anti Malware engineering WorkShop 2014 (MWS 2014)

[ MWS2008 | MWS2009 | MWS2010 | MWS2011 | MWS2012 | MWS2013 ]

MWS 2014

October 22 (Wed) - 24 (Fri), 2014
Sapporo Convention Center, Sapporo, Japan

Photo story of MWS 2014

Venue: Sapporo Convention Center

Award Ceremony

	MWS2014 Best Paper Award: Identifying of System Call Invoker by Branch Trace Facilities, Yuto Otsuki, Eiji Takimoto (Ritsumeikan University), Shoichi Saito (Nagoya Institute of Technology) and Koichi Mouri (Ritsumeikan University)
	MWS2014 Best Student Paper Award: Use-After-Free Prevention Method using Memory Reuse Prohibited Library, Yuta Ikegami and Toshihiro Yamauchi (Okayama University)
	MWS2014 Best Student Paper Award: Analyzing the inconsistency between words and actions of Android apps, Takuya Watanabe (Waseda University), Mitsuaki Akiyama (NTT Secure Platform Laboratories), Tetsuya Sakai, Hironobu Washizaki and Tatsuya Mori (Waseda University)
	MWS Cup 2014 Award Winner: JINKAI-SENJUTSU Team, Shin-ya Kobayashi, Hiroaki Matsuno (Shizuoka University), Yuuki Ishida, Shin-ichi Takeda (Tokyo University of Information Sciences), Akira Orita, Masaya Nakamura (Hitachi Systems, Ltd.,), Kazuya Kuwahara (Digital Arts Inc.), Naoto Kawaguchi (Japan Advanced Institute of Science and Technology), Ruiko Kuba, Kazumi Ishibuchi, Tetsuro Kito, Masashi Fujiwara (Hitachi, Ltd.), Masaki Hanada (Tokyo University of Information Sciences), Masakatsu Nishigaki (Shizuoka University), Hiroaki Kikuchi (Meiji University)
	MWS Cup 2014 Award Winner with Technical Component: Team UN, Toru Iwano, Reika Samejima, Naohisa Nishida, Shota Mochizuki, Hayate Goto, Shin Sasaki, Kensuke Takahashi, Yuuki Tokushige (The University of Electro-Communications), Takayuki Watanabe, Tatsuya Ichida (NTT Communications), Yasuyuki Tanaka (NTT Com Security), Takanori Inazumi (NTT Communications)
	MWS Cup 2014 Award Winner with Artistic Component: Team "GOTO Love with m1z0r3", Kazuki Aoki, Taiki Ikenishi, Shota Kozaki, Masaki Shimura, Kazuki Takahashi, Takanori Takebe, Yusuke Kubo, Takumi Sato, Kazuma Shinomiya, Yuya Nakayama, Bo Sun, Akira Saso, Takuya Watanabe, Yumehisa Haga, Toshiaki Harada, Yuta Ishii (Waseda University)

MWS Cup 2014

	Briefing from MWS general chair, before the technical session
	Commentary to the Preliminary Challenges from the authors (1)
	Commentary to the Preliminary Challenges from the authors (2)
	Commentary to the Preliminary Challenges from the authors (3)
	Commentary to the Preliminary Challenges from the authors (4)
	During the technical session (1)
	During the technical session (2)
	Presentation session (1)
	Presentation session (2)
	Group photograph

MWS 2014 Manuscripts and Slides

1A3: Countermeasure against Drive-by Download Attack (1) (session chair: Masaki Kamizono)

1A3-1: Searching URLs that have similar features to the existing malicious URLs

• ** Bo Sun (Waseda University)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Takeshi Yagi (NTT Secure Platform Laboratories)
• Tatsuya Mori (Waseda University)

1A3-2: Visualization system for Drive-by-download traffic

• ** Hiroaki Matsumoto (Graduate School of Information and Telecommunication Engineering, Tokai University)
• Hiroshi Ishii (Graduate School of Information and Telecommunication Engineering, Tokai University)
• Hiroki Usuba (School of Interdisciplinary Mathematical Sciences, Meiji University)
• Hiroaki Kikuchi (School of Interdisciplinary Mathematical Sciences, Meiji University)

