October 23 (Mon) - 25 (Wed), 2017

Yamagata Kokusai Hotel, Yamagata, Japan

Photo story of MWS2017 / MWS Cup 2017

Venue

Award Ceremony

Special Session (Session 1A4)

MWS Cup 2017

MWS 2017 Research Presentations

1B3: Attack Detection (1) (session chair: Tatsuya Mori)

1B3-1: A Detailed Examination of Cyber Attack Detection Method Using Attack Scenarios

• * Kazuhiro Ono (Mitsubishi Electric Corporation, Information Technology R & D Center)
• Hideaki Ijiro (Mitsubishi Electric Corporation, Information Technology R & D Center)
• Kiyoto Kawauchi (Mitsubishi Electric Corporation, Information Technology R & D Center)

1B3-2: Detections of Attacker's Behavior Using Graph Classification Based on Tensor Decomposition

• * Takuya Nishino (Artificial Intelligent Research Laboratory Fujitsu Laboratories Ltd.)
• Ryota Kikuchi (Artificial Intelligent Research Laboratory Fujitsu Laboratories Ltd.)
• Koji Maruhashi (Artificial Intelligent Research Laboratory Fujitsu Laboratories Ltd.)
• Daisuke Fukuda (Artificial Intelligent Research Laboratory Fujitsu Laboratories Ltd.)
• Satomi Saito (Security Research Laboratory, Fujitsu Laboratories Ltd.)
• Satoru Torii (Security Research Laboratory, Fujitsu Laboratories Ltd.)
• Tetsuya Izu (Security Research Laboratory, Fujitsu Laboratories Ltd.)

1B3-3: Detection Method What Suspicious Email is Based on Email Context

• * Hiroki Nishikawa (Mitsubishi Electric Corporation, Information Technology R & D Center)
• Takumi Yamamoto (Mitsubishi Electric Corporation, Information Technology R & D Center)
• Kiyoto Kawauchi (Mitsubishi Electric Corporation, Information Technology R & D Center)

1B3-4: Evaluation of Hybrid Intrusion Detection Method Combined with Random Forest and K-Means

• * Hisashi Takahara (University of NIIGATA PREFECTURE)

2A1: Dynamic Analysis (1) (session chair: Yoshihiro Oyama)

2A1-1: Survey Analysis of Anti Virtual Machine Functions in Malicious Software

• * Kazuki Iwamoto (SecureBrain Corporation)
• Kazuki Takada (SecureBrain Corporation)
• Yu Tsuda (National Institute of Information and Communications Technology)
• Takashi Tomine (National Institute of Information and Communications Technology)
• Daisuke Inoue (National Institute of Information and Communications Technology)

2A1-2: Development of Dynamic Analysis Tool that Avoid of Anti Virtual Machine Function on Malicious Software

• * Kazuki Takada (SecureBrain Corporation)
• Kazuki Iwamoto (SecureBrain Corporation)
• Yu Tsuda (National Institute of Information and Communications Technology)
• Takashi Tomine (National Institute of Information and Communications Technology)
• Daisuke Inoue (National Institute of Information and Communications Technology)

2A1-3: Easy Implementation of Bare-Metal Sandbox with Commercial System Recovery Software

• ** Wataru Ueno (Yokohama National University)
• Kou Ishii (Yokohama National University)
• Rui Tanabe (Yokohama National University)
• Katsunari Yoshioka (Graduate School of Environment and Information Sciences, Yokohama National University/Institute of Advanced Sciences, Yokohama National University)
• Tsutomu Matsumoto (Graduate School of Environment and Information Sciences, Yokohama National University/Institute of Advanced Sciences, Yokohama National University)

2A1-4: Sandbox: Proposal of Bootable System Snapshot for Physical Machine.

• * Ichiro Asomura (Mizuho Financial Group, Inc.)
• Yasuhiro Takeda (Mizuho Financial Group, Inc.)

