A poster got accepted (CCS19)

Our poster on the first analysis of Voice Assistant apps submitted to ACM Conference on Computer and Communications Security (CCS 2019) got accepted. This is a joint work with NTT. Congrats, Natatsuka-san!

Atsuko Natatsuka, Ryo Iijima, Takuya Watanabe, Mitsuaki Akiyama, Tetsuya Sakai, and Tatsuya Mori, “A First Look at the Privacy Risks of Voice Assistant Apps,” (poster presentation), Proc. of ACM Conference on Computer and Communications Security (CCS 2019) (to appear)

A paper got accepted (ACSAC19)

Our paper on the automatic generation of IOC (indicator of compromise) submitted to the 35th Annual Computer Security Applications Conference (ACSAC2019) got accepted for publication. This is a joint work with NTT and UC Berkeley. Congratulations, Kurogome-san!

Yuma Kurogome, Yuto Otsuki, Yuhei Kawakoya, Makoto Iwamura, Syogo Hayashi, Tatsuya Mori, and Koushik Sen, “EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection, ” Proceedings of the the 35th Annual Computer Security Applications Conference (ACSAC2019), pp. xx–xx, December 2019. (acceptance rate = 22.6%=60/266) (to appear)

A paper got accepted (IMC19)

Our paper on the IDN homograph attack detection submitted to the 19th ACM  Internet Measurement Conference (IMC 2019) got accepted for publication. This is a joint work with JPRS and NTT Secure Platform Labs. Congratulations, Suzuki-kun!

H. Suzuki, D. Chiba, Y. Yoneya, T. Mori, and S. Goto, “ShamFinder: An Automated Framework for Detecting IDN Homographs,” Proceedings of the 19th ACM  Internet Measurement Conference (IMC 2019),  pp. xx-xx, October 2019 (acceptance rate = 19.3%=38/197) (to appear)

Preprint is available: https://arxiv.org/abs/1909.07539

Presented a talk at EuroUSEC2019

Mori-san presented a talk at the 4th IEEE European Workshop on Usable Security (EuroUSEC 2019), which is held in Stockholm, Sweden. This work is a joint work with NTT Secure Platform Laboratories.

K. Mori, T. Watanabe, Y. Zhou, A. Hasegawa, M. Akiyama, T. Mori, “Comparative Analysis of Three Language Spheres: Are Linguistic and Cultural Differences Reflected in Password Selection Habits?,” Proceedings of the 4th IEEE European Workshop on Usable Security (EuroUSEC 2019), pp. 159-171, June 2019 [PDF]


東京五輪公式サイトに類似したドメイン名の調査分析

https://www3.nhk.or.jp/news/html/20190530/k10011934931000.html

はじめに

東京五輪公式サイト(tokyo2020.org )に類似したドメイン名の調査分析に関して、NHKの取材に協力しました。取材に基づくニュースが2019/5/30のニュース7、および首都圏ニュースで放送されました。以下では放送内では紹介しきれなかった具体的な調査方法と得られた結果の一部をご紹介したいと思います(さしあたってIT系技術者向けに書いています)。このような調査分析の趣旨は、フィッシング攻撃に対する注意喚起が主目的です。東京オリンピックにちなんだビジネスや関連事業を営む方々が類似ドメイン名を正当な目的で使うことは十分に考えられ、決してそれらの営みに問題があるといった主張ではありません。どうぞご了承ください。

※以下に簡単な分析結果を示しますが、現在十分な時間がとれないため、徐々に更新していきます。

Continue reading