Patents by Inventor Kiyoto Kawauchi

Kiyoto Kawauchi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20170337378
    Abstract: The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process.
    Type: Application
    Filed: August 28, 2014
    Publication date: November 23, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Takumi YAMAMOTO, Shoji SAKURAI, Kiyoto KAWAUCHI
  • Publication number: 20170302683
    Abstract: The present invention relates to an attack observation apparatus being a simulation environment where a malicious program such as malware created by an attacker is run, the simulation environment being built for observing the behavior and attack scheme of the malicious program. The attack observation apparatus includes a low-interactive simulation environment to execute on a terminal a predetermined response to communication coming from the malware, a high-interactive simulation environment to execute a response to the communication coming from the malware with using a virtual machine which simulates the terminal, and a communication management part to monitor an execution state of the low-interactive simulation environment with respect to the communication coming from the malware and switch the communication coming from the malware to the high-interactive simulation environment depending on the execution state of the low-interactive simulation environment.
    Type: Application
    Filed: September 17, 2014
    Publication date: October 19, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Kiyoto KAWAUCHI, Shoji SAKURAI
  • Patent number: 9794274
    Abstract: An attack detection apparatus (6) collects packets a transmission source or a transmission destination of which is a protection target apparatus (5), and generates packet information by setting an entry for each collected packet and describing attribute data of the packet together with occurrence time of the packet for each entry. Further, the attack detection apparatus (6) stores definition information which defines an extraction time width and an extraction condition for each category of attack.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: October 17, 2017
    Assignee: Mitsubishi Electric Corporation
    Inventors: Shoji Sakurai, Kiyoto Kawauchi
  • Publication number: 20170277887
    Abstract: A candidate event derivation unit (101) derives, as a candidate event, an event predicted to occur in an information system (200) including a plurality of system components (300), the event being a candidate for a monitoring target. An attribute identification unit (102) derives, as a candidate system component, a system component (300) involved in occurrence of the candidate event from among the plurality of system components (300), and identifies an attribute of the candidate system component. A monitoring target decision unit (103) analyzes the attribute of the candidate system component identified by the attribute identification unit (102), and decides whether or not the candidate event is to be the monitoring target.
    Type: Application
    Filed: November 14, 2014
    Publication date: September 28, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hideaki IJIRO, Shoji SAKURAI, Kiyoto KAWAUCHI
  • Publication number: 20170237751
    Abstract: An attack detection apparatus (6) collects packets a transmission source or a transmission destination of which is a protection target apparatus (5), and generates packet information by setting an entry for each collected packet and describing attribute data of the packet together with occurrence time of the packet for each entry. Further, the attack detection apparatus (6) stores definition information which defines an extraction time width and an extraction condition for each category of attack.
    Type: Application
    Filed: September 8, 2014
    Publication date: August 17, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Shoji SAKURAI, Kiyoto KAWAUCHI
  • Publication number: 20160378980
    Abstract: For a plurality of events, event stage information is stored which describes an event observed by an information system when an attack against the information system is underway, a pre-event stage, and a post-event stage. Observed event notice information is received which notifies an observed event observed by the information system. Event stage information is searched for which describes the observed event notified by the observed event notice information. Event stage information is searched for which describes a post-event stage coinciding with a pre-event stage of the event stage information searched for, or a pre-event stage coinciding with a post-event stage of the event stage information searched for.
    Type: Application
    Filed: February 26, 2014
    Publication date: December 29, 2016
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Hideaki IJIRO, Kiyoto KAWAUCHI
  • Publication number: 20160239661
    Abstract: An attack activity definition information database 111 stores, for a plurality of events, attack activity definition information describing an event, a precondition, and an achieved phenomenon. The event is observed by an information system when an attack against the information system is underway. The precondition is a prerequisite condition for the event to be observed. The achieved phenomenon is a phenomenon of the time after the event is observed. An event receiving part 108 receives observed event notice information notifying an observed event which is observed by the information system.
    Type: Application
    Filed: October 24, 2013
    Publication date: August 18, 2016
    Applicant: Mitsubishi Electric Corporation
    Inventor: Kiyoto KAWAUCHI
  • Publication number: 20160224791
    Abstract: A test memory extracting unit 110 extracts a test memory image 191 from a memory area of a target system. A template memory extracting unit 120 extracts a template memory image 192 from a template system not infected with malware. An injected code detecting unit 130 compares the test memory image 191 with the template memory image 192, and generates an injected code list 193. An injected code testing unit 140 generates a malicious code list 195 based on the injected code list 193 and a test rule list 194. A test result output unit 150 generates a test result file 196 based on the malicious code list 195.
