anti Malware engineering
WorkShop 2018
(MWS 2018)

MWS 2018

October 22 (Mon) -- 25 (Thu), 2018
Hotel Metropolitan Nagano, Nagano, Japan
MWS 2018 was held with CSS 2018.

Photo story of MWS2018 / MWS Cup 2018

Venue (Hotel Metropolitan Nagano)

Award Ceremony

MWS2018 Best Paper Award:
"Automatic Enhancement of Script Engines by Appending Behavior Analysis Capabilities"
Toshinori Usui (NTT Secure Platform Laboratories)
Yuto Otsuki (NTT Secure Platform Laboratories)
Yuhei Kawakoya (NTT Secure Platform Laboratories)
Makoto Iwamura (NTT Secure Platform Laboratories)
Jun Miyoshi (NTT Secure Platform Laboratories)
MWS2018 Student Paper Award:
"Detecting Unseen Malicious Macros with Anomary Detection"
Hiroya Miura (National Defense Academy of Japan)
Mamoru Mimura (National Defense Academy of Japan)
Hidema Tanaka (National Defense Academy of Japan)
MWS2018 Best Practical Research Award:
"Long-Term Observation of RIG Exploit Kit by User Environment Observation and Robust Attack Detection against Time Change"
Akira Yamada (KDDI Research, Inc.)
MWS Cup 2018 First Place Winner:
Team UN

Total Score: 60.6
Preliminary Challenge Score : 19.2 (3rd place/16 teams)
On-site Challenge Score : 41.4 (1st place/16 teams)
MWS Cup 2018 Second Place Winner:
Team GOTO Love

Total Score: 56.2
Preliminary Challenge Score : 17.1 (11th place/16 teams)
On-site Challenge Score : 39.1 (2nd place/16 teams)
MWS Cup 2018 Third Place Winner:
Security SANKA

Total Score: 52.4
Preliminary Challenge Score : 18.4 (5th place/16 teams)
On-site Challenge Score : 34.0 (3rd place/16 teams)
MWS Cup 2018 Preliminary Challenge Winner:

Preliminary Challenge Score : 21.0 (/25)
MWS Cup 2018 On-site Challenge Winner:
Team UN

On-site Challenge Score : 41.4 (/75)
Challenge 1 Score : 13.0
Challenge 2 Score : 22.0
Challenge 3 Score : 6.4

MWS Cup 2018

Competitors in the technical session.
Commentary on the Challenges in the technical session.
group photo 1.
group photo 2.

MWS 2018 Research Presentations

  • Symbols
    • * : presenter
    • ** : student presenter

1B5: Dataset (session chair: Kazuhiro Ono)

1B5-1: Overview of Research Data Set "Behavior Observable System 2018"

1B5-2: (Japanese version only)

1B5-3: A Consideration on Dataset for Evaluation of Network-Based Intrusion Detection System

2C1: Malicious Domain Name (session chair: Masayuki Okada)

2C1-1: Generative Model of Combosquatting Domain Names and Evaluation

2C1-2: (Japanese version only)

2C1-3: (Japanese version only)

2C1-4: (Japanese version only)

2C2: Machine Learning (1) (session chair: Masatsugu Ichino)

2C2-1: (Japanese version only)

2C2-2: (Japanese version only)

2C2-3: (Japanese version only)

2C2-4: (Japanese version only)

2C3: Utilization of Natural Language Processing (session chair: Yuki Ashino)

2C3-1: Extracting Frequent ASCII Strings to Detect Unseen Malware

2C3-2: Detecting Unseen Malicious Macros with Anomary Detection

2C3-3: An Investigation of Static Feature Space for Malware Detection

2C3-4: Identification of Malware Variants Using fastText

2C3-5: Clustering Security Blog Posts Using Guided-Topic Model for Threat Analysis

2C4: Detection Avoidance and Misdetection (session chair: You Nakatsuru)

2C4-1: Survey of False-Positive by Antivirus Software and Proposal of the Countermeasures

2C4-2: Evaluation of Security Appliance against Customized Malware

2C4-3: (Japanese version only)

