Workshop Programme


Time Title
9:30-10:30 Opening Remarks and Keynote I
  Welcome and Introduction Katsunari Yoshioka (Workshop Chair)
  Keynote: Observable Threat Actors Activities on BOS Masato Terada (Yokohama National University/Hitachi Incident Response Team)

Abstract: The analysis of malware mainly focuses on the functions and behaviors of malware itself, such as C&C server connections, information leaks, backdoors, etc. However, such analyses do not consider the perspective of the threat actors. Under a targeted attack such as an APT, the actions of threat actors and attribution should be the focus of analysis. In this presentation, I firstly introduce the background of the problem, then our Behavior Observable System (BOS) for the countermeasures of targeted attack generation and some Observable Threat Actors Activities. Secondly, I introduce "BOS_2014 and BOS_2015" as the research data set of the emulated targeted attacks for MWS activities.

10:30-12:00 Session 1: Network Monitoring
  Tracking Network Events with Write Optimized Data Structures Nolan Donoghue, Bridger Hahn, Helen Xu, Thomas Kroeger, David Zage and Rob Johnson
  MAD: A Middleware Framework for Multi-Step Attack Detection Panagiotis Papadopoulos, Thanasis Petsas, Giorgos Christou and Giorgos Vasiliadis
  INTERCEPT+: SDN Support for Live Migration-based Honeypots Ayumu Hirata, Daisuke Miyamoto, Masaya Nakayama and Hiroshi Esaki
12:00-13:30 Lunch Break
13:30-14:20 Keynote 2
  Keynote: Cyber Attack Data Sharing & Measures Among ISPs Through Public-Private Partnership in Japan Satoshi Noritake (Telecom-ISAC Japan/NTT Communications)

Abstract: In order to maintain a safety over the society of the Internet, ISPs play an important role in the proper operation of the Internet. However, cyber attacks have become more sophisticated and the Internet faces various types of security threats. As a result, providing stable Internet services becomes more difficult for ISPs. In order to provide stable Internet services, ISPs need to fight against cyber threats by collaborating with other organizations. A single organization can do only so much towards that goal. On the other hand, collaboration efforts between several organizations can potentially yield better results for the purpose of defending against large scale cyber attacks. In this presentation, I will explain the situation of ISPs who face cyber threats, as well as the roles of Telecom-ISAC Japan and ISPs’ activities through Public-Private Partnership projects. I will also show what type of cyber attack data is shared among ISPs and is being utilized for response measures..

14:20-15:50 Session 2: Network Analytics
  The Significant Features of the UNSW-NB15 and the KDD99 Data sets for Network Intrusion Detection Systems Nour Moustafa and Jill Slay
  Using Bayesian Decision Making to Detect Slow Scans Ichiro Shimada, Yu Tsuda, Masashi Eto and Daisuke Inoue
  DGA Bot Detection with Time Series Decision Trees Anael Bonneton, Daniel Migault, Stephane Senecal and Nizar Kheir
15:50-16:15 Coffee Break
16:15-17:45 Session 3: User Analytics
  Social Forensics: Searching for Needles in Digital Haystacks Iasonas Polakis, Panagiotis Ilia, Zacharias Tzermias, Sotiris Ioannidis and Paraskevi Fragopoulou
  Text-mining Approach for Estimating Vulnerability Score Yasuhiro Yamamoto, Daisuke Miyamoto and Masaya Nakayama
  ANJA: Anti-Phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS Pernelle Mensah, Gregory Blanc, Kazuya Okada, Daisuke Miyamoto and Youki Kadobayashi
17:45-18:00 Closing Remarks