    Type: Application
    Filed: September 25, 2013
    Publication date: August 4, 2016
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Takumi YAMAMOTO, Kiyoto KAWAUCHI, Shoji SAKURAI
  • Publication number: 20160210474
    Abstract: An information leakage prevention apparatus 100 receives, from a LAN 109, communication data transmitted by a PC 112 to Internet 111, and when the received data has been encrypted, analyzes a log describing content of data processing performed in the PC 112 and extracts a key used to encrypt the communication data in the PC 112. Further, the information leakage prevention apparatus 100 decrypts the communication data using the extracted key and determines whether or not a keyword is included in a decryption result. If the keyword is not included in the decryption result, the information leakage prevention apparatus 100 transmits the communication data to the Internet 111 through a WAN 110.
    Type: Application
    Filed: August 27, 2013
    Publication date: July 21, 2016
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Shoji SAKURAI, Kiyoto KAWAUCHI, Takeshi UEDA, Tomonori NEGI
  • Publication number: 20150256554
    Abstract: In a log analysis cooperation system including a logger that collects a log of a communication device and stores the log in a storage device, a SIEM apparatus that detects an attack, and a log analysis apparatus that analyzes the log collected by the logger, a log analysis cooperation apparatus stores an attack scenario in a storage device, receives from the SIEM apparatus warning information including information on the detected attack, computes a predicted occurrence time of an attack predicted to occur subsequent to the detected attack based on the warning information and the attack scenario, and transmits to the log analysis apparatus a scheduled search to search the log at predicted occurrence time computed. The log analysis apparatus transmits a scheduled search to the logger to search the log at the predicted occurrence time.
    Type: Application
    Filed: November 8, 2013
    Publication date: September 10, 2015
    Applicant: Mitsubishi Electric Corporation
    Inventors: Hiroyuki Sakakibara, Shoji Sakurai, Kiyoto Kawauchi
  • Publication number: 20150205956
    Abstract: A progress status of an attack on an information system possibly carried out is visualized to display a warning to a user, without using a correlation rule. A table storage stores a past case table indicating a phase string obtained by concatenating phase values indicating attack progress degrees according to an event occurrence pattern in a past case. A phase string generator obtains a phase string by concatenating phase values according to the occurrence pattern of events that have occurred in the information system. A similarity degree calculator calculates a similarity degree between the obtained phase string and the phase string indicated in the past case table. An attack status visualization unit visualizes the progress status of the attack on the information system, based on the obtained phase string and a result of calculation of the similarity degree by the similarity degree calculator.
    Type: Application
    Filed: August 29, 2013
    Publication date: July 23, 2015
    Applicant: Mitsubishi Electric Corporation
    Inventors: Shoji Sakurai, Kiyoto Kawauchi
  • Publication number: 20150193617
    Abstract: Whether or not there is an attack that cannot be detected using signature information is determined without performing an enormous number of verifications. A signature detection not-applicable data pattern extracting part analyzes signature information and extracts a pattern of data which is not detected using the signature information. An attack data pattern extracting part analyzes a target program to which the signature information is to be applied, and extracts a pattern of attack data that attacks the target program. A pattern comparing part compares a signature detection not-applicable data pattern extracted by the signature detection not-applicable data pattern extracting part with an attack data pattern extracted by the attack data pattern extracting part, and extracts an attack data pattern coinciding with the signature detection not-applicable data pattern, as an attack data pattern not detected using the signature information.
    Type: Application
    Filed: August 29, 2013
    Publication date: July 9, 2015
    Applicant: Mitsubishi Electric Corporation
    Inventor: Kiyoto Kawauchi
  • Publication number: 20050241000
    Abstract: Scripts describing procedures usually used by attackers in a programming language are pre-accumulated. A script selected by the user out of the accumulated scripts is executed, which calls a plugin with logic implemented for attacking each security hole. This plugin is executed on a test target computer, which allows removing the necessity of the user having security knowledge about such as input/output relationship between test execution units.
    Type: Application
    Filed: October 8, 2003
    Publication date: October 27, 2005
    Inventor: Kiyoto Kawauchi