2B1: Web Attack Analysis (session chair: Mamoru Mimura)

2B1-1: (Japanese version only)

2B1-2: (Japanese version only)

2B1-3: (Japanese version only)

2B1-4: A Study on Classification of Malicious JavaScript Based on Source Code Similarity

• * Takeshi Misu (SecureBrain Corporation)
• Kazuo Makishima (SecureBrain Corporation)
• Kouichirou Okada (SecureBrain Corporation)
• Kazuki Iwamoto (SecureBrain Corporation)

2A2: Dynamic Analysis (2) (session chair: Atsuo Inomata)

2A2-1: STARDUST: Large-Scale Infrastructure for Luring Cyber Adversaries

• * Yu Tsuda (National Institute of Information and Communications Technology)
• Takashi Tomine (National Institute of Information and Communications Technology)
• Nobuyuki Kanaya (National Institute of Information and Communications Technology)
• Daisuke Makita (National Institute of Information and Communications Technology)
• Hayato Ushimaru (National Institute of Information and Communications Technology)
• Masato Jingu (National Institute of Information and Communications Technology)
• Yuuki Takano (National Institute of Information and Communications Technology)
• Shingo Yasuda (National Institute of Information and Communications Technology)
• Ryosuke Miura (National Institute of Information and Communications Technology)
• Satoshi Ohta (National Institute of Information and Communications Technology)
• Toshiyuki Miyachi (National Institute of Information and Communications Technology)
• Masaki Kamizono (National Institute of Information and Communications Technology)
• Masashi Eto (National Institute of Information and Communications Technology)
• Daisuke Inoue (National Institute of Information and Communications Technology)
• Koji Nakao (National Institute of Information and Communications Technology)

2A2-2: Preserving Tool for Process Behavior Using Kernel Mode Device Driver

• * Tatsuya Takehisah (National Institute of Information and Communications Technology / Nissin inc.)
• Daisuke Makita (National Institute of Information and Communications Technology)
• Masato Jingu (National Institute of Information and Communications Technology /Hitachi Systems, Ltd.)
• Hayato Ushimaru (National Institute of Information and Communications Technology / Cyber Defense Institute, Inc.)
• Daiki Fukumori (National Institute of Information and Communications Technology / Cyber Defense Institute, Inc.)
• Yu Tsuda (National Institute of Information and Communications Technology)
• Takashi Tomine (National Institute of Information and Communications Technology)
• Daisuke Inoue (National Institute of Information and Communications Technology)

2A2-3: A Method of Shortening Sleep Duration in Dynamic Malware Analysis

• * Yoshihiro Oyama (University of Tsukuba)

2A2-4: Implementation of Stack Trace on Windows 10 x64 Using Virtual Machine Monitor

• ** Yuya Yamashita (Ritsumeikan University)
• Shuhei Aketa (Ritsumeikan University)
• Eiji Takimoto (Ritsumeikan University)
• Shoichi Saito (Nagoya Institute of Technology)
• Koichi Mouri (Ritsumeikan University)

2B2: Threat Analysis / Dataset (session chair: Ayumu Kubota)

2B2-1: Investigation of Cyber Threat Analysis Method Using OSINT and Deep Reinforcement Learning

• * Masaru Kawakita (Security Research Laboratories, NEC Corporation)
• Shigeyoshi Shima (Security Research Laboratories, NEC Corporation)

2B2-2: Proposal of a Framework to Share Information on Cyberattack and Countermeasures among Multiple Organizations and within a Company Effective to Reduce Damage

• * Tatsuya Hirai (Hitachi Systems, Ltd.)
• Yuji Motokawa (Hitachi Systems, Ltd.)
• Shinichi Sasaki (Hitachi Systems, Ltd.)
• Shinichi Tankyo (Hitachi Systems, Ltd.)

2B2-3: Evaluation of Multiple WannaCry Reports from Various Organizations

• * Hiroki Kuzuno (SECOM Co., Ltd., Japan)
• Shun Inagaki (Intelligent Systems Laboratory, SECOM Co., Ltd., Japan)
• Kenichi Magata (Intelligent Systems Laboratory, SECOM Co., Ltd., Japan)

2B2-4: Overview of Research Data Set "Behavior Observable System 2017"

• * Masato Terada (Hitachi Ltd.)
• Takayuki Sato (Hitachi Ltd.)
• Sho Aoki (Hitachi Ltd.)
• Satoshi Kamekawa (Trend Micro Incorporated.)
• Tsutomu Shimizu (Trend Micro Incorporated.)
• Kenta Hagihara (Trend Micro Incorporated.)

