Malware sandbox analysis, in which a malware sample is actually executed in a testing environment (i.e. sandbox) to observe its behavior, is one of the promising approaches to tackling the emerging threats of exploding malware. As a lot of recent malware actively communicates with remote hosts over the Internet, sandboxes should also support an Internet connection, otherwise important malware behavior may not be observed. In this paper, we propose a multi-pass sandbox analysis with a controlled Internet connection. In the proposed method, we start our analysis with an isolated sandbox and an emulated Internet that consists of a set of dummy servers and hosts that run vulnerable services, called Honeypots in the Sandbox (HitS). All outbound connections from the victim host are closely inspected to see if they could be connected to the real Internet. We iterate the above process until no new behaviors are observed. We implemented the proposed method in a completely automated fashion and evaluated it with malware samples recently captured in the wild. Using a simple containment policy that authorizes only certain application protocols, namely, HTTP, IRC, and DNS, we were able to observe a greater variety of behaviors compared with the completely isolated sandbox. Meanwhile, we confirmed that a noticeable number of IP scans, vulnerability exploitations, and DoS attacks are successfully contained in the sandbox. Additionally, a brief comparison with two existing sandbox analysis systems, Norman Sandbox and CWSandbox, are shown.

Sanitizable signatures allow sanitizers to delete some pre-determined parts of a signed document without invalidating the signature. While ordinary sanitizable signatures allow verifiers to know how many subdocuments have been sanitized, invisibly sanitizable signatures do not leave any clue to the sanitized subdocuments; verifiers do not know whether or not sanitizing has been performed. Previous invisibly sanitizable signature scheme was constructed based on aggregate signature with pairings. In this article, we present the first invisibly sanitizable signature without using pairings. Our proposed scheme is secure under the RSA assumption.

Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.

Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried out focusing on statistic calculation of network events by means of global network sensors (so-called macroscopic approach) as well as on direct malware analysis such as code analysis (so-called microscopic approach). However, in the current research activities, it is not clear at all how to inter-correlate between network behaviors obtained from macroscopic approach and malware behaviors obtained from microscopic approach. In this paper, in one side, network behaviors observed from darknet are strictly analyzed to produce scan profiles, and in the other side, malware behaviors obtained from honeypots are correctly analyzed so as to produce a set of profiles containing malware characteristics. To this end, inter-relationship between above two types of profiles is practically discussed and studied so that frequently observed malwares behaviors can be finally identified in view of scan-malware chain.

Exploiting vulnerabilities of remote systems is one of the fundamental behaviors of malware that determines their potential hazards. Understanding what kind of propagation tactics each malware uses is essential in incident response because such information directly links with countermeasures such as writing a signature for IDS. Although recently malware sandbox analysis has been studied intensively, little work is done on securely observing the vulnerability exploitation by malware. In this paper, we propose a novel sandbox analysis method for securely observing malware's vulnerability exploitation in a totally isolated environment. In our sandbox, we prepare two victim hosts. We first execute the sample malware on one of these hosts and then let it attack the other host which is running multiple vulnerable services. As a simple realization of the proposed method, we have implemented a sandbox using Nepenthes, a low-interaction honeypot, as the second victim. Because Nepenthes can emulate a variety of vulnerable services, we can efficiently observe the propagation of sample malware. In the experiments, among 382 samples whose scan capabilities are confirmed, 381 samples successfully started exploiting vulnerabilities of the second victim. This indicates the certain level of feasibility of the proposed method.

We have already proposed a Gigabit Ethernet-Optical Switched Access Network (GE-OSAN) architecture that realizes longer transmission distances and achieves higher security than the conventional Passive Optical Network (PON). To confirm the technical feasibility of the architecture, we introduce here a GE-OSAN prototype system for downstream transmission. We present the Optical Switching Module (OSM), which uses (Pb,La)(Zr,Ti)O3 (PLZT) optical packet switches, and show that it realizes switching within 10 ns of the designed position in the Inter-Frame Gap (IFG). We also introduce an Optical Network Unit (ONU) with optical burst receiver that uses off-the-shelf commercial devices to reduce its cost; two types of an optical to electrical signal (O/E) converter are implemented for performance comparison. After testing both of them, we select the one that satisfies our acquisition time requirement of 64 ns.

This paper describes international standardization activities on B-PON, GE-PON, and G-PON. This paper explains their distinctive technologies, and compares them from the technical view. This paper also mentions future PON standards which are discussed in some standardization bodies.

