Patents by Inventor Hiroki Nishikawa

Hiroki Nishikawa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11244266
    Abstract: The incident response assisting device includes: an incident extraction unit, a response procedure creation unit, and a screen display unit. The incident extraction unit performs an incident extraction process on an alert indicating that an incident has occurred in a monitored object and on log data of the monitored object, to extract incident information. The response procedure creation unit creates an incident response procedure corresponding to the incident on the basis of the incident information and a response procedure template. The screen display unit selects a display range from the incident response procedure in accordance with a progress status of response and displays the display range as a display response procedure. The incident extraction process is composed of a series of comparison processes in which a content of a comparison process to be subsequently performed is changed in accordance with a result of a previously performed comparison process.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: February 8, 2022
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Kenta Fukami, Hiroyuki Sakakibara, Hiroki Nishikawa, Aiko Iwasaki
  • Publication number: 20210365431
    Abstract: In an SNS server (103) corresponding to a false submission filter device, an event specifying unit (604) analyzes contents of a submission informing of an occurrence of an event and specifies a location (721) of occurrence of the event. A query destination specifying unit (605) searches a query destination database (613) and specifies a query destination corresponding to the location (721) specified by the event specifying unit (604). A query unit (606) transmits a request for checking the presence or absence of occurrence of the event from the observation result of one or more machines to the query destination specified by the query destination specifying unit (605). The query unit (606) receives a response to the request. A result reflecting unit (607) determines whether the contents of the submission are true or false from a check result indicated by the response received by the query unit (606).
    Type: Application
    Filed: May 25, 2017
    Publication date: November 25, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Tomonori NEGI, Kiyoto KAWAUCHI, Yukio IZUMI, Takeshi ASAI, Takumi YAMAMOTO, Hiroki NISHIKAWA, Keisuke KITO, Kohei TAMMACHI
  • Publication number: 20210182405
    Abstract: A disclosed feature generation unit (110) collects information related to an assessment target whose security risk is to be assessed, as disclosure target information from disclosed information that has been disclosed, and generates disclosed feature information (F1) expressing a feature of the disclosure target information. An email feature generation unit (120) generates email feature information F2 expressing a feature of an assessment target email contained in an email box of the assessment target. An assessment unit (130) calculates a similarity degree between the disclosed feature information (F1) and the email feature information (F2). The assessment unit (130) outputs an assessment result 31 being a result of assessment on the security risk of the assessment target, based on the similarity degree.
    Type: Application
    Filed: February 4, 2021
    Publication date: June 17, 2021
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Kiyoto KAWAUCHI
  • Publication number: 20210136043
    Abstract: A state replication apparatus (200) generates communication, between a main apparatus (421) and each sub-apparatus (422, 423), to cause a state combination to transit in accordance with transition order specified in an acquisition scenario. The state replication apparatus records each of the communication generated between the main apparatus and the each sub-apparatus. The state replication apparatus acquires a snapshot combination at each of acquisition timings specified in the acquisition scenario. The state replication apparatus replicates each of the main apparatus and the each sub-apparatus in states of a replication state combination based on the acquired each snapshot combination and the recorded each communication.
    Type: Application
    Filed: October 6, 2017
    Publication date: May 6, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Keisuke KITO, Kiyoto KAWAUCHI, Takumi YAMAMOTO, Hiroki NISHIKAWA
  • Publication number: 20210092139
    Abstract: In an email inspection device (10), a learning unit (20) learns a relationship between a feature of each email included in a plurality of emails and a feature of a resource accompanying each email. The resource accompanying each email includes at least either one of a file attached to each email and a resource specified by a URL in a message body of each email. A determination unit (30) extracts a feature of an inspection-target email and a feature of a resource accompanying the inspection-target email, and determines whether or not the inspection-target email is a suspicious email depending on whether or not the relationship learned by the learning unit (20) exists between the extracted features.
    Type: Application
    Filed: September 14, 2017
    Publication date: March 25, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Takumi YAMAMOTO, Kiyoto KAWAUCHI
  • Publication number: 20210021617
    Abstract: An operation unit (120) calculates a feature quantity of an object mail which is an email to be tested. Then, the operation unit acquires, based on the feature quantity of the object mail, a status identifier of the object mail from a status definition file. Then, the operation unit selects a mail thread which the object mail belongs to, from one mail thread or more as an object thread, and adds the status identifier of the object mail to a status group of the object thread. Then, the operation unit decides whether the status group, to which the status identifier of the object mail has been added, of the object thread complies with a detection rule. When the status group of the object thread complies with the detection rule, the operation unit produces an alert.
