NECOMA NECOMA

Nippon-European Cyberdefense-Oriented Multilayer threat Analysis

Project Deliverables

  • Deliverable D1.4: Threat Data Final Report (April 2016) Icon pdf (1.4 MB)
  • Deliverable D2.1: Threat Analysis (November 2014)  Icon pdf (3.0 MB)
  • Deliverable D2.2: Threat Analysis Platform (November 2015)  Icon pdf (3.4 MB)
  • Deliverable D3.1: Policy Enforcement Point Survey (November 2013)  Icon pdf (258.1 KB)
  • Deliverable D3.3: Security Information Exchange - Results (May 2015) Icon pdf (4.9 MB)
  • Deliverable D3.5: Countermeasure Application - Results (November 2015) Icon pdf (11.0 MB)
  • Deliverable D4.1: Requirements and Specifications of Testing Environments (February 2015) Icon pdf (1.7 MB)
  • Deliverable D5.4: EU workshop proceedings (October 2014) Icon pdf (5.1 MB)
  • Deliverable D5.6A: User and Contributor Guide for NECOMA Results (July 2016) Icon pdf (135.6 KB)

Publications in Conferences

2016

  • Romain Fontugne, Johan Mazel, Kensuke Fukuda. Characterizing Roles and Spatio-Temporal Relations of C&C Servers in Large-Scale Networks. In proceedings of the International Workshop on Traffic Measurements for Cybersecurity (WTMC 2016). Xi'an, China. May 2016. Icon pdf (5.8 MB)
  • Johan Mazel, Romain Fontugne, Kensuke Fukuda. Identifying Coordination of Network Scans Using  Probed Address Structure. In proceedings of the  Traffic Monitoring and Analysis workshop (TMA). Louvain La Neuve, Belgium. April 2016. Icon pdf (318.8 KB)
  • Jordan Frecon, Romain Fontugne, Gustavo Didier, Nelly Pustelnik, Kensuke Fukuda, Patrice Abry. Non-linear Regression for Bivariate Self-similarity Identification - Application to Anomaly Detection in Internet Traffic based on a Joint Scaling Analysis of Packet and Byte Counts. In proceedings of the 41st IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP). Shangai, China. March, 2016. Icon pdf (278.3 KB)
  • Daisuke Miyamoto, Ryo Nakamura, Yuji Sekiya, Takeshi Takahashi. Offloading Smartphone Firewalling Using OpenFlow-capable Wireless Access Points. In Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom). Sydney, Australia. March 2016. Icon pdf (222.9 KB)

2015

  • Daisuke Miyamoto, Yasuhiro Yamamoto, Masaya Nakayama. Text mining-based Approach for Estimating Vulnerability Score. In proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2015). Kyoto, Japan, November 2015. Icon pdf (210.9 KB)

  • Ayumu Hirata, Daisuke Miyamoto, Masaya Nakayama, Hiroshi Esaki. INTERCEPT+: SDN Support for Live Migration-based Honeypots. In proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2015). Kyoto, Japan, November 2015. Icon pdf (539.1 KB)

