Koji Nakao
Information Security Fellow
KDDI Corporation, Tokyo Japan
Group Leader
National Institution of Information and Communication Technology (NICT), Tokyo Japan

Koji Nakao received the B.E. degree of Mathematics from Waseda University, in Japan, in 1979. Since joining KDDI in 1979, Koji has been engaged in the research on communication protocol, and information security technology for telecommunications in KDDI laboratory. After 2003, Koji has moved to KDDI head office to construct and manage its security systems. In 2004, he has started to additionally work for NICT (National Information Communication Technologies). His present positions are "Information Security Fellow" to manage all the security issues required in KDDI and "Distinguished Researcher" to manage research activities for network security technologies in NICT.

Koji received the IPSJ Research Award in 1992, METI Ministry Award and KPMG Security Award in 2006, and Contribution Award (Japan ITU), NICT Research Award, Best Paper Award (JWIS) and MIC Bureau Award in 2007 and The Commendation for Science and Technology by the Minister of Education, Culture, Sports, Science and Technology (Prizes for Science and Technology: Research Category) in 2009. He is a member of IPJS and IEICE. Koji has also been a part-time instructor in Waseda University and Nagoya University.

Mr. Nakao will speak about, Network Security Incident Analysis System for Detecting Large-scale Internet Attacks by means of Darknet Traffic.

With the rapid development and proliferation of the Internet, cyber attacks are increasingly and continually emerging and evolving nowadays. Malware — a generic term for computer viruses, worms, trojan horses, spywares, adwares, and bots — is a particularly lethal security threat. To cope with this security threat appropriately, we have developed "Network Security Incident Analysis System (nicter)" for detecting large-scale Internet attacks captured by darknet address space and for analyzing captured attacks and malwares. This presentation provides an introduction of the nicter as well as the latest security threats observed in Japan. One of the characteristics of the nicter is to interestingly visualize real time attacks such as scan and DDoS in several attractive methods. The nicter also provides statistic and dynamic behavior analysis of malwares captured in honeypots. Consequently, a result of correlation analysis between attacks (namely scans) and malwares will be provided in near-real-time basis. At the end of the talk, future study issues such as prediction of malicious behaviors and international collaboration will be focused.