Pursuing information and communication technology in support of a sophisticated global society from the perspectives of communications engineering, information systems, and media content. The school imparts well-balanced knowledge and skills in the fields of communications networks and computer technology needed to contribute to the realization of smart social structures and the development of global community.
Q. Professor, please tell us about your specialty.
For example, we study the identification of malicious Smartphone applications. Malicious applications are ones that include functions that are not related to their stated purpose, such as camera applications that access users’ address lists. We are developing means of warning users before they download such applications by comparing software functions to the functions described in the user’s manual, and automatically determining when the software contains functions that are not described in the manual.
We also work on countermeasures for malware. A recent strategy employed by hackers is the so-called “drive-by download,” which can infect users’ computers when they simply view a compromised site with their browser. Since new Web sites that constitute vectors for such attacks are constantly being created, commercial anti-virus software cannot provide adequate protection. In response, we did an analysis of malicious sites that were collected in a database to extract “quirks” exhibited by such sites, and we are researching technology that will prevent connection to sites that have such quirks.
Proactive participation in competitions for security software
Q. What sort of instructions do you give your students?
For two years running, our team advanced into the finals of the SECCON CTF, the largest domestic “Capture the Flag” competition, and that same team took first place amongst a nation-wide field of university and professional teams when it entered the MWS CUP.
These competitions are conducted in the form of games, so participants are quick to learn as they compete. Since textbooks contain very little on the latest security technology, there is no substitute for practical learning, and a big advantage of participating in these competitions is the opportunity to mix with first-rate technicians. This makes it a very stimulating experience for students.
In the long view, a university’s mission is to think about security
Q. So your research has great social significance.
As an example, with the cooperation of NTT Laboratories, the Department of Computer Science and Communication Engineering and the Department of Computer Science and Engineering have set up an endowed chair to conduct “lectures on cyber security attack countermeasures.” This includes courses for both undergraduates and graduate students, with undergraduates given a malware-centered overview of attack methods and countermeasures, while graduate students are provided with hands-on study in an environment that allows manipulation and analysis of actual malware. Without the cooperation of industry, I do not think it would be possible to provide students with a systematic forum for studying such practical technology.
At the same time, this sort of study is sometimes only possible at a university. Our job is to generalize problems from a broad perspective and propose basic countermeasures. And we are also conscious about fostering researchers with this point of view. Industry demands immediate measures to deal with security threats, which can turn the pursuit of such measures into a game of cat and mouse.