  • Pernelle Mensah, Gregory Blanc, Kazuya Okada, Daisuke Miyamoto, Youki Kadobayashi. AJNA: Anti-Phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS. In proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2015). Kyoto, Japan, November 2015. Icon pdf (326.2 KB)
  • Panagiotis Papadopoulos, Thanasis Petsas,  Giorgos Christou and Giorgos Vasiliadis. MAD: A Middleware Framework for Multi-Step Attack Detection. In proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2015). Kyoto, Japan, November 2015. Icon pdf (319.3 KB)
  • Daisuke Miyamoto, Blanc Gregory, Youki Kadobayashi. Eye Can Tell: On the Correlation between Eye Movement and Phishing Identification. In proceedings of the 22nd International Conference on Neural Information Processing (ICONIP). Istanbul, Turkey, November 2015. Icon pdf (2.3 MB)
  • Evangelos Ladakis, Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, and Georgios Portokalidis. GPU-Disasm: A GPU-based x86 Disassembler. In proceedings of the 18th Information Security Conference (ISC). Trondheim, Norway, September 2015. Icon pdf (498.8 KB)
  • Iasonas Polakis, Michalis Diamantaris, Thanasis Petsas, Federico Maggi, and Sotiris Ioannidis. Powerslave: Analyzing the Energy Consumption of Mobile Antivirus Software. In proceedings of the 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2015). Milano, Italy, July 2015. Icon pdf (352.4 KB)
  • Paweł Pawliński, Adam Kozakiewicz. Lowering Cost of Data Exchange for Analysis and Defence. In proceedings of the Coordinating Attack Response at Internet Scale (CARIS) Workshop. Berlin, Germany, June 2015. Icon pdf (65.1 KB)
  • Michał Kruczkowski, Ewa Niewiadomska-Szynkiewicz, Adam Kozakiewicz. Cross-Layer Analysis of Malware Datasets for Malicious Campaign Identification. In Proceedings of the International Conference on Military Communications and Information Systems (ICMCIS 2015). Cracow, Poland, May 2015.
  • Romain Fontugne, Patrice Abry, Kensuke Fukuda, Pierre Borgnat, Johan Mazel, Herwig Wendt, Darryl Veitch. Random Projection and Multiscale Wavelet Leader Based Anomaly Detection and Address Identification in Internet Traffic. In proceedings of the 40th IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP). Brisbane, Australia, April, 2015. Icon pdf (1.1 MB)
  • Thanasis Petsas, Giorgos Tsirantonakis, Elias Athanasopoulos, Sotiris Ioannidis. Two-factor Authentication: Is the World Ready? Quantifying 2FA Adoption. In proceedings of the 8th European Workshop on System Security (EUROSEC 2015). Bordeaux, France, April, 2015. Icon pdf (431.8 KB)
  • Romain Fontugne, Johan Mazel, Kensuke Fukuda. An Empirical Mixture Model for Large-Scale RTT Measurements. In proceedings of the 34th IEEE International Conference on Computer Communications (INFOCOM 2015). Hong Kong, April, 2015. Icon pdf (787.5 KB)
  • Michał Kruczkowski, Ewa Niewiadomska-Szynkiewicz, Adam Kozakiewicz. FP-tree and SVN for Malicious Web Campaign Detection. In Proceedings of the 7th Asian Conference Intelligent Information and Database Systems (ACIIDS 2015). Bali, Indonesia, March 2015.
  • Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, Hervé Debar. Towards Autonomic DDoS Mitigation using Software Defined Networking. In Proceedings of the 2015 NDSS Workshop on Security of Emerging Networking (SENT 2015). San Diego,US.  February 2015. Icon pdf (491.5 KB)
  • Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis, and Sotiris Ioannidis. The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015). San Diego, CA, US, February 2015. Icon pdf (263.4 KB)

2014

  • Jianxing Chen, Romain Fontugne, Akira Kato, and Kensuke Fukuda. Clustering Spam Campaigns with Fuzzy Hashing. In Proceedings of the 10th Asian Internet Engineering Conference (AINTEC’14). Chiang Mai, Thailand, November 2014. Icon pdf (832.4 KB)
  • Sirikarn Pukkawanna, Youki Kadobayashi, Gregory Blanc, Joaquin Garcia-Alfaro, Herve Debar. Classification of SSL Servers based on their SSL Handshake for Automated Security Assessment. In Proceedings of International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014). Wroclaw, Poland. September, 2014. Icon pdf (192.5 KB)
  • Hajime Tazaki, Kazuya Okada, Yuji Sekiya, Youki Kadobayashi. MATATABI: Multi-layer Threat Analysis Platform with Hadoop. In Proceedings of International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014). Wroclaw, Poland. September, 2014. Icon pdf (375.0 KB)
  • Daisuke Miyamoto, Takuji Iimura, Gregory Blanc, Hajime Tazaki, Youki Kadobayashi. EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits. In Proceedings of International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014). Wroclaw, Poland. September, 2014. Icon pdf (2.3 MB)
  • Jean Lorchat, Cristel Pelsser, Romain Fontugne. Collaborative Repository for Cybersecurity Data and Threat Information. In Proceedings of International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014). Wroclaw, Poland. September, 2014. Icon pdf (615.4 KB)
  • Michał Kruczkowski, Ewa Niewiadomska-Szynkiewicz. Support Vector Machine for malware analysis and classification. In Proceedings of Web Intelligence (WI) and Intelligent Agent Technologies (IAT), 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence. Warsaw, Poland. August, 2014.
  • Jun Liu, Kensuke Fukuda. Towards a Taxonomy of Dakrnet Traffic. In Proceedings of the International Workshop on Traffic Analysis and Characterization (TRAC 2014). Nicosia, Cyprus. August, 2014. Icon pdf (727.6 KB)
  • Johan Mazel, Romain Fontugne, Kensuke Fukuda. A Taxonomy of Anomalies in Backbone Network Traffic. In Proceedings of the International Workshop on Traffic Analysis and Characterization (TRAC 2014). Nicosia, Cyprus. August, 2014. Icon pdf (637.7 KB)
  • Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis. AndRadar: Fast Discovery of Android Applications in Alternative Markets. In Proceedings of the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). London, UK. July 2014. Icon pdf (1.3 MB)
  • Kazuya Okada, Hiroaki Hazeyama, Youki Kadobayashi. Oblivious DDoS Mitigation with Locator/ID Separation Protocol. In Proceedings of the 9th International Conference on Future Internet Technologies. Tokyo, Japan. June, 2014. Icon pdf (226.1 KB)
  • Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, Sotiris Ioannidis. Rage Against the Virtual Machine: Hindering Dynamic Analysis of Mobile Malware. In Proceedings of the 7th European Workshop on Systems Security (EuroSec). Amsterdam, The Nederlands. April 2014. Icon pdf (156.8 KB)
  • Romain Fontugne, Johan Mazel, Kensuke Fukuda. Hashdoop: A MapReduce Framework for Network Anomaly Detection. In Proceedings of the 2nd International Workshop on Security and Privacy in Big Data (BigSecurity2014) in conjunction with IEEE INFOCOM2014. Toronto, Canada. April 2014. Icon pdf (308.8 KB)
  • Daisuke Miyamoto, Satoru Teramura, Masaya Nakayama. INTERCEPT: High-interaction Server-type Honeypot based on Live Migration. In Proceedings of the 2nd Workshop on Emulation Tools, Methodology and Techniques (EMUTools 2014). Lisbon, Portugal. March 2014. Icon pdf (168.8 KB)
  • Johan Mazel, Romain Fontugne, Kensuke Fukuda. Visual comparison of Network Anomaly Detectors with Chord Diagrams. In Proceedings of the 29th Symposium on Applied Computing (SAC). Gyeongju, Korea, March 2014. Icon pdf (4.7 MB)

