Patents by Inventor Jun Miyoshi

Jun Miyoshi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12282550
    Abstract: A rule generation apparatus includes processing circuitry configured to enumerate rule candidates with different degrees of abstraction as candidates for a rule for detecting a malware trace using an analysis result of malware, and calculate evaluation values of the rule candidates enumerated using a predetermined evaluation function and sort a rule from among the rule candidates based on the evaluation values.
    Type: Grant
    Filed: November 28, 2019
    Date of Patent: April 22, 2025
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuma Kurogome, Yuhei Kawakoya, Makoto Iwamura, Yuto Otsuki, Jun Miyoshi
  • Patent number: 12265617
    Abstract: A labeling apparatus includes processing circuitry configured to extract a feature of malware to be labeled and features of a malware group with a known label, and identify malware or a malware group with a feature among the features of the malware group that is most similar to the feature of the malware to be labeled based on a degree of similarity between the feature of the malware to be labeled and each of the features of the malware group extracted, and give a label that has been given to the malware or the malware group to the malware to be labeled.
    Type: Grant
    Filed: September 7, 2020
    Date of Patent: April 1, 2025
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuma Kurogome, Makoto Iwamura, Jun Miyoshi
  • Publication number: 20240370571
    Abstract: An unsafe location enumeration unit (131) enumerates, based on a code of a program, locations that do not satisfy a predetermined condition indicating that type conversion is safe among locations where a type casting occurs in the program. A context extraction unit (132) transition an automaton corresponding to the locations enumerated by the unsafe location enumeration unit (131) and extract a context reaching the locations. A vulnerability verification unit (133) verifies whether the location extracted by the context extraction unit (132) satisfies an annotation prepared in advance.
    Type: Application
    Filed: April 27, 2021
    Publication date: November 7, 2024
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Tatsuhiro AOSHIMA, Toshinori USUI, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20240184887
    Abstract: An activity trace extraction device includes: an acquisition unit that acquires information regarding behavior of malware; a detection unit that detects an activity trace of the malware on the basis of the information regarding behavior of malware acquired by the acquisition unit; an addition unit that executes taint analysis on the malware and adds a taint tag based on the taint analysis to an output value of a predetermined application programming interface (API) in a case where the malware calls the API; a determination unit that determines presence or absence of dependency of the activity trace on the basis of the taint tag added by the addition unit; and an extraction unit that extracts the activity trace as an activity trace effective for detecting the malware in a case where the determination unit determines that there is no dependency of the activity trace.
    Type: Application
    Filed: March 16, 2021
    Publication date: June 6, 2024
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Tomonori IKUSE, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Patent number: 11989292
    Abstract: An analysis function imparting device according to the present invention includes processing circuitry configured to execute a script engine while monitoring the script engine to acquire an execution trace including an application programming interface (API) trace and a branch trace, analyze the execution trace, and detect a hook point that is a location to which a hook is applied and a code for analysis is inserted, detect, based on monitoring at the hook point, a tap point that is a memory monitoring location at which the code for analysis outputs a log, and apply a hook to the script engine to impart an analysis function to the script engine based on the hook point and the tap point.
    Type: Grant
    Filed: May 21, 2019
    Date of Patent: May 21, 2024
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori Usui, Yuto Otsuki, Makoto Iwamura, Yuhei Kawakoya, Jun Miyoshi
  • Publication number: 20240152611
    Abstract: A trace information determination device includes an extraction unit that extracts a feature of malware, a classification unit that performs clustering on the basis of the feature of malware extracted by the extraction unit and classifies the malware into a predetermined cluster, an attack tendency determination unit that determines a tendency of an attack of the malware on the basis of the cluster classified by the classification unit, and a validity determination unit that determines validity of trace information generated from an activity trace of the malware on the basis of a result of determination by the attack tendency determination unit.
    Type: Application
    Filed: March 16, 2021
    Publication date: May 9, 2024
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Tomonori IKUSE, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20240152603
    Abstract: An activity trace extraction device executes malware to collect an analysis log including a plurality of activity traces of the malware, and executes the malware again in an environment indicating time information different from time information at the time of executing the malware to collect a time change analysis log including a plurality of activity traces of the malware. The activity trace extraction device updates the analysis log by removing, from the analysis log, the activity trace different from the activity trace of the time change analysis log among the plurality of activity traces included in the analysis log based on the analysis log and the time change analysis log. The activity trace extraction device generates trace information of the malware independent of time lapse based on the updated analysis log.
