Patents by Inventor Kiyoto Kawauchi

Kiyoto Kawauchi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200382291
    Abstract: An acquisition unit acquires reception data. A first extraction unit extracts a domain name being a download domain name from the reception data. A second extraction unit extracts owner information indicating an owner of a public key certificate included in the reception data. A search unit searches a domain information search service using the owner information as a search key, and acquires a management domain name managed by the owner indicated by the owner information. A determination unit collates the management domain name with the domain name to determine whether a program included in the reception data is illegitimate.
    Type: Application
    Filed: September 15, 2017
    Publication date: December 3, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Hiroyuki SAKAKIBARA, Kiyoto KAWAUCHI, Tomonori NEGI
  • Publication number: 20200342095
    Abstract: A classification unit classifies, per attack log data of a plurality of pieces of attack log data, one or more pieces of log information included in the attack log data, by value set consisting of a value of a first element and a value of a second element, thereby generating one or more log information groups. An integration unit integrates, per log information group, one or more pieces of log information included in the log information group, thereby generating integrated data. An extraction unit extracts, per value set, in one or more value sets, that is common among the plurality of pieces of attack log data, common information from a plurality of pieces of integrated data corresponding to the plurality of pieces of attack log data. A generation unit generates one or more attack detection rules based on one or more pieces of common information.
    Type: Application
    Filed: June 21, 2018
    Publication date: October 29, 2020
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hideaki IJIRO, Kiyoto KAWAUCHI, Takuya SHOYA, Atsushi KATO, Hiromitsu SHIRAI, Hisashi FUKUDA
  • Publication number: 20200320191
    Abstract: A measure point extracting unit (203) extracts, from attack route information in which a threat and a plurality of attack routes each including one or more attack actions and being procedures for generating the threat are described, a plurality of combinations of attack actions to be addressed in order to inhibit generation of the threat. An objective-function deriving unit (204) acquires one or more measure candidates and an usability level of each of the measure candidates, for each of the attack actions included in the plurality of combinations of attack actions.
    Type: Application
    Filed: January 18, 2017
    Publication date: October 8, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takeshi ASAI, Kiyoto KAWAUCHI
  • Publication number: 20200104503
    Abstract: A reception unit receives communication packet data used for updating of a current program that is transmitted from a maintenance terminal apparatus. A control program construction unit acquires an updated program for the current program as a packet-updated program, using the communication packet data. A difference determination unit analyzes a difference between the current program and the packet-updated program and determines a probability that the packet-updated program is a normal updated program for the current program.
    Type: Application
    Filed: February 8, 2017
    Publication date: April 2, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Aiko IWASAKI, Kiyoto KAWAUCHI
  • Publication number: 20200073369
    Abstract: An attack/abnormality detection device includes: a command extraction unit configured to extract elements having the same command destination as a command destination of an additionally received actual manufacturing command from among each of a set of normal manufacturing commands and a set of actual manufacturing commands, which contain information on a command destination and an arrival order, and are stored in a command storage region; and a detection unit configured to detect an attack or an abnormality by comparing details of the commands with each other for each arrival order of both extracted elements.
    Type: Application
    Filed: January 25, 2017
    Publication date: March 5, 2020
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Masashi TATEDOKO, Tsuyoshi HIGUCHI, Kiyoto KAWAUCHI, Takeshi YONEDA
  • Publication number: 20200074327
    Abstract: In an evaluation apparatus (10), a profile database (31) is a database to store profile information indicating an individual characteristic of each of a plurality of persons. A security database (32) is a database to store security information indicating a behavior characteristic of each of the plurality of persons, which may become a security incident factor. A model generation unit (22) derives a relationship between the characteristic indicated by the profile information stored in the profile database (31) and the characteristic indicated by the security information stored in the security database (32), as a model. Upon receipt of an input of information indicating a characteristic of a different person, an estimation unit (23) estimates a behavior characteristic of the different person, which may become the security incident factor, by using the model derived by the model generation unit (22).
    Type: Application
    Filed: May 25, 2017
    Publication date: March 5, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Keisuke KITO, Kiyoto KAWAUCHI
  • Publication number: 20190372998
    Abstract: In an exchange-type attack simulation device (10), an e-mail reception unit (22) receives a reply e-mail to an e-mail transmitted by an e-mail transmission unit (26). A state transition unit (24) refers to correspondence information (31) indicating feature of e-mails corresponding to each of state transitions in a state transition model and thereby identifies a state transition corresponding to the reply e-mail received by the e-mail reception unit (22). An e-mail generation unit (25) generates an e-mail corresponding to the state transition identified by the state transition unit (24). The e-mail generation unit (25) makes the e-mail transmission unit (26) transmit the generated e-mail.
