Technology)

		Team Name	Total Score (Rank)	Technical Score (Rank)	Presentation Score (Rank)
	MWS Cup 2016 First Place Winner	Security SANKA	80 (1)	55 (1)	25 (1)
	MWS Cup 2016 Second Place Winner	JINKAI-SENJUTSU Black Team	69 (2)	51 (2)	18 (6)
	MWS Cup 2016 Third Place Winner	m1z0r3 with team goto love	61 (3)	42 (3)	19 (2)

Special Session (Session 1B4, Chair: Mitsuaki Akiyama)

	Session opening Mitsuaki Akiyama (NTT Secure Platform Laboratories / MWS2016 Planning Board)
	1B4-1: Reviewing MWS Mitsuhiro Hatada (NTT Communications Corporation / MWS Organizing Committee)
	1B4-2: MWS2016 Program Editing Report Tatsuya Mori (Waseda University / MWS2016 Program Committee Chair)
	1B4-3: Town Hall Meeting "MWS Next -- Reform for The Next Decade --" Satoru Koyama (NTT Communications Corporation / MWS Executive Committee Chair) Yoichi Shinoda (Japan Advanced Institute of Science and Technology / MWS Organizing Committee Chair) Toshihiro Yamauchi (Okayama University) Masaki Kamizono (PwC Cyber Services LLC) Audience

MWS Cup 2016

	Briefing from a MWS Planning Board member, before the technical session.
	Competitors in the technical session.
	Commentary to the Challenges from the authors (1).
	Commentary to the Challenges from the authors (2).
	Commentary to the Challenges from the authors (3).
	Competitors in the technical session.
	Presentation session.
	Evaluation of presentations.
	Competitors and staff.

MWS 2016 Research Presentations

1B3: IoT/SECCON (session chair: Yoshihiro Oyama)

1B3-1: (Japanese version only)

1B3-2: IoT Malware Behavior Analysis and Classification Using Text Mining Algorithm

• ** Chun-Jung Wu (Yokohama National University)
• Ying Tie (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

1B3-3: A Survey of Connection Form Between a Smart-Toy and a Smartphone (As of July 2016)

• * Yuhei Otsubo (National Police Agency)
• Mamoru Mimura (JMSDF Command and Staff College)
• Hidehiko Tanaka (Institute of Information Security)

1B3-4: How to manage the online CTF (Capture the flag)

• * Takumi Akiyama (Future University Hakodate)
• Yuto Maeda (University of Tsukuba)
• Hiromu Yakura (University of Tsukuba)
• Yusuke Morikoshi (Graduate School, University of Tsukuba)
• Yoshinori Takesako (Recruit Marketing Partners Co., Ltd)

1F3: Malware and Encryption (session chair: Atsuo Inomata)

1F3-1: Encryption Processing of Ransomware

• ** Takanari Shigeta (Graduate School of Engineering, Kobe University)
• Masakatu Morii (Graduate School of Engineering, Kobe University)
• Tomohisa Hasegawa (Canon IT Solutions Inc.)
• Masato Ikegami (Canon IT Solutions Inc.)
• Teiichi Ishikawa (Canon IT Solutions Inc.)

1F3-2: Locating Cryptographic Functions: an Evaluation

• ** Ryoya Furukawa (Graduate School of Engineering, Kobe University)
• Ryoichi Isawa (National Institute of Information and Communications Technology)
• Masakatu Morii (Graduate School of Engineering, Kobe University)
• Daisuke Inoue (National Institute of Information and Communications Technology)
• Koji Nakao (National Institute of Information and Communications Technology)

1F3-3: Proposal of identification to key generator using in encryption malware use

• * Hiroki Nishikawa (Mitsubishi Electric Corporation, Information Technology R&D Center)
• Tomonori Negi (Mitsubishi Electric Corporation, Information Technology R&D Center)
• Kiyoto Kawauchi (Mitsubishi Electric Corporation, Information Technology R&D Center)

1F3-4: Identification of Cryptographic Functions in Malware Binaries ~implementation and evaluation~

• * Takumi Yamamoto (Mitsubishi Electric Corporation)
• J. D. Tygar (University of California, Berkeley)

2B1: Malware Detection / Classification (session chair: Toshihiro Yamauchi)

2B1-1: Analyze of Traffic Data and API Log for Estimating Object of Malware Infection Activity

• ** Ayaka Samejima (The University of Electro-Communications)
• Junichi Murakami (FFRI Inc.)
• Hiroshi Yoshiura (The University of Electro-Communications)
• Masatsugu Ichino (The University of Electro-Communications)