2013

  • Hajime Tazaki, Frederic Urbani, Emilio Mancini, Mathieu Lacage, Daniel Camara, Thierry Turletti, Walid Dabbous. Direct Code Execution: Revisiting Library OS Architecture for Reproducible Network Experiments. In Proceedings of the 9th International Conference on emerging Networking EXperiments and Technologies (CoNEXT). Santa Barbara, California, December 2013. Icon pdf (742.3 KB)
  • Antonis Papadogiannakis, Laertis Loutsis, Vassilis Papaefstathiou, Sotiris Ioannidis. ASIST: Architectural Support for Instruction Set Randomization. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS). Berlin, Germany, November 2013. Icon pdf (332.1 KB)
  • Yuta Kazato, Kensuke Fukuda, Toshiharu Sugawara. Towards classification of DNS erroneous queries. In Proceedings of the 9th Asian Internet Engineering Conference (AINTEC). Chiang Mai, Thailand, November 2013. Icon pdf (290.8 KB)
  • Kazuya Okada, Yuji Sekiya, Youki Kadobayashi. A Design Consideration for SDN-based Internet eXchange. In Proceedings of the 18th Internet Conference (IC2013). Tokyo, Japan, Octomber 2013. Icon pdf (3.1 MB)

Publications in Journals

  • P. Szynkiewicz, A. Kozakiewicz. System for off-line generation of signatures of active threats (System wytwarzania off-line sygnatur zagrożeń aktywnych). In Telecommunications Review and Telecommunications News (Przegląd telekomunikacyjny i wiadomości telekomunikacyjne), vol. 8-9, 1090–1098. September 2015 (in Polish).
  • A. Kozakiewicz, T. Pałka, P. Kijewski. Detection of addresses of botnet C&C servers in data from sandbox environments (Wykrywanie adresów serwerów C&C botnetów w danych ze środowisk sandbox). In Telecommunications Review and Telecommunications News (Przegląd telekomunikacyjny i wiadomości telekomunikacyjne), vol. 8-9, 1223-1231. September 2015 (in Polish).
  • M. Kruczkowski. System for detection of malware campaigns (System do wykrywania kampanii złośliwego oprogramowania). In Telecommunications Review and Telecommunications News (Przegląd telekomunikacyjny i wiadomości telekomunikacyjne), vol. 8-9, 789-797. September 2015 (in Polish).
  • Changhoon Yoon, Taejune Park, Seungsoo Lee, Heedo Kang, Seungwon Shin, Zonghua Zhang. Enabling security functions with SDN: A feasibility study. In Computer Networks, Volume 85, Pages 19–35. July, 2015. Icon pdf (3.2 MB)
  • Michał Kruczkowski, Ewa Niewiadomska-Szynkiewicz. Comparative study of supervised learning methods for malware analysis. In Journal of Telecommunications and Information Technology (JTIT), Vol.4/2014, pp.1-10. December, 2014.
  • Yuji Sekiya, Tomohiro Ishihara and Hajime Tazaki. DNSSEC simulator for realistic estimation of deployment impacts. In IEICE Communications Express, Vol.3, No.10, 305–310. October, 2014. Icon pdf (967.3 KB)

Technical Reports

  • Hajime Tazaki, Kazuya Okada, Yuji Sekiya, Youki Kadobayashi. MATATABI: Multi-layer Threat Analysis Platform with Hadoop. In IEICE Technical Report, Vol. 113, No. 502, IEICE-ICSS2013-77, pp.113-118, March 2014.
  • Tomohiro Ishihara, Hajime Tazaki, Kazuya Okada, Daisuke Miyamoto, Yuji Sekiya. DNS Traffic Analysis Platform with Hadoop Framework. In IEICE Technical Report, Vol. 113, No. 502, IEICE-ICSS2013-80, pp.131-135, March 2014.