1A3-3: Improving Coverage of Environment-dependent Code Using Program Slicing to Extract Potential URLs

• * Yuta Takata (NTT Secure Platform Laboratories)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Takeshi Yagi (NTT Secure Platform Laboratories)
• Takeo Hariu (NTT Secure Platform Laboratories)

1A3-4: A Study on Characteristics of PDF Files in Drive-by-Download Attacks

• ** Yuya Konno (Graduate School of communication Engineering, Tohoku Institute of Technology)
• Hiroshi Tsunoda (Graduate School of communication Engineering, Tohoku Institute of Technology)

1A4: Countermeasure against Targeted Attack (1) (session chair: Mitsuhiro Hatada)

1A4-1: The method of grouping targeted attacks by considering the similarity of strings

• * Takayoshi Hojo (High-Tech Crime Technology Division, Info-Communications Bureau, National Police Agancy of Japan)
• Kanta Matsuura (Institute of Industrial Science, the University of Tokyo)

1A4-2: A Method to Create Knowledge Base of Attackers' Intention Behind Malware Activities

• * Masafumi Watanabe (NEC Corporation)
• Shigeyoshi Shima (NEC Corporation)
• Rui Tanabe (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)

1A4-3: Observing RAT server's behavior using its client GUI Part2

• * Yusuke Takahashi (Yokohama National University)
• Masaaki Kobayashi (Yokohama National University)
• YuehTing Chen (Yokohama National University)
• Taira Oyama (Yokohama National University)
• Fumihiro Kanei (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

1A4-4: Proposal of Forensics Method Based on Communication Procedure of Process

• * Masaki KAMIZONO (National Institute of Information and Communications Technology / Securebrain Corporation)
• Takashi Tomine (National Institute of Information and Communications Technology)
• Yu Tsuda (National Institute of Information and Communications Technology)
• Masashi Eto (National Institute of Information and Communications Technology)
• Yuji Hoshizawa (Securebrain Corporation)
• Daisuke Inoue (National Institute of Information and Communications Technology)

2A1: Observation and Analysis of Network Attacks (session chair: Hiroaki Kikuchi)

2A1-1: Analysis of amplifier probing for reflector attacks

• ** Yumehisa Haga (School of Fundamental Science and Engineering, Waseda University)
• Akira Saso (School of Fundamental Science and Engineering, Waseda University)
• Tatsuya Mori (School of Fundamental Science and Engineering, Waseda University)
• Shigeki Goto (School of Fundamental Science and Engineering, Waseda University)

2A1-2: A study of stepping stone detection using active scan and observation of Darknet

• Yoichi Goto (National Defense Academy and Department of Computer Science)
• * Yasuhiro Nakamura (National Defense Academy and Department of Computer Science)

2A1-3: Communication Analysis of Android Devices in the Darknet

• ** Takayuki Suzuki (Graduate School of Information Environment, Tokyo Denki University)
• Nanto Suzuki (Graduate School of Information Environment, Tokyo Denki University)
• Takahiro Kasama (National Institute of Information and Communications Technology)
• Jumpei Shimamura (clwit Inc.)
• Daisuke Inoue (National Institute of Information and Communications Technology)
• Noriharu Miyaho (Graduate School of Information Environment, Tokyo Denki University)

2A1-4: Multimodal Analysis for Understanding Attack Activities of Embedded Devices

• * Takahiro KASAMA (National Institute of Information and Communications Technology)
• Jumpei Shimamura (clwit Inc.)
• Daisuke Inoue (National Institute of Information and Communications Technology)

2A2: MWS Cup Presentation Session

2A3: Countermeasure against Drive-by Download Attack (2) (session chair: Makoto Iwamura)

2A3-1: An Approach to Detect Drive-by Download by Analyzing Web Link Structureswith Web Access Logs on the Framework for Counting Drive-By Download

• * Takashi MATSUNAKA (KDDI R&D Laboratories, Inc.)
• Ayumu Kubota (KDDI R&D Laboratories, Inc.)
• Yuji Hoshizawa (SecureBrain Corporation)