We present design procedures for using conducting wires in A-sandwich junctions to achieve high transmission performance; bench-test results validate the procedures. The scattering characteristics of the junction are obtained by solving the electric field integral equation of volumetric equivalent currents. The transmission performance is evaluated by subtracting the scattered fields of the same-sized A-sandwich panel in order to offset the effect of edge diffraction. Optimum wire width is determined by examining transmission performance with different arrangements. The designed junction achieves high transmission performance. The measured scattering characteristics of a bench model demonstrate the validity of the presented method.

This paper introduces the design of an Optical Switching Module (OSM) for our newly proposed Gigabit Ethernet Optical Switched Access Network (GE-OSAN) architecture that uses the Multi-Point Control Protocol (MPCP), defined in IEEE 802.3ah. We outline the GE-OSAN architecture to clarify OSM's role in the network. We offer an OSM configuration that has the basic functions needed to realize downstream and upstream high-speed data services in GE-OSAN. We clarify the OSM optical switching time that allows GE-OSAN to achieve the same throughput as GE-PON. Our survey of currently available optical switches identifies the optical packet switches that can meet this switching time requirement. We evaluate OSM insertion loss with these switches. We propose an OSM configuration that has a regeneration function as well as the basic ones to realize wider network configurations that can lead to a reduction in overall system costs. In addition, we present OSM configurations that have broadcast and multicast functions as well as the basic ones so that GE-OSAN can support broadcast and multicast video services to equal and exceed GE-PON.

We propose a new analysis technique against a class of countermeasure using randomized binary signed digit (BSD) representations. We also introduce some invariant properties between BSD representations. The proposed analysis technique can directly recover the secret key from power measurements without information for algorithm because of the invariant properties of BSD representation. Thus the proposed attack is applicable to all countermeasures using BSD representations. Finally, we give the simulation results against some countermeasures using BSD representation such as Ha-Moon method, Ebeid-Hasan method, and the method of Agagliate et al. The results show that the proposed attack is practical analysis method.

This paper proposes a new optical access network architecture that differs from those of conventional Point-to-Point (PP) and Passive Optical Networks (PON). The proposed architecture, Optical Switched Access Network (OSAN), uses Optical Switching Modules (OSMs) that connect an Optical Line Terminal (OLT) to Optical Network Units (ONUs) in a virtual point to point configuration so that it offers the merits of both PP and PON while overcoming their demerits. Each OSM optically switches packets of variable length one by one under electrical control. To allow the elimination of optical buffers from OSM, OSAN uses the Multi-Point Control Protocol (MPCP) defined in IEEE 802.3ah. We evaluate the transmission distances between OLT and ONUs, and consider a network synchronization scheme and discovery mechanism that supports MPCP.

This paper reports on the suitability of the SUSAN filter for the removal of artifacts that result from quantization errors in wavelet video coding. In this paper two extensions of the original filter are described. The first uses a combination of 2-D spatial filtering followed by 1-D temporal filtering along motion trajectories, while the second extension is a pure 3-D motion compensated SUSAN filter. The SUSAN approach effectively reduces coding artifacts, while preserving the original signal structure, by relying on a simple pixel-difference-based classification procedure. Results reported in the paper clearly indicate that both extensions efficiently reduce ringing that is the prevalent artifact perceived in wavelet-based coded video. Experimental results indicate an increase in perceptual as well as objective (PSNR) decoded video quality, which is competitive with state-of-the-art post-processing algorithms, especially when low computational demands of the proposed approach are taken into account.

We propose a simple and novel technique for mapping vector spatial fields using electro-optic (EO) sampling. Our technique utilizes a sandwich-like EO crystal in which a dielectric mirror is inserted into the EO crystal. Three-dimensional field measurements at several given heights above a two-dimensional RF resonant structure were successfully demonstrated. Field scanning at any height is possible if the sandwich-like EO crystal is appropriately constructed.

Accurate estimation of accentual attribute values of words, which is required to apply rules of Japanese word accent sandhi to prosody generation, is an important factor to realize high-quality text-to-speech (TTS) conversion. The rules were already formulated by Sagisaka et al. and are widely used in Japanese TTS conversion systems. Application of these rules, however, requires values of a few accentual attributes of each constituent word of input text. The attribute values cannot be found in any public database or any accent dictionaries of Japanese. Further, these values are difficult even for native speakers of Japanese to estimate only with their introspective consideration of properties of their mother tongue. In this paper, an algorithm was proposed, where these values were automatically estimated from a large amount of data of accent types of accentual phrases, which were collected through a long series of listening experiments. In the proposed algorithm, inter-speaker differences of knowledge of accent sandhi were well considered. To improve the coverage of the estimated values over the obtained data, the rules were tentatively modified. Evaluation experiments using two-mora accentual phrases showed the high validity of the estimated values and the modified rules and also some defects caused by varieties of linguistic expressions of Japanese.