2A3: Malware Analysis (session chair: Hiroki Hada)

2A3-1: Analysis of Ransomware Characteristics for Detection

• ** Takanari Shigeta (Graduate School of Engineering, Kobe University)
• Ryoichi Isawa (National Institute of Information and Communications Technology)
• Masakatu Morii (Graduate School of Engineering, Kobe University)
• Daisuke Inoue (National Institute of Information and Communications Technology)
• Koji Nakao (National Institute of Information and Communications Technology)

2A3-2: A Study on Steganography for Malware

• ** Yudai Nagamine (Osaka University)
• Naoto Yanai (Osaka University)
• Shingo Okamura (National Institute of Technology, Nara College)
• Toru Fujiwara (Osaka University)

2A3-3: Taint-Assisted Forensics for IAT Reconstruction

• * Yuhei Kawakoya (NTT Secure Platform Laboratories)
• Makoto Iwamura (NTT Secure Platform Laboratories)
• Jun Miyoshi (NTT Secure Platform Laboratories)

2A3-4: A Study for Malware Similarity Evaluation Method by Structural Entropy

• * Yuka Higashi (Trend Micro Incorporated)

2B3: Vulnerability and Security Evaluation (session chair: Masayuki Okada)

2B3-1: Understanding the Vulnerability Responses by Mobile App Developers

• ** Tatsuhiko Yasumatsu (Waseda University)
• Fumihiro Kanei (NTT Secure Platform Laboratories)
• Takuya Watanabe (NTT Secure Platform Laboratories)
• Eitaro Shioji (NTT Secure Platform Laboratories)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Tatsuya Mori (Waseda University)

2B3-2: Proposal on Test Platform for Efficient Penetration Testing

• * KEISUKE KITO (Information Technology R&D Center, Mitsubishi Electric Corporation)
• HIROKI NISHIKAWA (Information Technology R&D Center, Mitsubishi Electric Corporation)
• TAKUMI YAMAMOTO (Information Technology R&D Center, Mitsubishi Electric Corporation)
• KIYOTO KAWAUCHI (Information Technology R&D Center, Mitsubishi Electric Corporation)

2B3-3: Study on Automating a Penetration Test Based on an Attack State Transition

• * Hiroya Miura (National Deffence Academy)
• Mamoru Mimura (National Deffence Academy)
• Hidema Tanaka (National Deffence Academy)

2B3-4: Security Evaluation of Memory Access Pattern Protection against Active Adversaries

• * Yuto Nakano (Information Security Laboratory, KDDI Research / Faculty of Information Science and Electrical Engineering, Kyushu University)
• Seira Hidano (Information Security Laboratory, KDDI Research)
• Shinsaku Kiyomoto (Information Security Laboratory, KDDI Research)
• Kouichi Sakurai (Faculty of Information Science and Electrical Engineering, Kyushu University)

2A4: IoT / System Security (session chair: Takeshi Okamoto)

2A4-1 A Method to Find IoT Devices Based on Image Features of Their WebUI

• ** Keisuke Uchida (Yokohama National University)
• Hiroshi Mori (Yokohama National University)
• Akira Fujita (Institute of Advanced Sciences, Yokohama National University)
• Katsunari Yoshioka (Institute of Advanced Sciences, Yokohama National University / Graduate School of Environment and Information Sciences, Yokohama National University)
• Tsutomu Matsumoto (Institute of Advanced Sciences, Yokohama National University / Graduate School of Environment and Information Sciences, Yokohama National University)

2A4-2: Analysis of Factors for Persistent Infection of IoT Malware and Their Substantiation Using Real Devices

• * Satoshi Hara (FUJI SOFT INCORPORATED / Yokohama National University )
• Tsuyufumi Watanabe (FUJI SOFT INCORPORATED / Yokohama National University )
• Kazuki Tamiya (Yokohama National University )
• Katsunari Yoshioka (Institute of Advanced Sciences, Yokohama National University / Graduate School of Environment and Information Sciences, Yokohama National University)
• Tsutomu Matsumoto (Institute of Advanced Sciences, Yokohama National University / Graduate School of Environment and Information Sciences, Yokohama National University)

2A4-3: (Japanese version only)

2A4-4: Reduction of Arbitrary Code Execution Resources by Deleting Unnecessary Execution Binary Code

• * Yuta Ikegami (The Chugoku Electric Power Co., Inc.)
• Tatsuya Shoriki (K-Opticom Co., Inc.)