2B1-2: Detectiong Malware Variants using Paragraph Vector

• ** Takumi Sato (Waseda University)
• Shigeki Goto (Waseda University)
• Takanori Takebe (Waseda University)

2B1-3: A Study of Characteristic of Malware Based on API Call Sequence and System Load Status Analysis

• ** Junko Sato (Department of Information Sciences, Tokyo University of Information Sceinces)
• Takeshi Misu (Department of Information Sciences, Tokyo University of Information Sceinces)
• Masaki Hanada (Department of Information Sciences, Tokyo University of Information Sceinces)
• Hideno Suzuki (Department of Information Sciences, Tokyo University of Information Sceinces)
• Eiji Nunohiro (Department of Information Sciences, Tokyo University of Information Sceinces)

2B1-4: Malware process estimation method by multistage Deep Neural Networks based on process behavior

• ** Shun Tobiyama (Graduate school of Information Science, Nagoya University)
• Yukiko Yamaguchi (Information Technology Center, Nagoya University)
• Hajime Shimada (Information Technology Center, Nagoya University)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Takeshi Yagi (NTT Secure Platform Laboratories)

2F1: Network Wide Area Observation (session chair: Koichi Mouri)

2F1-1: (Japanese version only)

2F1-2: Estimation of Attackers' Intentions Based on Observation of Scanning Activities

• ** Ngo Kim Cuong (National Defense Academy)
• Yasuhiro Nakamura (National Defense Academy)

2F1-3: Malware Originated HTTP Traffic Detection based on Request Interval and Response Body Size

• ** Hideki Ogawa (Graduate School of Information Science, Nagoya University)
• Yukiko Yamaguchi (Information Technology Center, Nagoya University)
• Hajime Shimada (Information Technology Center, Nagoya University)
• Hiroki Takakura (National Institute of Informatics)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Takeshi Yagi (NTT Secure Platform Laboratories)

2F1-4: The Effect of the Malware Infection on the Darknet Packets

• ** Korehito Kashiki (Kobe University)
• Keisuke Furumoto (Kobe University)
• Masakatu Morii (Kobe University)
• Masato Ikegami (Canon IT Solutions Inc.)
• Tomohisa Hasegawa (Canon IT Solutions Inc.)
• Teiichi Ishikawa (Canon IT Solutions Inc.)
• Koji Nakao (National Institute of Infomation and Communication Technology)

2F2: Network Application Layer (session chair: Nobutaka Kawaguchi)

2F2-1: Implementation of a RAT Detection System using HTTP-Based Communication Behavior

• * Mamoru Mimura (JMSDF Command and Staff College)
• Yuhei Otsubo (National Police Agency)
• Hidehiko Tanaka (Institute of Information Security)

2F2-2: Efficiency Improvement of Traffic Log Analysis of Multi-Environment Analysis for Malicious Websites

• ** Yuya Nishio (Graduate school of Science and Engineering, Saga University )
• Masanori Hirotomo (Graduate school of Science and Engineering, Saga University )
• Youji Fukuta (Faculty of Science and Engineering, Kindai University)
• Masami Mohri (Information and Multimedia Center, Gifu University)
• Yoshiaki Shiraishi (Graduate School of Engineering, Kobe University)

2F2-3: Effectiveness of Malicious Email Detection based on Double Bounce Emails

• * Takahiro Kasama (National Institute of Information and Communications Technology)
• Masato Jingu (National Institute of Information and Communications Technology / Hitachi Systems, Ltd.)
• Yusuke Shimizu (NTT Advanced Technology Corporation)
• Daisuke Inoue (National Institute of Information and Communications Technology)

2F2-4: The proposal of new email system based on S/MIME concept for protecting the email between organizations from the targeted-email-attack

• * Toshiaki Saisho (Research and Development Initiative, Chuo University)
• Masahito Gotaishi (Research and Development Initiative, Chuo University)
• Shigeo Tsujii (Research and Development Initiative, Chuo University)

2B3: Malware Analysis Techniques (I) (session chair: Yosuke Hachimoto)

2B3-1: A preliminary study of dynamic analysis systems for Linux malware using TOMOYO Linux

• ** Katsuyasu Yoshimura (Institute of Information Security)
• Masaki Hashimoto (Institute of Information Security)
• Hidenori Tsuji (Institute of Information Security)
• Hidehiko Tanaka (Institute of Information Security)

2B3-2: Proposal of static analysis assistance method utilizing the dynamic analysis log