    Type: Application
    Filed: March 16, 2021
    Publication date: May 9, 2024
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Tomonori IKUSE, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20240152615
    Abstract: An activity trace extraction device executes malware to collect an analysis log including a plurality of activity traces of the malware, and executes the malware again to collect an environment change analysis log including the plurality of activity traces of the malware assumed in a case where an execution environment of a system and a device used at execution of the malware and information unique to application software are changed. The activity trace extraction device updates, based on the analysis log and the environment change analysis log, the analysis log by removing, from the analysis log, an activity trace different from an activity trace of the environment change analysis log among the plurality of activity traces included in the analysis log. The activity trace extraction device generates trace information of the malware independent of the execution environment based on the analysis log updated.
    Type: Application
    Filed: March 16, 2021
    Publication date: May 9, 2024
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Tomonori IKUSE, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20230418941
    Abstract: The analysis function imparting device acquires a plurality of execution traces related to a branch instruction and memory access, by inputting a test script to a script engine and causing the script engine to execute the test script. The analysis function imparting device specifies a similar sequence on the basis of the plurality of execution traces and detects a function call included in the specified sequence as a candidate of a type conversion function. The analysis function imparting device detects a variable having an input/output relationship from a variable of a candidate argument and a return value of the type conversion function among the execution traces. The analysis function imparting device executes a taint analysis on the type variable function of the variable having an input/output relationship of the type conversion function, and detects a propagation leakage function indicating a type variable function.
    Type: Application
    Filed: October 14, 2020
    Publication date: December 28, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Tomonori IKUSE, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20230325477
    Abstract: The program protection device (100) includes an encoding unit (133) and an output unit (135). An encoding unit (133) encodes a program to be protected according to a specific encoding algorithm, and stores information used for decoding the encoded program in a relocation table of the encoded program. The output unit (135) outputs the program encoded by the encoding unit (133) as a protected program.
    Type: Application
    Filed: October 9, 2020
    Publication date: October 12, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20230325476
    Abstract: An obfuscation device (10) includes an analyzing unit (141) that converts first binary data output as an executable file into a first intermediate representation, a rewriting unit (142) that inserts a predetermined code called when the first binary data is output into the first intermediate representation acquired from the analyzing unit (141) and rewrites the first intermediate representation into a second intermediate representation, and an output unit (1413) that reads the predetermined code inserted by the rewriting unit (142), converts the second intermediate representation into executable second binary data, and outputs the second binary data when the second intermediate representation is to he converted into binary data.
    Type: Application
    Filed: September 10, 2020
    Publication date: October 12, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuma KUROGOME, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20230315611
    Abstract: A profile unit of a bug detection support apparatus specifies a plurality of hot paths indicating functions which frequently execute individual processing by executing a compiled binary file. The profile unit specifies, under a constraint condition that a total execution time of hot paths to which a bug detection tool is applied and hot paths to which the bug detection tool is not applied is shorter than a predetermined time, a combination of a hot path to which the bug detection tool is applied and a hot path to which the bug detection tool is not applied by obtaining a solution of an objective function which maximizes the number of the hot paths to which the bug detection tool is applied and minimizes the total execution time. A rewriting unit of the bug detection support apparatus rewrites an intermediate expression of the binary file.
    Type: Application
    Filed: September 14, 2020
    Publication date: October 5, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuma KUROGOME, Makoto IWAMURA, Jun MIYOSHI
  • Patent number: 11748476
    Abstract: A conversion device includes processing circuitry configured to receive a programmable signature as a target to be analyzed and symbolized data and/or a log as an input value, analyze the programmable signature by using a symbolic execution engine, and output a conditional branching process executed on the input value as a constraint on the input value and receive the output constraint on the input value, perform field conversion from the constraint on the input value to an output format based on a table of field name correspondence between formats, and output a static signature.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: September 5, 2023
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuhei Kawakoya, Makoto Iwamura, Jun Miyoshi
  • Publication number: 20230028595
    Abstract: An analysis function imparting device (10) includes a virtual machine analyzing unit (121) that analyzes a virtual machine of a script engine, a command set architecture analyzing unit (122) that analyzes a command set architecture that is a command system of the virtual machine, and an analysis function imparting unit (123) that performs hooking for imparting multipath execution functions to the script engine, on the basis of architecture information acquired by the analysis performed by the virtual machine analyzing unit (121) and the command set architecture analyzing unit (122).