2B4: Attack Detection (2) (session chair: Daisuke Makita)

2B4-1: Evaluation of Detection Items against Drive-By-Download Attacks

• ** Masashi Takada (Graduate School of Sustinability Science, Tottori University)
• Kenichi Takahashi (Graduate School of Engineering, Tottori University)
• Takao Kawamura (Graduate School of Engineering, Tottori University)
• Kazunori Sugahara (Graduate School of Engineering, Tottori University)

2B4-2: Proposal to Support Analysis of Drive-by Download Attack by Highlighting Malicious URL

• ** Koya Ozaki (Kansai University)
• Shinya Ueyama (Kansai University)
• Tatsuya Konishi (Kansai University)
• Masato Yamazaki (Kansai University)
• Tsubasa Bando (Kansai University Graduate School)
• Takashi Kobayashi (Kansai University)

2B4-3: Discovering New Type of Network Scan in Early Stage by Change-Point Detection

• * Natsuru Yamamura (National Police Academy)
• Atsutoshi Kumagai (NTT Secure Platform Laboratories)
• Kazunori Kamiya (NTT Secure Platform Laboratories)
• Hiroshi Kurakami (NTT Secure Platform Laboratories)

2B4-4: Proposal of an Enhancement Technique for Detection Systems

• * Takumi Yamamoto (Mitsubishi Electric Corporation)
• Hiroki Nishikawa (Mitsubishi Electric Corporation)
• Keisuke Kito (Mitsubishi Electric Corporation)
• Kiyoto Kawauchi (Mitsubishi Electric Corporation)

3A1: Malware Detection / Data Analysis (session chair: Nobuyuki Kanaya)

3A1-1: Malware Detection Method Based on API Call Patterns, Elapsed Time and System Load between API Calls

• ** Junko Sato (Graduate School of Informatics, Tokyo University of Information Sciences)
• Masaki Hanada (Department of Information Sciences, Tokyo University of Information Sceinces)
• Kazumasa Omote (Graduate School of Systems and Information Engineering, University of Tsukuba)
• Tatakachi Yamaguti (Department of Information Sciences, Tokyo University of Information Sceinces)
• Hideno Suzuki (Department of Information Sciences, Tokyo University of Information Sceinces)
• Eiji Nunohiro (Department of Information Sciences, Tokyo University of Information Sceinces)
• Akira Orita (Hitachi Systems, Ltd. Cyber Security Research Center)
• Tatsuya Sekiguchi (Hitachi Systems, Ltd. Cyber Security Research Center)

3A1-2: Research on Detection of Unknown Malware Focusing on Registry Change

• ** Kento Kono (Kyushu University)
• Koji Okamura (Kyushu University)

3A1-3: A Malicious Code Extraction Method for PDF Files Based on DBI

• ** Kengo Kon (Graduate School of Science and Technology, Hirosaki University)
• Tomoyuki Nagase (Graduate School of Science and Technology, Hirosaki University)

3A1-4: Detecting Mimikatz by Sysmon

• * Wataru Matsuda (The University of Tokyo, Secure information society research group)
• Mariko Fujimoto (The University of Tokyo, Secure information society research group)
• Takuho Mitsunaga (The University of Tokyo, Secure information society research group)

3B1: Incident Response (session chair: Masaki Kamizono)

3B1-1: Automated System for Information Sharing and Incident Response with SDN and STIX

• * Takuho Mitsunaga (Interfaculty Initiative in Information Studies)
• Wataru Matsuda (Interfaculty Initiative in Information Studies)
• Mariko Fujimoto (Interfaculty Initiative in Information Studies)

3B1-2: Minimum Requirements of CSIRT

• * Kenta Hagihara (Trend Micro Incorporated)
• Yoshiki Sugiura (NTT Data Intellilink Corporation)

3B1-3: A Case Study of Effective Cyberattack-Exercises for Leading Infrastructure Providers

• * Miki Miyachi (CHUBU Electric Power Co., Inc.)
• Hiroyuki Hasegawa (CHUBU Electric Power Co., Inc.)
• Yukihiko Sawai (CHUBU Electric Power Co., Inc.)
• Tomomi Nukaya (ChudenCTI Co., Ltd.)
• Keisuke Nakata (ChudenCTI Co., Ltd.)
• Kenjiro Nagano (ChudenCTI Co., Ltd.)