    Type: Application
    Filed: February 14, 2017
    Publication date: December 5, 2019
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Takumi YAMAMOTO, Keisuke KITO, Kiyoto KAWAUCHI
  • Patent number: 10491628
    Abstract: The present invention relates to an attack observation apparatus being a simulation environment where a malicious program such as malware created by an attacker is run, the simulation environment being built for observing the behavior and attack scheme of the malicious program. The attack observation apparatus includes a low-interactive simulation environment to execute on a terminal a predetermined response to communication coming from the malware, a high-interactive simulation environment to execute a response to the communication coming from the malware with using a virtual machine which simulates the terminal, and a communication management part to monitor an execution state of the low-interactive simulation environment with respect to the communication coming from the malware and switch the communication coming from the malware to the high-interactive simulation environment depending on the execution state of the low-interactive simulation environment.
    Type: Grant
    Filed: September 17, 2014
    Date of Patent: November 26, 2019
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Kiyoto Kawauchi, Shoji Sakurai
  • Publication number: 20190349390
    Abstract: A packet format inference apparatus includes a classification unit and an inference unit. The classification unit classifies, among a plurality of packets which are included in a packet data set as packet data and of which formats are unknown, relevant packets transmitted in a fixed cycle, as a packet group having a same arrival cycle. The inference unit infers a packet format for each packet group having the same arrival cycle.
    Type: Application
    Filed: February 6, 2017
    Publication date: November 14, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Keisuke KITO, Takumi YAMAMOTO, Hiroki NISHIKAWA, Kiyoto KAWAUCHI
  • Publication number: 20190294803
    Abstract: In an evaluation device (100), an attack generation unit (111) generates an attack sample. The attack sample is data for simulating an unauthorized act on a system. A comparison unit (112) compares the attack sample generated by the attack generation unit (111) and a normal state model. The normal state model is data acquired by modeling an authorized act on the system. Based on the comparison result, the comparison unit (112) generates information for generating an attack sample similar to the normal state model, and feeds back the generated information to the attack generation unit (111). A verification unit (113) checks whether the attack sample generated by the attack generation unit (111) satisfies a requirement for simulating an unauthorized act, and verifies, by using the attack sample satisfying the requirement, a detection technique implemented in a security product.
    Type: Application
    Filed: December 1, 2016
    Publication date: September 26, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Takumi YAMAMOTO, Hiroki NISHIKAWA, Keisuke KITO, Kiyoto KAWAUCHI
  • Patent number: 10325094
    Abstract: The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process.
    Type: Grant
    Filed: August 28, 2014
    Date of Patent: June 18, 2019
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Takumi Yamamoto, Shoji Sakurai, Kiyoto Kawauchi
  • Publication number: 20190149569
    Abstract: An electronic file copy notification reception unit acquires identification information on a terminal device connected to a first network switch to which a file server is connected, as first identification information, when the terminal device acquires a copy of an electronic file from the file server. A determination instruction unit acquires identification information on a device, as second identification information, when the device is newly connected to a second network switch different from the first network switch. The determination instruction unit matches the first identification information with the second identification information and instructs the second network switch to restrict communication to and from the terminal device via the second network switch in case where the first identification information coincides with the second identification information.
    Type: Application
    Filed: June 15, 2016
    Publication date: May 16, 2019
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Shigeki KITAZAWA, Yukio IZUMI, Tomonori NEGI, Kiyoto KAWAUCHI
  • Patent number: 10282542
    Abstract: An attack activity definition information database 111 stores, for a plurality of events, attack activity definition information describing an event, a precondition, and an achieved phenomenon. The event is observed by an information system when an attack against the information system is underway. The precondition is a prerequisite condition for the event to be observed. The achieved phenomenon is a phenomenon of the time after the event is observed. An event receiving part 108 receives observed event notice information notifying an observed event which is observed by the information system.
    Type: Grant
    Filed: October 24, 2013
    Date of Patent: May 7, 2019
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventor: Kiyoto Kawauchi
  • Publication number: 20190121968
    Abstract: A key generation source identification device (10) is provided with a key identification unit (11) to cause malware to execute an encryption process, acquire an execution trace representing an execution status of the encryption process, and identify an encryption key used in the encryption process as an analysis key based on the execution trace, and an extraction unit (31) to extract, from the execution trace, a list of instructions on which the analysis key depends, as an instruction list. The key generation source identification device (10) is also provided with an acquisition unit (32) to determine whether a function called by a call instruction included in the instruction list is a dynamic acquisition function that acquires dynamic information dynamically changing and, when the function is the dynamic acquisition function, acquire the instruction list as a candidate of a key generation source which is at least a part of a program that generated the analysis key in the encryption process.