2A3-2: Use-After-Free Prevention Method using Memory Reuse Prohibited Library

• ** Yuta Ikegami (Graduate School of Natural Science and Technology, Okayama University)
• Toshihiro Yamauchi (Graduate School of Natural Science and Technology, Okayama University)

2A3-3: Detection of Drive-by Download Attacks Based on File Type Transition in Malware Infection Process

• ** Yasutaka Shindo (Department of Communications and Computer Engineering, Tokyo Institute of Technology)
• Akihiro Satoh (Information Science Center, Kyushu Institute of Technology)
• Yutaka Nakamura (Information Science Center, Kyushu Institute of Technology)
• Katsuyoshi Iida (Department of Communications and Computer Engineering, Tokyo Institute of Technology)

2A3-4: Study for the expansion of the detection range and the assessment of the effectiveness of cyber attack detection system in a real system

• * Hisamichi Ohtani (NTT DATA Corporation)
• Hiroki Mashiko (NTT DATA Corporation)
• Masayoshi Shigeta (NTT DATA Corporation)

2B3: Static Malware Analysis (session chair: Koichi Mouri)

2B3-1: Analyzing the inconsistency between words and actions of Android apps

• ** Takuya Watanabe (Waseda University)
• Mitsuaki Akiyama (NTT Secure Platform Laboratories)
• Tetsuya Sakai (Waseda University)
• Hironobu Washizaki (Waseda University)
• Tatsuya Mori (Waseda University)

2B3-2: Malware Classification Robust against Compiler Modification

• ** Toshinori Usui (Institute of Industrial Science, The University of Tokyo)
• Kanta Matsuura (Institute of Industrial Science, the University of Tokyo)

2B3-3: SECCON 2014 Summer On-line Qualifying CTF Participation Report

• * Takekoshi (University of Tsukuba)
• Yuta Kuwahara (University of Tsukuba)
• Masato Kunita (University of Tsukuba)
• Takashi Motosu (University of Tsukuba)
• Chiharu Usui (University of Tsukuba)
• Yu Yoshimura (University of Tsukuba)

2A4: Security Technology Verification (session chair: Tatsuya Mori)

2A4-1: An Evaluation Method of Anti-virus Software on Capability of Behavior-based Malware Detection

• ** Yueh-Ting Chen (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

2A4-2: Accuracy Evaluation of Detection Results of Security Appliance on Examining Reproduced Packets

• ** Kunihiko Natori (Yokohama National University)
• Yusuke Takahashi (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

2A4-3: Evaluation of malware detection algorithm by machine learning based on time-series data

• * Kenji Aiko (FFRI, Inc.)
• Takahiro Matsuki (FFRI, Inc.)

2A4-4: Countermeasure Activities of Ministry of Internal Affairs and Communications against Malwares

• * Shinsuke Akasaka (Ministry of Internal Affairs and Communications, Japan)

2B4: Countermeasure against Targeted Attack (2) (session chair: Nasanobu Morinaga)

2B4-1: Proposal of virtualization isolation system to APT

• * Kazuya Kuwabara (Digital Arts Inc.)
• Akihiro Sakurai (Digital Arts Inc.)
• Yukari Sugiyama (Digital Arts Inc.)
• Shigeki Kimura (Digital Arts Inc.)
• Noriyuki Takahashi (Digital Arts Inc.)

2B4-2: Detection Method of Remote Access Trojan in an Early Stage

• ** Dan Jiang (School of Information Science, Japan Advanced Institute of Science and Technology)
• Kazumasa Omote (School of Information Science, Japan Advanced Institute of Science and Technology)

2B4-3: Proposal of a Detection Method of Malicious Process by Focusing on the Similarity of the States of the Hosts

• ** Ryota Kikkawa (Yokohama National University)
• Masaki Kamizono (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

2B4-4: A Simulative Deception Method against Targeted Attack Activities on Intranet

• * Takahiro Kakumaru (NEC Corporation)
• Shigeyoshi Shima (NEC Corporation)
• Katsunari Yoshioka (Yokohama National University)

3A1: Malware Attack Detection (1) (session chair: Katsunari Yoshioka)

3A1-1: A Study for improvement of unknown malware's detection accuracy on Sandbox Analysis