3B1-4: (Japanese version only)

3A2: Malware Classification (session chair: Takahiro Matsuki)

3A2-1: Malware Type Classification Method Based on Network Communication Behavior

• * Seigo Terada (PFU Limited)
• Takashi Kobayashi (PFU Limited)
• Mugen Setoguchi (PFU Limited)
• Keiji Michine (PFU Limited)
• Kouichi Yamashita (PFU Limited)

3A2-2: Malware Classification Based on Data Compression Algorithm

• ** Sohei Takechi (Graduate School of Science and Engineering, Ehime University)
• Hiroshi Kai (Graduate School of Science and Engineering, Ehime University)
• Masakatu Morii (Graduate School of Engineering, Kobe University)

3A2-3: Proposal of Method for Malware Classification Using Malware Analysis Report of Multiple Analysis Environment

• * SHOTA FUJII (Hitachi Ltd.)
• TETSURO KITO (Hitachi Ltd.)
• TOMOHIRO SHIGEMOTO (Hitachi Ltd.)
• YASUHIRO FUJII (Hitachi Ltd.)

3A2-4: Detecting Android PUAs and Classifying Its Variants with Analysis of DNS Queries

• * Mitsuhiro Hatada (Waseda University / NTT Communications Corporation)
• Tatsuya Mori (Waseda University)

3B2: Web Security (session chair: Yoshinori Takesako)

3B2-1: Classification Method of Unknown Websites Based on Distribution Information of Malicious IP Addresses

• ** Shihori Kanazawa (Graduate School of Systems Information Science, Future University Hakodate)
• Yoshitaka Nakamura (School of Systems Information Science, Future University Hakodate)
• Hiroshi Inamura (School of Systems Information Science, Future University Hakodate)
• Osamu Takahashi (School of Systems Information Science, Future University Hakodate)

3B2-2: A Study on URL of Malicious Websites Built by Exploit Kit

• ** Yuya Nishio (Graduate school of Science and Engineering, Saga University)
• Masanori Hirotomo (Graduate school of Science and Engineering, Saga University)
• Masaki Kamizono (PwC Cyber Services LLC.)
• Youji Fukuta (Faculty of Science and Engineering, Kindai University)
• Masami Mohri (Graduate School of Engineering, Gifu University)
• Yoshiaki Shiraishi (Graduate School of Engineering, Kobe University)

3B2-3: Study on Combination of Features in Browser Fingerprinting

• ** Kazuhisa Tanabe (Graduate School of Meiji University)
• Kazushi Takahashi (Graduate School of Meiji University)
• Koki Yasuda (Graduate School of Meiji University)
• Masayuki Taneoka (Graduate School of Meiji University)
• Ryohei Hosoya (Graduate School of Meiji University)
• Rikita Koshiba (Meiji University)
• Yuta Saito (Meiji University)
• Takamichi Saito (Meiji University)

3B2-4: An Efficient Method to Extract Malicious Websites from Massive End-User Access Log

• ** Shuta Morishima (Yokohama National University)
• Hiroki Nakano (Yokohama National University)
• Katsunari Yoshioka (Graduate School of Environment and Information Sciences, Yokohama National University/Institute of Advanced Sciences, Yokohama National University)
• Tsutomu Matsumoto (Graduate School of Environment and Information Sciences, Yokohama National University/Institute of Advanced Sciences, Yokohama National University)
• Hiroyuki Hujiwara (Totec Amenity Corporation)

3A3: Malware and AI / Machine Learning (1) (session chair: Tomohiro Shigemoto)

3A3-1: Is Emulating "Binary Grep in Eyes" Possible with Machine Learning?