    Type: Application
    Filed: June 16, 2016
    Publication date: April 25, 2019
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hiroki NISHIKAWA, Tomonori NEGI, Kiyoto KAWAUCHI
  • Publication number: 20190081988
    Abstract: A second communication unit (411) of a security management apparatus (201) externally receives dependency information (412) indicating a dependence relation between information assets individually held by a first system and a second system. Then, a selection unit (415) of the security management apparatus (201) selects a security measure to be implemented, from among candidates for a security measure against a threat to an information asset held by the first system, in accordance with a dependence relation indicated by the dependency information (412) received by the second communication unit (411).
    Type: Application
    Filed: June 1, 2016
    Publication date: March 14, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Tomonori NEGI, Kiyoto KAWAUCHI, Junko NAKAJIMA, Yukio IZUMI, Hiroyuki SAKAKIBARA, Shigeki KITAZAWA, Kazuhiro ONO, Takeshi ASAI, Hideaki IJIRO, Hiroki NISHIKAWA
  • Publication number: 20180307832
    Abstract: A monitor event designating unit (131) designates, if an attack event which attacks an information system in which a plurality of system component elements are included is detected and a notification of a detected event which is the detected attack event and an event involvement element which is a system component element involved in an occurrence of the detected event is provided, an attack event which can occur next to the detected event due to involvement of the event involvement element as a monitor event. An involvement candidate element designating unit (143) designates, as an involvement candidate element, a system component element of the plurality of system component elements, the system component element which can be involved in an occurrence of the monitor event other than the event involvement element.
    Type: Application
    Filed: December 14, 2015
    Publication date: October 25, 2018
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hideaki IJIRO, Kiyoto KAWAUCHI
  • Patent number: 10073973
    Abstract: A test memory extracting unit 110 extracts a test memory image 191 from a memory area of a target system. A template memory extracting unit 120 extracts a template memory image 192 from a template system not infected with malware. An injected code detecting unit 130 compares the test memory image 191 with the template memory image 192, and generates an injected code list 193. An injected code testing unit 140 generates a malicious code list 195 based on the injected code list 193 and a test rule list 194. A test result output unit 150 generates a test result file 196 based on the malicious code list 195.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: September 11, 2018
    Assignee: Mitsubishi Electric Corporation
    Inventors: Takumi Yamamoto, Kiyoto Kawauchi, Shoji Sakurai
  • Publication number: 20180211021
    Abstract: The present invention relates to an authentication device that executes an online transaction typified by a transfer process of an online banking service. The authentication device includes a secret information storage unit to store secret information; a verification unit to verify validity of input data including input information of a user; an information extraction unit to extract the input information from the input data the validity of which has been verified by the verification unit; an authentication information generation unit to generate authentication information with the input information extracted by the information extraction unit and the secret information stored in the secret information storage unit; and a display unit to display the authentication information generated by the authentication information generation unit.
    Type: Application
    Filed: August 6, 2015
    Publication date: July 26, 2018
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Tomonori NEGI, Takeshi YONEDA, Nori MATSUDA, Takumi MORI, Takato HIRANO, Yoshihiro KOSEKI, Kiyoto KAWAUCHI
  • Patent number: 9916445
    Abstract: For a plurality of events, event stage information is stored which describes an event observed by an information system when an attack against the information system is underway, a pre-event stage, and a post-event stage. Observed event notice information is received which notifies an observed event observed by the information system. Event stage information is searched for which describes the observed event notified by the observed event notice information. Event stage information is searched for which describes a post-event stage coinciding with a pre-event stage of the event stage information searched for, or a pre-event stage coinciding with a post-event stage of the event stage information searched for.
    Type: Grant
    Filed: February 26, 2014
    Date of Patent: March 13, 2018
    Assignee: Mitsubishi Electric Corporation
    Inventors: Hideaki Ijiro, Kiyoto Kawauchi
  • Patent number: 9853994
    Abstract: In a log analysis cooperation system including a logger that collects a log of a communication device and stores the log in a storage device, a SIEM apparatus that detects an attack, and a log analysis apparatus that analyzes the log collected by the logger, a log analysis cooperation apparatus stores an attack scenario in a storage device, receives from the SIEM apparatus warning information including information on the detected attack, computes a predicted occurrence time of an attack predicted to occur subsequent to the detected attack based on the warning information and the attack scenario, and transmits to the log analysis apparatus a scheduled search to search the log at predicted occurrence time computed. The log analysis apparatus transmits a scheduled search to the logger to search the log at the predicted occurrence time.
    Type: Grant
    Filed: November 8, 2013
    Date of Patent: December 26, 2017
    Assignee: Mitsubishi Electric Corporation
    Inventors: Hiroyuki Sakakibara, Shoji Sakurai, Kiyoto Kawauchi