    Type: Application
    Filed: October 11, 2019
    Publication date: January 26, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Tomonori IKUSE, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20230016772
    Abstract: A calculating unit calculates a semantics set relating to an entirety of state of a recursive neural network satisfying a specification. A determining unit determines whether or not the recursive neural network that is an object of checking satisfies the specification, on the basis of the semantics set and an initial state of the recursive neural network that is the object of checking.
    Type: Application
    Filed: December 11, 2019
    Publication date: January 19, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Tatsuhiro AOSHIMA, Toshinori USUI, Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20230004645
    Abstract: A labeling apparatus includes processing circuitry configured to extract a feature of malware to be labeled and features of a malware group with a known label, and identify malware or a malware group with a feature among the features of the malware group that is most similar to the feature of the malware to be labeled based on a degree of similarity between the feature of the malware to be labeled and each of the features of the malware group extracted, and give a label that has been given to the malware or the malware group to the malware to be labeled.
    Type: Application
    Filed: September 7, 2020
    Publication date: January 5, 2023
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuma KUROGOME, Makoto IWAMURA, Jun MIYOSHI
  • Publication number: 20220391505
    Abstract: A rule generation apparatus includes processing circuitry configured to enumerate rule candidates with different degrees of abstraction as candidates for a rule for detecting a malware trace using an analysis result of malware, and calculate evaluation values of the rule candidates enumerated using a predetermined evaluation function and sort a rule from among the rule candidates based on the evaluation values.
    Type: Application
    Filed: November 28, 2019
    Publication date: December 8, 2022
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuma KUROGOME, Yuhei KAWAKOYA, Makoto IWAMURA, Yuto OTSUKI, Jun MIYOSHI
  • Publication number: 20220283853
    Abstract: An analysis system includes processing circuitry configured to extract each running process and each thread in each process from data that records a state of a memory of an analysis object apparatus, acquire an object belonging to the process or the thread having been extracted, and specify a same object belonging to a plurality of processes or a plurality of threads among objects acquired and associate the plurality of processes or the plurality of threads to which the same object belongs.
    Type: Application
    Filed: August 7, 2019
    Publication date: September 8, 2022
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Yuhei KAWAKOYA, Makoto IWAMURA, Jun MIYOSHI, Yuto OTSUKI
  • Publication number: 20210390183
    Abstract: An analysis function imparting device according to the present invention includes processing circuitry configured to execute a script engine while monitoring the script engine to acquire an execution trace including an application programming interface (API) trace and a branch trace, analyze the execution trace, and detect a hook point that is a location to which a hook is applied and a code for analysis is inserted, detect, based on monitoring at the hook point, a tap point that is a memory monitoring location at which the code for analysis outputs a log, and apply a hook to the script engine to impart an analysis function to the script engine based on the hook point and the tap point.
    Type: Application
    Filed: May 21, 2019
    Publication date: December 16, 2021
    Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Toshinori USUI, Yuto OTSUKI, Makoto IWAMURA, Yuhei KAWAKOYA, Jun MIYOSHI
  • Patent number: 11176252
    Abstract: An intrusion prevention device includes a reception unit, a monitoring unit, and a determination unit. The reception unit receives, from a control target device, a notification indicating a state of the control target device. The monitoring unit receives a control command transmitted from a control device to the control target device. The determination unit determines whether to permit or block passage of the control command received by the monitoring unit in accordance with the state of the control target device received by the reception unit.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: November 16, 2021
    Assignees: NIPPON TELEGRAPH AND TELEPHONE CORPORATION, MITSUBISHI HEAVY INDUSTRIES, LTD.
    Inventors: Keiichi Okabe, Takaaki Koyama, Jun Miyoshi, Yoshihiro Itoh, Naohiko Yoshizumi, Tetsuo Takahashi, Yuki Mori, Toshiyuki Yamada, Naoki Yamasaki