Articles

Posters

  • Pierre Edouard Fabre, Jouni Viinikka and Hervé Debar. MPLS-based DDoS Mitigation. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (301.4 KB)
  • Rishikesh Sahay, Gregory Blanc, Zonghua Zhang and Hervé Debar. Towards Autonomic DDoS Mitigation using Software-Defined Networking. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (524.0 KB)
  • Kazuya Okada and Yuji Sekiya. PIX-IE : Programmable Internet eXchange in Edo. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (2.9 MB)
  • Sirikarn Pukkawanna, Hiroaki Hazeyama, Youki Kadobayashi, and Suguru Yamaguchi. Detecting Anomalies in Massive Traffic with Sketches. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (693.7 KB)
  • NASK. NECOMA Workpackages. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (572.0 KB)
  • Jianxing Chen, Romain Fontugne, Akira Kato and Kensuke Fukuda. Clustering Spam Campaigns with Fuzzy Hashing. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (505.6 KB)
  • Romain Fontugne, Johan Mazel, and Kensuke Fukuda. Hashdoop: A MapReduce Framework for Network Anomaly Detection. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (2.1 MB)
  • Daisuke Miyamoto. Cognitive Task Analysis for Phishing Prevention. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (3.7 MB)
  • Takuji Iimura. Design and Implementation of NECOMAtter. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (2.0 MB)
  • Yuji Sekiya, Ryo Nakamura and Daisuke Miyamoto. WP3: Resilience mechanisms for infrastructures and endpoints. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (1.1 MB)
  • Tomohiro Ishihara. WP4: Case Studies and Testing Environment. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (685.6 KB)
  • Teppei Fukuda, Tomohiro Ishihara and Akira Kato. Detecting DGA-based Botnet with Outlier Detection. 3rd Plenary Meeting. Tokyo, Japan, January 2015. Icon pdf (314.2 KB)
  • Thanasis Petsas, Kazuya Okada, Hajime Tazaki, Gregory Blanc, Pawe Pawliski. A Trusted Knowledge Management System for Multilayer Threat Analysis. In 7th International Conference on Trust & Trustworthy Computing (TRUST). Heraklion, Crete, June 30 July 2, 2014. Ext. Abstract Icon pdf (73.3 KB) Poster Icon pdf (169.7 KB)

  • Takuji Iimura, Daisuke Miyamoto, Hajime Tazaki, Youki Kadobayashi. NECOMAtter: Curating Approach for Sharing Cyber Threat Information. 9th International Conference on Future Internet Technologies. Tokyo, Japan. June 2014. Icon pdf (152.9 KB)

  • Sirikarn Pukkawanna, Hiroaki Hazeyama, Youki Kadobayashi, Suguru Yamaguchi. Detecting Anomalies in Massive traffic with Sketches. 9th International Conference on Future Internet Technologies. Tokyo, Japan. June, 2014. Icon pdf (267.0 KB)

  • Thanasis Petsas. Rage Against the Virtual Machine: Hindering Dynamic Analysis of Mobile Malware. 7th European Workshop on Systems Security (EuroSec). Amsterdam, The Nederlands. April 2014. Icon pdf (926.7 KB)
  • Institut Mines-Telecom. On the Use of Data Mining Techniques for the Clustering of URLs Extracted from Network-based Malware Traces. 2nd Plenary Meeting. Kyoto, Japan, January 2014. Icon pdf (1.3 MB)
  • Research and Academic Computer Network (NASK). 2nd Plenary Meeting. Kyoto, Japan, January 2014. Icon pdf (308.3 KB)
  • University of Tokyo (UT). NECOMATter: twitter saves the (cyber) world. 2nd Plenary Meeting. Kyoto, Japan, January 2014. Icon pdf (456.0 KB)
  • Hajime Tazaki (UT), Kazuya Okada (NAIST). NECOMA Multilayer Threat Data Collection and Analysis Platform with Hadoop. 2nd Plenary Meeting. Kyoto, Japan, January 2014. Icon pdf (768.3 KB)
  • Hajime Tazaki (UT), Tomohiro Ishihara (UT), Yuji Sekiya (UT). Design and Implementation of DNSSEC Simulator using Unmodified Real Implementations. 2nd Plenary Meeting. Kyoto, Japan, January 2014. Icon pdf (438.4 KB)