• ** Shota Nakajima (Ritsumeikan University)
• Shuhei Aketa (Ritsumeikan University)
• Eiji Takimoto (Ritsumeikan University)
• Shoichi Saito (Nagoya Institute of Technology)
• Koichi Mouri (Ritsumeikan University)

2B3-3: Analysis of Trends in Anti-virtualization Operations by Malware

• * Yoshihiro Oyama (University of Tsukuba)

2B3-4: (Japanese version only)

2F3: Network Malicious Communication (session chair: Yasuyuki Tanaka)

2F3-1: A Method for detecting C & C server using unobserved information by attackers

• * Masahiro Kuyama (Tokyo Denki University)
• Yoshio Kakizaki (Tokyo Denki University)
• Ryoichi Sasaki (Tokyo Denki University)

2F3-2: Detecting malware-infected hosts based on the variability of HTTP header fields

• ** Sho Mizuno (Graduate School of Fundamental Science and Engineering, Waseda University)
• Mitsuhiro Hatada (Graduate School of Fundamental Science and Engineering, Waseda University)
• Tatsuya Mori (Graduate School of Fundamental Science and Engineering, Waseda University)
• Shigeki Goto (Graduate School of Fundamental Science and Engineering, Waseda University)

2F3-3: Log Detection of Malware-infected Host Communications with Data Compression Algorithm

• * Yasushi Okano (Nihon Telegraph and Telephone Corporate)
• Kazunori Kamiya (Nihon Telegraph and Telephone Corporate)
• Masaki Tanikawa (Nihon Telegraph and Telephone Corporate)

2F3-4: Finding New Malware Samples with the Network Behavior Analysis

• ** Mitsuhiro Hatada (Waseda University)
• Tatsuya Mori (Waseda University)

2B4: Malware Analysis Techniques (II) (session chair: Junichi Murakami)

2B4-1: Malware for Protocol Misidentification by utilizing Format-Transforming Encryption

• ** Nagamine Yudai (Osaka University)
• Yanai Naoto (Osaka University)
• Okamura Shingo (National Institute of Technology, Nara College)
• Fujiwara Toru (Osaka University)

2B4-2: An Unpacking Method based on Instruction-trace Similarity

• * Ryoichi Isawa (National Institute of Information and Communications)
• Masakatu Morii (Graduate School of Engineering, Kobe University)
• Daisuke Inoue (National Institute of Information and Communications)

2B4-3: (Japanese version only)

2B4-4: BinGrep: Proposing the efficient static analysis method by searching for the function comparing control flow graphs

• * Hiroki Hada (Institute of Information Security)
• Atsuhiro Goto (Institute of Information Security)

2F4: Network Observation Technology (session chair: Daiki Chiba)

2F4-1: Estimation of The Number of Attack Sources for Novel Type Distributed SSH Login Bruteforce STBF

• Satomi Saito (FUJITSU LABORATORIES LTD.)
• * Masahiko Takenaka (FUJITSU LABORATORIES LTD.)
• Satoru Torii (FUJITSU LABORATORIES LTD.)

2F4-2: Host Independent and Distributed Detection system of the Network Attack by Using OpenFlow

• ** Ryosuke Miyazaki (Kyushu University)
• Junpei Kawamoto (Kyushu University)
• Shinichi Matsumoto (Institute of Systems, Information Technologies and Nanotechnologies)
• Kouichi Sakurai (Kyushu University)

2F4-3: SSH honeypot based on Linux container technology

• ** Kenta Yamamoto (Tokyo Denki University)
• Taiichi Saito (Tokyo Denki University)

2F4-4: A feature analysis of the IP address classes for detection of unknown malicious Web sites

• ** Shihori Kanazawa (Graduate School of Systems Information Science, Future University Hakodate)
• Yoshitaka Nakamura (School of Systems Information Science, Future University Hakodate)
• Hiroshi Inamura (School of Systems Information Science, Future University Hakodate)
• Osamu Takahashi (School of Systems Information Science, Future University Hakodate)

3B1: Web Security and Machine Learning (session chair: Ryoichi Isawa)

3B1-1: Detecting Fraudulent Behavior Using Recurrent Neural Networks

• * Yoshihiro Ando (Institute of Information Security, Yahoo Japan Corporation)
• Hidehito Gomi (Yahoo Japan Corporation)
• Hidehiko Tanaka (Institute of Information Security)

3B1-2: (Japanese version only)

3B1-3: Development and evaluation of Analytical Support Application for Drive-by Download Attacks

