Software Projects

Early statistical information security threat detection system

My Thesis work was based on the development and evaluation of the bot detection technologies like computer virus infected and remote controlled PC terminals and/or servers. Currently, it is very clear that we can not find any other related research that could detect the bot’s IP addresses by the observation of the changes of the entropy values of the source IP Addresses and the query keywords in the DNS query logs which are simultaneously generated when the cyber attack is being carried out. As the first step in my research, I carried out regression analysis on the query keywords in the DNS query packet traffic log in which the traffic exceeded the thresholds. As a result, I showed not only an important insight to detect the source IP addresses of the spam bots sending an important number of unsolicited e-mails but also showed a possibility for detecting the source IP addresses of the spam bots in the organization/campus networks by observing the change patterns in the source IP addresses- and the query keywords-based entropy values. That first approach is important in order to protect not only the user’s information but to ensure the availability of the different services in the University Campus.

In the next step, I suggested three models: a random attack (RA) model, a targeted attack (TA) model, and a host search (HS) attack model based in the source IP address- and the query keyword-based entropy values of the DNS query packet traffic logs. In order to evaluate the attack models, I also carried out entropy analysis on the source IP addresses and the query keywords in the DNS query packet traffic logs through January 1st to December 31st, 2008. Consequently, I found that in the DNS traffic from the campus network, the TA bots were only observed, however, from the Internet, the RA, TA and HS attack bots were observed.

As a result of a careful analysis of the previous results, I found and reported that the both source IP address- and query keyword-based entropy values change symmetrically in the DNS query packet traffic based on the RA model like an outbound random spam bot attack, while in the DNS query packet traffic based on an outbound SSH dictionary attack, the both entropy values changed unsymmetrical. Furthermore, I showed that the difference could be interpreted in terms of the difference between the numbers of the SSH servers and the E-mail servers on the Internet.

  1. A Random Attack Model (RA)
  2. A Targeted Activity Model (TA)
  3. Host Search Activity Model (HS)

Figure 1. Developed threat detection models

In order to report additional information as a evidence to the “suspicious infected” user, I developed a DNS query packet traffic observation based bot detection system appliance employing the both changes in the source IP address- and query keyword-based entropy values and has carried out a trial run in the examination environment LAN configured by the broadband router. Therefore, I described that the system could be useful and efficient for field survey of the ICT security when having to take into consideration the privacy.

Figure 2. Early threat detection portable appliance

Big Data algorithm and architecture Infrastructure for the Novel nutrition-based vegetable production and distribution system

The project I worked-in is related to the design and development of a Novel nutrition-based vegetable production and distribution system that has been founded by the New Energy and Industrial Development Organization (NEDO) in Japan.

The project is being done by a group of companies in charge of specific tasks in the project, being Sojo University in charge of the research and development of the all project. My main task to be developed was the suggestion algorithm that is in charge of the correlation of different databases: vegetable protein quantity, symptoms/solutions database, and ready-made meal protein quantity.

Figure 2 shows the project definitions, as a first objective is to help local farmers to place their products in the market. Therefore a novel business model based on ICT technology was proposed in order to give farmers a way of competing with cheaper imported products and to establish a direct connection between farmers and end users. The first result originally appeared in.

Figure 3. Project Definitions