• * Mamoru Mimura (National Defense Academy / Institute of Information Security)
• Yuhei Otsubo (National Police Agency / Institute of Information Security)
• Hidema Tanaka (National Defense Academy)
• Atsuhiro Goto (Institute of Information Security)

3A3-2: Intuitive Binary Classification and Visualization with Machine Learning

• * Yuhei Otsubo (National Police Agency / Institute of Information Security)
• Mamoru Mimura (National Defense Academy / Institute of Information Security)
• Takeshi Sakaki (University of Tokyo
• Atsuhiro Goto (Institute of Information Security)

3A3-3: Semi-Supervised Machine Learning Approach for Detecting Malware Infected Host by Analyzing HTTP Traffic

• * Taishi Nishiyama (Nippon Telegraph and Telephone Corporation, Secure Platform Laboratories)
• Atsutoshi Kumagai (Nippon Telegraph and Telephone Corporation, Secure Platform Laboratories)
• Kazunori Kamiya (Nippon Telegraph and Telephone Corporation, Secure Platform Laboratories)
• Masaki Tanikawa (Nippon Telegraph and Telephone Corporation, Secure Platform Laboratories)

3A3-4: (Japanese version only)

3B3: Network Observation Technology (1) (session chair: Takashi Koide)

3B3-1: Proposal and Evaluation for a Classification Method of Cyber Attack Programs in the Initial Stage

• * Yuki Ashino (Cyber Security Factory, National Security Solution Division, NEC Corporation)
• Yasuhiro Nakamura (Department of Computer Science, School of Electrical and Computer Engineering, National Defense Academy)
• Yukiko Yano (Cyber Security Factory, National Security Solution Division, NEC Corporation)
• Shigeyoshi Shima (Cyber Security Factory, National Security Solution Division, NEC Corporation)

3B3-2: (Japanese version only)

3B3-3: An Evaluation on Reduction of Traffic Amount and Influence by Network Patrol Monitoring

• * Hirokazu Hasegawa (Information Strategy Office, Nagoya University)
• Yukiko Yamaguchi (Information Technology Center, Nagoya University)
• Hajime Shimada (Information Technology Center, Nagoya University)
• Hiroki Takakura (National Institute of Informatics)

3B3-4: Association Rule Analysis for Darknet Traffic Data

• ** Naoki Hashimoto (Graduate School of Engineering, Kobe University, JAPAN)
• Seiichi Ozawa (Graduate School of Engineering, Kobe University, JAPAN)
• Tao Ban (National Institute of Information and Communications Technology)
• Junji Nakazato (National Institute of Information and Communications Technology)
• Jumpei Shimamura (clwit Inc.)

3A4: Malware and AI / Machine Learning (2) (session chair: Satomi Saito)

3A4-1: Applied Online Learning with Kernel for Intrusion Detection System

• ** Kouki Takahata (Graduate Scool of Systems Information Science, Future University Hakodate)
• Ayahiko Niimi (School of Systems Information Science, Future University Hakodate)

3A4-2: (Japanese version only)

3A4-3: Malicious Process Estimation Method Using Seq2Seq Model

• ** Shun Tobiyama (Nagoya University)
• Yukiko Yamaguchi (Nagoya University)
• Hirokazu Hasegawa (Nagoya University)
• Hajime Shimada (Nagoya University)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Takeshi Yagi (NTT Secure Platform Laboratories)

3B4: Network Observation Technology (2) (session chair: Kousetsu Kayama)

3B4-1: (Japanese version only)

3B4-2: Prediction of Malicious Access by Event Dependent Model

• ** Korehito Kashiki (Kobe University)
• Naoto Sone (Naruto University of Education)
• Masakatu Morii (Kobe University)

3B4-3: Investigation of Long-Term Attacker Host's Behaviour with IP Address Attribution

• * Masayoshi Mizutani (Tokyo Research. IBM, Japan)
• Yuji Watanabe (Tokyo Research. IBM, Japan)

3B4-4: Leaving All Proxy Server Logs to Pragraph Vector

• * Mamoru Mimura (National Defense Academy)
• Hidema Tanaka (National Defense Academy)