• ** Yuhei Aoyama (Kansai University)
• Akira Yoshii (MUS Information Systems Co., Ltd.)
• Tsubasa Bando (Kansai University)
• Koya Ozaki (Kansai University)
• Kaho Ohkura (Kansai University Graduate School)
• Takashi Kobayashi (Kansai University)

3B1-4: Detecting Malicious Access based on Co-occurrence among Multiple Websites

• * Satomi Saito (Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University / FUJITSU LABORATORIES LTD.)
• Katsunari Yoshioka (Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University)
• Tsutomu Matsumoto (Graduate School of Environment and Information Sciences, Yokohama National University / Institute of Advanced Sciences, Yokohama National University)

3F1: Malware Data / Analisys (session chair: Yusuke Takahashi)

3F1-1: Overview of Research Data Set "Behavior Observable System 2016"

• * Masato Terada (Hitachi Ltd.)
• Takayuki Sato (Hitachi Ltd.)
• Kentaro Hori (Hitachi Ltd.)
• Ryohei Yoshino (Trend Micro Incorporated.)
• Kenta Hagihara (Trend Micro Incorporated.)

3F1-2: Time Series Analysis of Malware using Large-Scale Live Network Data

• ** Kensho Murai (Kobe University)
• Masakatu Morii (Kobe University)
• Masato Ikegami (Canon IT Solutions Inc.)
• Tomohisa Hasegawa (Canon IT Solutions Inc.)
• Teiichi Ishikawa (Canon IT Solutions Inc.)

3F1-3: Classifying Malicious Documents based on the Nature of Cyber-Attack

• * Yuhei Otsubo (National Police Agency)
• Yuji Kubo (National Police Agency)
• Mamoru Mimura (JMSDF Command and Staff College)
• Hidehiko Tanaka (Institute of information security)

3F1-4: A Path Tracing Method for Classifying Malicious PDF Files

• ** Kon Kengo (Graduate School of Science and Technology, Hirosaki University)
• Nagase Tomoyuki (Graduate School of Science and Technology, Hirosaki University)

3B2: Web Attack Analysis (session chair: Takahiro Kasama)

3B2-1: AETP: A Host based Intrusion Detection Method for Identifying Effective Web Attacks

• * Yang ZHONG (NTT Secure Platform Laboratories)
• Tohru SATO (NTT Secure Platform Laboratories)
• Masaki TANIKAWA (NTT Secure Platform Laboratories)

3B2-2: Js-Walker - Analyzing Anti-analysis JavaScript framework for analysts with JavaScript API hooking

• * Ryuhei Shibata (NTT Security (Japan) KK)
• Hiroki Hada (NTT Security (Japan) KK)
• Keiichi Yokoyama (NTT Security (Japan) KK)

3B2-3: A Study for WAF signature generation for exploit

• * Yuki Ochi (NTT Secure Platform Laboratories)
• Tsuyoshi Abe (NTT Secure Platform Laboratories)

3B2-4: Continuous Evaluation of Drive-by Download Detection Method and A Study on Exploit Kits

• * Takashi Kobayashi (PFU LIMITED)
• Seigo Terada (PFU LIMITED)
• Mugen Setoguchi (PFU LIMITED)
• Keiji Michine (PFU LIMITED)
• Kouichi Yamashita (PFU LIMITED)

3F2: Attack Detection / Classification (session chair: Ayumu Kubota)

3F2-1: Hybrid Anomaly Detection System with Random Forests and K-Means

• * Hisashi Takahara (University of NIIGATA PREFECTURE)

3F2-2: Analysis of Malicious Access Logs Using the Session Graph

• * Naoki Hayashi (Hitachi Ltd.)
• Tatsuya Sekiguchi (Hitachi Systems Ltd.)
• Hirofumi Nakakoji (Hitachi Ltd.)

3F2-3: Investigation of Long-term Attacker Host's Behaviour

• * Masayoshi Mizutani (Tokyo Research. IBM, Japan)

3F2-4: Towards Automatically Detecting Promotional Attacks in Mobile App Store

• ** Bo Sun (Waseda University)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Tatsuya Mori (Waseda University)

3B3: Web Tracking (session chair: Yoshinori Takesako)

3B3-1: An Implementation of Web Tracking Detection System and An Investigation of Third-party Tracking Sites

• ** Yumehisa Haga (School of Fundamental Science and Engineering, Waseda University)
• Yuta Takata (NTT Secure Platform Laboratories / School of Fundamental Science and Engineering, Waseda University)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Tatsuya Mori (School of Fundamental Science and Engineering, Waseda University)