We have fabricated a novel type of intrinsic Josephson junctions with superconducting Bi2Sr2CaCu2O8+y (Bi-2212)/YBa2Cu3O7-x(YBCO) bilayer thin films deposited on MgO(100) substrates. We used the 4th harmonics of a Nd:YAG pulsed laser ablation. Furthermore, we studied the transport properties of a 25 µm 25 µm Bi-2212/YBCO mesa-type junction. The zero resistance temperature was around 50 K. The current-voltage characteristics showed flux-flow-like behavior and a supercurrent of about 2 mA at 4.2 K. Shapiro steps were observed when microwave was irradiated to the mesa junction. These Shapiro steps are attributed to the Josephson junction formed at the interface between the Bi-2212 and YBCO layers in the mesa structure and not to the intrinsic Josephson junctions in the Bi-2212 layer or the micro-grains within the films.

Let m 2, n 2, and q 2 be positive integers. Let Sr and Sb be two disjoint sets of points in the plane such that no three points of Sr Sb are collinear, |Sr| = nq, and |Sb| = mq. This paper shows that Kaneko and Kano's conjecture is true, i.e., there are q disjoint convex regions of the plain such that each region includes n points of Sr and m points of Sb. This is a generalization of 2-dimension Ham Sandwich Theorem.

RHiNET-2/SW is a network switch for the RHiNET-2 parallel computing system. RHiNET-2/SW enables high-speed and long-distance data transmission between PC nodes for parallel computing. In RHiNET-2/SW, a one-chip CMOS switch-LSI and eight pairs of 800-Mbit/s 12-channel parallel optical interconnection modules are mounted into a single compact board. This switch allows high-speed 8-Gbit/s/port parallel optical data transmission over a distance of up to 100 m, and the aggregate throughput is 64 Gbit/s/board. The CMOS-ASIC switching LSI enables high-throughput (64 Gbit/s) packet switching with a single chip. The parallel optical interconnection modules enable high-speed and low-latency data transmission over a long distance. The structure and layout of the printed circuit board is optimized for high-speed, high-density device implementation to overcome electrical problems such as signal propagation-loss and crosstalk. All of the electrical interfaces are composed of high-speed CMOS-LVDS logic (800 Mbit/s/pin). We evaluated the reliability of the optical I/O port through long-term data transmission. No errors were detected during 50 hours of continuous data transmission at a data rate of 800 Mbit/s 10 bits (BER: < 2.44 10-14). This test result shows that RHiNET-2/SW can provide high-throughput, long-transmission-length, and highly reliable data transmission in a practical parallel computing system.

A method of tone recognition has been developed for dissyllabic speech of Standard Chinese based on discrete hidden Markov modeling. As for the feature parameters of recognition, combination of macroscopic and microscopic parameters of fundamental frequency contours was shown to give a better result as compared to the isolated use of each parameter. Speaker normalization was realized by introducing an offset to the fundamental frequency. In order to avoid recognition errors due to syllable segmentation, a scheme of concatenated learning was adopted for training hidden Markov models. Based on the observations of fundamental frequency contours of dissyllables, a scheme was introduced to the method, where a contour was represented with a series of three syllabic tone models, two for the first and the second syllables and one for the transition part around the syllabic boundary. Corresponding to the voiceless consonant of the second syllable, fundamental frequency contour of a dissyllable may include a part without fundamental frequencies. This part was linearly interpolated in the current method. To prove the validity of the proposed method, it was compared with other methods, such as representing all of the dissyllabic contours as the concatenation of two models, assigning a special code to the voiceless part, and so on. Tone sandhi was also taken into account by introducing two additional models for the half-third tone and for the first 4th tone of the combination of two 4th tones. With the proposed method, average recognition rate of 96% was achieved for 5 male and 5 female speakers.

This paper surveys the researches on biological and electeromagnetic environments in RF (radio frequency) and microwave regions in Japan. Publicized research reports on biological objectives, evaluation of exposure rate, electromagnetic environments and guideline for the protection from radio wave nuisances are briefly introduced. Some researches on the evaluation of the exposure rate caused by the near field effect of portable radio transceiver are reviewed. Radio frequency exposer protection guidelines in Japan are also described.