High-Altitude Platform Station (HAPS) provides communication services from an altitude of 20km via a stratospheric platform such as a balloon, solar-powered airship, or other aircraft, and is attracting much attention as a new mobile communication platform for ultra-wide coverage areas and disaster-resilient networks. HAPS can provide mobile communication services directly to the existing smartphones commonly used in terrestrial mobile communication networks such as Fourth Generation Long Term Evolution (4G LTE), and in the near future, Fifth Generation New Radio (5G NR). In order to design efficient HAPS-based cell configurations, we need a radio wave propagation model that takes into consideration factors such as terrain, vegetation, urban areas, suburban areas, and building entry loss. In this paper, we propose a new vegetation loss model for Recommendation ITU-R P.833-9 that can take transmission frequency and seasonal characteristics into consideration. It is based on measurements and analyses of the vegetation loss of deciduous trees in different seasons in Japan. Also, we carried out actual stratospheric measurements in the 700MHz band in Kenya to extend the lower frequency limit. Because the measured results show good agreement with the results predicted by the new vegetation loss model, the model is sufficiently valid in various areas including actual HAPS usage.

In recent years, High-Altitude Platform Station (HAPS) has become the most interesting topic for next generation mobile communication systems, because platforms such as Unmanned Aerial Vehicles (UAVs), balloons, airships can provide ultra-wide coverage, up to 200km in diameter, from altitudes of around 20 km. It also offers resiliency to damage caused by disasters and so ensures the stability and reliability of mobile communications. In order to further integrate HAPS with existing terrestrial mobile communication networks in providing mobile services to users, radio wave propagation models such as terrain, vegetation loss, human shielding loss, building entry loss, urban/suburban areas must be taken into consideration when designing HAPS-based cell configurations. This paper proposes a human body shielding propagation loss model that considers the basic signal attenuation by the human body at high elevation angles. It also analyzes the effect of changes in actual urban/suburban environments due to the arrival of multipath radio waves for HAPS communications in the frequency range of 0.7 to 3.3GHz. Measurements in actual urban/rural environments in Japan and actual stratospheric base station measurements in Kenya are carried out to confirm the validity of the proposed model. Since the measured results agree well with the results predicted by the proposed model, the model is good enough to provide estimates of human loss in various environments.

A dictionary attack against SSH is a common security threat. Many methods rely on network traffic to detect SSH dictionary attacks because the connections of remote login, file transfer, and TCP/IP forwarding are visibly distinct from those of attacks. However, these methods incorrectly judge the connections of automated operation tasks as those of attacks due to their mutual similarities. In this paper, we propose a new approach to identify user authentication methods on SSH connections and to remove connections that employ non-keystroke based authentication. This approach is based on two perspectives: (1) an SSH dictionary attack targets a host that provides keystroke based authentication; and (2) automated tasks through SSH need to support non-keystroke based authentication. Keystroke based authentication relies on a character string that is input by a human; in contrast, non-keystroke based authentication relies on information other than a character string. We evaluated the effectiveness of our approach through experiments on real network traffic at the edges in four campus networks, and the experimental results showed that our approach provides high identification accuracy with only a few errors.

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

Computer networks are facing serious threats from the emergence of sophisticated new DGA bots. These DGA bots have their own dictionary, from which they concatenate words to dynamically generate domain names that are difficult to distinguish from human-generated domain names. In this letter, we propose an approach for identifying the callback communications of DGA bots based on relations among the words that constitute the character string of each domain name. Our evaluation indicates high performance, with a recall of 0.9977 and a precision of 0.9869.