2C4-4: Mitigaton of Fileless-Malware in Linux

3C1: Darknet and DDoS Attack (session chair: Daisuke Makita)

3C1-1: An Analysis of Network Scanning Activity Based on Destination Address Order and Payload

3C1-2: An Extraction Method for Collaborative Scanning Host Groups Using Number of Destination Changes

3C1-3: Discovering Multi-Vector DDoS Attack by Correlation Analysis of Darknet Backscatter and Honeypot Logs

3C1-4: DDoS Attack Participation Countermeasure Method Considering User's Behavior History

3C2: Surface Analysis and Program Analysis (session chair: Kazuki Iwamoto)

3C2-1: Analysis on the Usage of the RDTSC Instruction by Malware

3C2-2: IOC Conversion with Symbolic Execution

3C2-3: Automatic Extraction of Conditions for Bypassing Malware Anti-Analysis Techniques by Using Symbolic Execution

3C2-4: Automation: Detection Method for Data Sets with Concept Drift and Scale-Free Properties

3C3: Attack Detection (session chair: Eiji Takimoto)

3C3-1: (Japanese version only)

3C3-2: Experience of System Anomaly Detection by Levelaging Log Message Format Structure

3C3-3: A Method to Detect Indiscriminate Spam Emails Focusing on Similarity of Messages Body and Attachments

3C3-4: (Japanese version only)

3B4: Dynamic Analysis (session chair: Akira Orita)

3B4-1: Analysis Method of Malicious JavaScript That Tampers Web Contents in MITB Attack

3B4-2: Automatic Enhancement of Script Engines by Appending Behavior Analysis Capabilities

3B4-3: A Survey on Malware That Log Can not be Acquired in Dynamic Analysis

3B4-4: Malware Classification Using the Call Log of an API for Dynamic Function Address Resolution

3C4: Traffic Data Analysis (session chair: Takashi Koide)

3C4-1: (Japanese version only)

3C4-2: The Detection Method for C&C Communication Using SSL/TLS Based on Characteristics of Malware Communication

3C4-3: Communication Protocol Analysis of the Cutwail Spam Delivery Service

4C1: Drive-by-download Attack (session chair: Hiroki Hada)

4C1-1: Analysis on Relevance of Communication Data during Drive-by-Download Attack

4C1-2: Detecting Malicious Websites from Direct-IP Web Accesses

4C1-3: A Study on Detection of Malicious JavaScript Based on Source Code Similarity

4C1-4: Long-Term Observation of RIG Exploit Kit by User Environment Observation and Robust Attack Detection against Time Change

4D1: Attack Analysis (session chair: Yoshiaki Shiraishi)

4D1-1: Data Modeling and Normalization for Active Monitoring of Cyber Attacks

4D1-2: Improvement of Network Forensic Method for Promptly Analyzing the Extent of Damage after Targeted Attacks

4D1-3: On Automation and Orchestration of an Initial Computer Security Incident Response Using Centralized Incident Tracking System

4D1-4: Analyze of Dynamic Analysis Log for Estimating Object of Malware Infection Activity

4C2: Machine Learning (2) (session chair: Hajime Shimada)

4C2-1: Compiler Classification from a Code Fragment

4C2-2: Malware Detection Method Using a Weighted Sum Model Based on API Call Patterns, Elapsed Time and System Load between API Calls

4C2-3: A Design Method for Zero-Day Malicious Email Detection Using Email Header Information Analysis (EHIA) and Deep-Learning Approach

4C2-4: (Japanese version only)

4D2: Cyber Attack (session chair: Takashi Matsunaka)

4D2-1: A Study of Static Character of Internet Sensors for Cyber Attacks

4D2-2: A Study of Attacker's Image Based on Classification of Programs Presumed Cyber Attack Used Packet Data Observed Long Term

4D2-3: Assessment of National Capabilities Using the Modified 'Cybersecurity Capacity Maturity Model'

4D2-4: Proposal of Cyber Attack and Defense Exercise System CyExec Composed of Ecosystem


Last Update: 2018/12/10