Daichi Hasumi scite author profile

Daichi Hasumi

4Publications

0Citation Statements Received

16Citation Statements Given

How they've been cited

How they cite others

Affiliations

NEC (Japan)

Publications

Order By: Most citations

SPINZ: A Speculating Incident Zone Systemfor Incident Handling

Hasumi

Shima

Takakura

2019

JCSM

View full text Add to dashboard Cite

Organizations introducing computer and network systems need to quickly and accurately respond to information security incidents to counter intense cyber attacks. However, computer security incident response teams (CSIRTs) in organizations receive a large amount of alerts and logs that they have to investigate. Such a situation increases incident handling time. Our previous research revealed that the triage process in incident handling failed in many incident cases. In our consideration, the triage process lacks the ability to assess overall risks to modern cyber attacks. Zoning of local area networks by measuring internal-network traffic in response to such risks is important. Therefore, we propose the SPeculating INcident Zone (SPINZ) system for supporting the triage process. The SPINZ system analyzes internal-network flows and outputs an incident zone, which is composed of devices related to the incident. We evaluated the performance of the SPINZ system through simulations using two incident-flow dataset generated from two types of internal-network datasets and malicious-activity flows generated from legitimate commands. We confirm that the SPINZ system can detect an incident zone, but removing unrelated devices from an incident zone is an issue requiring further investigated.

show abstract

POSTER: Detecting Suspicious Processes from Log-Data via a Bayesian Block Model

Andrade

Takahashi

Hasumi

2020

View full text Add to dashboard Cite

Analyzing the behavior of an attacker is critical for determining the scope of damage of a cyber attack, recovering, and fixing system vulnerabilities. However, finding all attacker's traces from log data is a laborsome task, where the performance of existing machine learning methods is still insufficient. In this work, we focus on the task of detecting all processes that were executed by the attacker. For this task, standard anomaly detection methods like Isolation Forest, perform poorly, due to many processes that are used by both the attacker and the client user. Therefore, we propose to incorporate prior knowledge about the temporal concentration of the attacker's activity. In general, we expect that an attacker is active only during a relatively small time window (block assumption), rather than being active at completely random time points. We propose a generative model that allows us to incorporate such prior knowledge effectively. Experiments on intrusion log data, shows that the proposed method achieves considerably better detection performance than a strong baseline method which also incorporates the block assumption. CCS CONCEPTS • Security and privacy → Intrusion detection systems; • Computing methodologies → Anomaly detection; • Mathematics of computing → Bayesian computation.

show abstract

Speculating Incident Zone System on Local Area Networks

Hasumi¹,

Shima²,

Takakura

2018

View full text Add to dashboard Cite

SPINZ: A Speculating Incident Zone System for Incident Handling

Hasumi¹,

Shima²,

Takakura³

2018

JCSANDM

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daichi Hasumi

SPINZ: A Speculating Incident Zone Systemfor Incident Handling

POSTER: Detecting Suspicious Processes from Log-Data via a Bayesian Block Model

Speculating Incident Zone System on Local Area Networks

SPINZ: A Speculating Incident Zone System for Incident Handling

Contact Info

Product

Resources

About