• * Tatsuya Ichida (NTT Com Security (Japan) KK)
• Toshiaki Sudoh (NTT Communications Corporation)
• Satoru Takamori (NTT Com Security (Japan) KK)

3A1-2: An Experimental Result of Malware Detection using Statistical Techniques

• * Yasuyuki Tanaka (NTT Communications Corporation / Institute of Information Security)
• Jun Arikawa (NTT Communications Corporation)
• Mitsuhiro Hatada (NTT Communications Corporation)

3A1-3: Detecting Malware with Machine Learning Reloaded

• ** Akira Saso (Waseda University)
• Junichi Murakami (FFRI Inc.)
• Takahiro Matsuki (FFRI Inc.)
• Tatsuya Mori (Waseda University)

3B1: Dynamic Malware Analysis (1) (session chair: Yoshihiro Oyama)

3B1-1: Proposal for Cryptographic Function Identification

• Takumi Yamamoto (Mitsubishi Electric Corporation Information Technology R&D Center)
• * Hiroki Nishikawa (Mitsubishi Electric Corporation Information Technology R&D Center)
• Kiyoto Kawauchi (Mitsubishi Electric Corporation Information Technology R&D Center)
• Junko Nakajima (Mitsubishi Electric Corporation Information Technology R&D Center)
• Shoji Sakurai (Mitsubishi Electric Corporation Information Technology R&D Center)

3B1-2: Identifying of System Call Invoker by Branch Trace Facilities

• ** Yuto Otsuki (Ritsumeikan University)
• Eiji Takimoto (Ritsumeikan University)
• Shoichi Saito (Nagoya Institute of Technology)
• Koichi Mouri (Ritsumeikan University)

3B1-3: Stealth malware analysis by using taint propagation on virtual machine monitor

• ** Yuma Kurogome (Faculty of Environment and Information Studies, Keio University)
• Keiji Takeda (Keio University)

3B1-4: Research on Attack Methods of Online Banking Malware Based on Static Analysis and Behavior Observation

• * Masata Nishida (Advanced Research Laboratory, SecureBrain Corporation)
• Tsuyoshi Tachikawa (Advanced Research Laboratory, SecureBrain Corporation)
• Kazuki Iwamoto (Advanced Research Laboratory, SecureBrain Corporation)
• Motoi Endo (Advanced Research Laboratory, SecureBrain Corporation)
• Yoshio Okumura (Advanced Research Laboratory, SecureBrain Corporation)
• Yuji Hoshizawa (Advanced Research Laboratory, SecureBrain Corporation)

3A2: Malware Attack Detection (2) (session chair: Takahiro Kasama)

3A2-1: Proposal of a method to detect the ROP attack code on the network

• * YASUYUKI TANAKA (IISEC / NTT Communications Corp.)
• ATSUHIRO GOTO (IISEC)

3A2-2: Design and Evaluation of a Profiling Method to Detect Post-infection Communications

• * Daiki Chiba (Secure Platform Laboratories)
• Takeshi Yagi (Secure Platform Laboratories)
• Mitsuaki Akiyama (Secure Platform Laboratories)
• Kazufumi Aoki (Secure Platform Laboratories)
• Takeo Hariu (Secure Platform Laboratories)

3A2-3: Applying LPC Cepstrum analysis on malware infection detection

• ** Toru Iwano (Graduate School of Informatics and Engineering, The University of Electro-Communications)
• Hiroshi Yoshiura (Graduate School of Informatics and Engineering, The University of Electro-Communications)
• Mitsuhiro Hatada (NTT Communications Corporation)
• Masatsugu Ichino (Graduate School of Informatics and Engineering, The University of Electro-Communications)

3A2-4: Efficient Implementation and Adaptive Processing Architecture of Sequence Operator

• ** Toshiyuki Shimanuki (College of Information Science, University of Tsukuba)
• Hideyuki Kawashima (Faculty of Information, Systems and Engineering / Center for Computational Sciences, University of Tsukuba)

3B2: Dynamic Malware Analysis (2) (session chair: Kazufumi Aoki)

3B2-1: Proposal of Multimodal Malware Analysis System with Multiple Types of Sandboxes.