3B3-2: Browser Fingerprinting in Smartphone

• ** Kazushi TAKAHASHI (Graduate School of Meiji University)
• Takayuki ISHIKAWA (Graduate School of Meiji University)
• Rio HOSOI (Graduate School of Meiji University)
• Koki YASUDA (Graduate School of Meiji University)
• Takamichi SAITO (Meiji University)

3B3-3: Proposal and Implementation of Countermeasure against Event Tracking on Web

• ** Ryohei HOSOYA (Meiji University)
• Daichi MIYATA (Graduate School of Meiji University)
• Takayuki ISHIKAWA (Graduate School of Meiji University)
• Yuta TSUNODA (Graduate School of Meiji University)
• Kazushi TAKAHASHI (Graduate School of Meiji University)
• Koki YASUDA (Graduate School of Meiji University)
• Satoshi YASHIRO (Meiji University)
• Takamichi SAITO (Meiji University)

3B3-4: Web Tracking of Private Browsing with Browser Fingerprinting

• ** Takayuki Ishikawa (Graduate School of Meiji University)
• Rio Hosoi (Graduate School of Meiji University)
• Koki Yasuda (Graduate School of Meiji University)
• Kazushi Takahashi (Graduate School of Meiji University)
• Takamichi Saito (Meiji University)

3F3: Amp Attack Countermeasure (session chair: Takeshi Okamoto)

3F3-1: Quick response activity against DRDoS attacks utilizing AmpPot

• * Takemasa Kamatani (KDDI CORPORATION)
• Wataru Senga (KDDI CORPORATION)
• Kosuke Murakami (KDDI CORPORATION)
• Daisuke Makita (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Koji Nakao (KDDI CORPORATION)

3F3-2: (Japanese version only)

3F3-3: Defense against DRDoS Attacks by OpenFlow Switches

• ** Daiki Noguchi (School of Fundamental Science and Engineering, Waseda University)
• Shigeki Goto (School of Fundamental Science and Engineering, Waseda University)

3B4: Malicious Website Analysis (session chair: Eitaro Shioji)

3B4-1: Analysis of Malicious Web Site using Various Environment

• * TOMOHIRO SHIGEMOTO (Hitachi Ltd.)
• YOSHIAKI ISOBE (Hitachi Ltd.)
• HIROFUMI NAKAKOOJI (Hitachi Ltd.)

3B4-2: A Malicious Web Site Detection Technique using Link Structure

• ** Daiki Ito (Kobe University)
• Tatsuya Nagai (Kobe University)
• Yasuhiro Takano (Kobe University)
• Masaki Kamizono (PwC Cyber Services LLC)
• Masami Mohri (Gifu University)
• Yoshiaki Shiraishi (Kobe University)
• Yuji Hoshizawa (PwC Cyber Services LLC)
• Masakatu Morii (Kobe University)

3B4-3: Implementation and Evaluation of Phishing Site Detection Method Using Image Local Features

• ** Takahashi Hironobu (Presently with Iwate Prefectural University Graduate)
• Ogura Kanayo (Presently with Iwate Prefectural University)
• Bhed Bahadur Bista (Presently with Iwate Prefectural University)
• Takata Toyoo (Presently with Iwate Prefectural University)

3B4-4: Proposal of malignant Website discovery system for security incident analysis support

• ** Takeshi Misu (Tokyo University of Information Sciences, Graduate School of Informatics)
• Junko Sato (Tokyo University of Information Sciences, Department of Informatics)
• Masaki Hanada (Tokyo University of Information Sciences, Department of Informatics)
• Takashi Yamaguchi (Tokyo University of Information Sciences, Department of Informatics)
• Eiji Nunohiro (Tokyo University of Information Sciences, Department of Informatics)

3F4: Attack and Defense (session chair: Masayuki Okada)

3F4-1: (Japanese version only)

3F4-2: Feasibility Study of Inter-Organizational Information Sharing for Cyber Security Countermeasure

• * Ruiko Kuba (Hitachi Ltd. Hitachi Incident Response Team (HIRT))
• Masato Terada (Hitachi Ltd. Hitachi Incident Response Team (HIRT))

3F4-3: Evaluation of Security Appliance against Persistent Attackers who has Prior Knowledge of Target Organization

• ** Rui Tanabe (Yokohama National University)
• Kou Ishii (Yokohama National University)
• Akira Yokoyama (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

3F4-4: Simulation of Coevolution on Attack and Defense in Cyberspace

• ** Hiroya Ishikawa (Tokyo Denki University)
• Hirofumi Yamaki (Tokyo Denki University)