    Type: Application
    Filed: September 25, 2020
    Publication date: January 21, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Takumi YAMAMOTO, Kiyoto KAWAUCHI
  • Publication number: 20210021555
    Abstract: A fraudulent email decision device (10) is provided with a consistency analysis unit (24). The consistency analysis unit (24) identifies an intention of a subject email by, for example, a method of, with respect to a newly received incoming email as a subject email, extracting a function term, being a word expressing a reason the subject email was sent, from a body of the subject email. The consistency analysis unit (24) decides whether or not the subject email is a fraudulent email, from a relationship between another incoming email received in the past from the same sender as the sender of the subject email, and the identified intention of the subject email.
    Type: Application
    Filed: October 1, 2020
    Publication date: January 21, 2021
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Kiyoto KAWAUCHI
  • Publication number: 20210010950
    Abstract: A correlation value calculation unit calculates a correlation value between input data input to an inspection-targeted apparatus whose internal specifications are unknown and output data for the input data from the inspection-targeted apparatus. A state transition determination unit analyzes in a time-series manner, a plurality of correlation values calculated by the correlation value calculation unit for a plurality of pieces of input data and a plurality of pieces of output data for the plurality of pieces of input data, and determines whether or not a state transition has occurred in the inspection-targeted apparatus.
    Type: Application
    Filed: September 28, 2020
    Publication date: January 14, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Keisuke KITO, Kiyoto KAWAUCHI, Takumi YAMAMOTO, Hiroki NISHIKAWA
  • Publication number: 20210006587
    Abstract: A people network detection unit (110) detects, based on public information of a target person, a people network that indicates a connection between the target person and a group of related persons. A disclosure risk calculation unit (120) calculates a disclosure risk of the target person based on the public information of the target person, and calculates a group of disclosure risks corresponding to the group of related persons based on a group of public information corresponding to the group of related persons. A connection risk determination unit (130) determines a representative value of the group of disclosure risks as a connection risk of the target person based on the group of disclosure risks corresponding to the group of related persons. A security risk calculation unit (140) calculates a security risk of the target person with respect to a cyberattack, using the disclosure risk of the target person and the connection risk of the target person.
    Type: Application
    Filed: September 22, 2020
    Publication date: January 7, 2021
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Kiyoto KAWAUCHI
  • Publication number: 20200074327
    Abstract: In an evaluation apparatus (10), a profile database (31) is a database to store profile information indicating an individual characteristic of each of a plurality of persons. A security database (32) is a database to store security information indicating a behavior characteristic of each of the plurality of persons, which may become a security incident factor. A model generation unit (22) derives a relationship between the characteristic indicated by the profile information stored in the profile database (31) and the characteristic indicated by the security information stored in the security database (32), as a model. Upon receipt of an input of information indicating a characteristic of a different person, an estimation unit (23) estimates a behavior characteristic of the different person, which may become the security incident factor, by using the model derived by the model generation unit (22).
    Type: Application
    Filed: May 25, 2017
    Publication date: March 5, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Keisuke KITO, Kiyoto KAWAUCHI
  • Publication number: 20190372998
    Abstract: In an exchange-type attack simulation device (10), an e-mail reception unit (22) receives a reply e-mail to an e-mail transmitted by an e-mail transmission unit (26). A state transition unit (24) refers to correspondence information (31) indicating feature of e-mails corresponding to each of state transitions in a state transition model and thereby identifies a state transition corresponding to the reply e-mail received by the e-mail reception unit (22). An e-mail generation unit (25) generates an e-mail corresponding to the state transition identified by the state transition unit (24). The e-mail generation unit (25) makes the e-mail transmission unit (26) transmit the generated e-mail.
    Type: Application
    Filed: February 14, 2017
    Publication date: December 5, 2019
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Takumi YAMAMOTO, Keisuke KITO, Kiyoto KAWAUCHI
  • Publication number: 20190349390
    Abstract: A packet format inference apparatus includes a classification unit and an inference unit. The classification unit classifies, among a plurality of packets which are included in a packet data set as packet data and of which formats are unknown, relevant packets transmitted in a fixed cycle, as a packet group having a same arrival cycle. The inference unit infers a packet format for each packet group having the same arrival cycle.