• * Hirofumi Nakakoji (Hitachi, Ltd. / Meiji University)
• Tomohiro Shigemoto (Hitachi, Ltd.)
• Tetsuro Kito (Hitachi, Ltd.)
• Naoki Hayashi (Hitachi, Ltd.)
• Masato Terada (Hitachi, Ltd.)
• Hiroaki Kikuchi (Meiji University)

3B2-2: A Study on Dissimilarity Measure for Malware's Behaviors from Multiple Sandboxes

• * Naoki Hayashi (Hitachi, Ltd.)
• Tomohiro Shigemoto (Hitachi, Ltd.)
• Tetsuro Kito (Hitachi, Ltd.)
• Hirofumi Nakakoji (Hitachi, Ltd.)

3B2-3: Proposal of Malware Dynamic Analysis in Real Android Device

• ** Keisuke Hashida (Yokohama National University)
• Fumihiro Kanei (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

3B2-4: A Proposal of Malware Sandbox Analysis Method for Safe Observation of Linux Malware

• ** Rui Tanabe (Yokohama National University)
• Takuya Tsutsumi (Yokohama National University)
• Takashi Koide (Yokohama National University)
• Daisuke Makita (Yokohama National University / National Institute of Information and Communications Technology)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

3A3: Dataset Collection and Analysis (session chair: Takahiro Matsuki)

3A3-1: Analysis of Malicious Domain Name Usage focused on DNS Name Resolution

• * Masayoshi Mizutani (IBM Japan, Tokyo Research)

3A3-2: A Study on Malware Selection Methodology for Evaluation based on Dynamic Analysis

• * Takayuki Watanabe (NTT Communications Corporation)
• Mitsuhiro Hatada (NTT Communications Corporation)

3A3-3: Application of Deduplication to Malware Data

• * Yoshihiro Oyama (The University of Electro-Communications)
• Ryo Matsumiya (The University of Electro-Communications)

3A3-4: Feasibility Study of Research Data Set "Behavior Observable System 2014"

• * Masato Terada (Hitachi Ltd.)
• Sho Aoki (Hitachi Ltd.)
• Junya Kusumi (Hitachi Systems, Ltd.)
• Tomohiro Shigemoto (Hitachi Ltd.)
• Kenta Hagihara (Trend Micro Incorporated)

3B3: Dynamic Malware Analysis (3) (session chair: Hirofumi Nakakoji)

3B3-1: Supporting Malware Sandbox Analysis with MACIVISY (MAlware Communication Interactive VIsualization SYstem)

• ** Hiroshi Mori (Yokohama National University)
• Katsunari Yoshioka (Yokohama National University)
• Tsutomu Matsumoto (Yokohama National University)

3B3-2: Malware Download Site Detection Based on Dependencies between Remote Servers and Malware Behavior

• * Tomonori Ikuse (NTT Secure Platform Laboratories)
• Kazufumi Aoki (NTT Secure Platform Laboratories)
• Takeshi Yagi (NTT Secure Platform Laboratories)
• Takeo Hariu (NTT Secure Platform Laboratories)

3B3-3: A Study on Visualization of Malware and Its Applications

• ** Takahiro Matsushige (Graduate School of Engineering, Kobe University)
• Kazuya Uratsuji (Graduate School of Science and Engineering, Ehime University)
• Hiroshi Kai (Graduate School of Science and Engineering, Ehime University)
• Masakatu Morii (Graduate School of Engineering, Kobe University)

3B3-4: Original Entry Point Detection by Classifying Dynamically Generated Instructions

• ** Kotaro Kishibe (Graduate School of Engineering, Kobe University)
• Noriaki Nakamura (Graduate School of Engineering, Kobe University)
• Masakatu Morii (Graduate School of Engineering, Kobe University)
• Ryoichi Isawa (National Institute of Information and Communications Technology)
• Daisuke Inoue (National Institute of Information and Communications Technology)
• Koji Nakao (National Institute of Information and Communications Technology)

Contact us

If you have any questions, please contact: csecreg sdl.hitachi.co.jp

Published: 2014/06/05 20:00 Last Update: 2014/12/12 17:10

Copyright 2014 The IPSJ, Information Processing Society of Japan, All rights reserved.

• TOP
• Japanese
• CSS2014

MWS 2014 Datasets provided by