    Type: Application
    Filed: February 6, 2017
    Publication date: November 14, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Keisuke KITO, Takumi YAMAMOTO, Hiroki NISHIKAWA, Kiyoto KAWAUCHI
  • Publication number: 20190294803
    Abstract: In an evaluation device (100), an attack generation unit (111) generates an attack sample. The attack sample is data for simulating an unauthorized act on a system. A comparison unit (112) compares the attack sample generated by the attack generation unit (111) and a normal state model. The normal state model is data acquired by modeling an authorized act on the system. Based on the comparison result, the comparison unit (112) generates information for generating an attack sample similar to the normal state model, and feeds back the generated information to the attack generation unit (111). A verification unit (113) checks whether the attack sample generated by the attack generation unit (111) satisfies a requirement for simulating an unauthorized act, and verifies, by using the attack sample satisfying the requirement, a detection technique implemented in a security product.
    Type: Application
    Filed: December 1, 2016
    Publication date: September 26, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Keisuke KITO, Kiyoto KAWAUCHI
  • Publication number: 20190197452
    Abstract: The incident response assisting device includes: an incident extraction unit, a response procedure creation unit, and a screen display unit. The incident extraction unit performs an incident extraction process on an alert indicating that an incident has occurred in a monitored object and on log data of the monitored object, to extract incident information. The response procedure creation unit creates an incident response procedure corresponding to the incident on the basis of the incident information and a response procedure template. The screen display unit selects a display range from the incident response procedure in accordance with a progress status of response and displays the display range as a display response procedure. The incident extraction process is composed of a series of comparison processes in which a content of a comparison process to be subsequently performed is changed in accordance with a result of a previously performed comparison process.
    Type: Application
    Filed: June 25, 2018
    Publication date: June 27, 2019
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Kenta FUKAMI, Hiroyuki SAKAKIBARA, Hiroki NISHIKAWA, Aiko IWASAKI
  • Publication number: 20190121968
    Abstract: A key generation source identification device (10) is provided with a key identification unit (11) to cause malware to execute an encryption process, acquire an execution trace representing an execution status of the encryption process, and identify an encryption key used in the encryption process as an analysis key based on the execution trace, and an extraction unit (31) to extract, from the execution trace, a list of instructions on which the analysis key depends, as an instruction list. The key generation source identification device (10) is also provided with an acquisition unit (32) to determine whether a function called by a call instruction included in the instruction list is a dynamic acquisition function that acquires dynamic information dynamically changing and, when the function is the dynamic acquisition function, acquire the instruction list as a candidate of a key generation source which is at least a part of a program that generated the analysis key in the encryption process.
    Type: Application
    Filed: June 16, 2016
    Publication date: April 25, 2019
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Tomonori NEGI, Kiyoto KAWAUCHI
  • Publication number: 20190081988
    Abstract: A second communication unit (411) of a security management apparatus (201) externally receives dependency information (412) indicating a dependence relation between information assets individually held by a first system and a second system. Then, a selection unit (415) of the security management apparatus (201) selects a security measure to be implemented, from among candidates for a security measure against a threat to an information asset held by the first system, in accordance with a dependence relation indicated by the dependency information (412) received by the second communication unit (411).
    Type: Application
    Filed: June 1, 2016
    Publication date: March 14, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Tomonori NEGI, Kiyoto KAWAUCHI, Junko NAKAJIMA, Yukio IZUMI, Hiroyuki SAKAKIBARA, Shigeki KITAZAWA, Kazuhiro ONO, Takeshi ASAI, Hideaki IJIRO, Hiroki NISHIKAWA
  • Patent number: 10050798
    Abstract: The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block.
    Type: Grant
    Filed: February 6, 2015
    Date of Patent: August 14, 2018
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki Nishikawa, Takumi Yamamoto
  • Publication number: 20180019883
    Abstract: The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block.
    Type: Application
    Filed: February 6, 2015
    Publication date: January 18, 2018
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Takumi YAMAMOTO
  • Publication number: 20140143179
    Abstract: Breakdown estimation unit obtains, by first processing portion, component ratio, by application, of energy usage amount in year using model case, and prorates, by second processing portion, record value of energy usage amount in year, by application, with component ratio obtained by first processing portion. Breakdown estimation unit prorates, by month, by third processing portion, energy usage amounts obtained by the second processing portion, excluding energy usage amount of one application, with component ratio, by month, of energy usage amount of the corresponding application in model case. Breakdown estimation unit estimates, by fourth processing portion, for each month, residual amount obtained by subtracting energy usage amounts prorated by third processing portion from record value of energy usage amount as the energy usage amount of the one application in month.
    Type: Application
    Filed: September 13, 2012
    Publication date: May 22, 2014
    Applicant: PANASONIC CORPORATION
    Inventors: Koichi Takaoka, Hiroki Nishikawa, Takashi Kurio