Patents by Inventor Shingo Orihara
Shingo Orihara has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11868853Abstract: An input unit receives an input of data, as learning purpose data and determination target data, in which requests made to a server by a user are represented in a time series. Then, a shaping unit shapes the received data. A classifying unit classifies the shaped data for each user who made the requests. Then, a learning unit extracts, from the classified learning purpose data, consecutive n requests as feature values of the learning purpose data, performs learning by using the feature values of the learning purpose data, and creates a profile for each user. A determination unit extracts, from the classified determination target data, consecutive n requests as feature values of the determination target data and performs determination of the determination target data based on the feature values of the determination target data and based on the profiles created by the learning unit.Type: GrantFiled: January 19, 2017Date of Patent: January 9, 2024Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo Orihara, Masaki Tanikawa, Tohru Sato, Yuta Iwaki
-
Patent number: 11563717Abstract: A generation method includes identifying, as paths that are abstraction candidates, dynamically generated paths among paths in a profile that is used to determine whether each request to a server is an attack, and counting numbers of path variations corresponding to the respective paths that are abstraction candidates, and abstracting paths contained in the profile when a number of variations counted at the counting satisfies a certain condition, by processing circuitry.Type: GrantFiled: April 15, 2019Date of Patent: January 24, 2023Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Kunio Miyamoto, Shingo Orihara, Yuta Iwaki, Yo Kanemoto, Yuichi Murata
-
Patent number: 11470097Abstract: A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.Type: GrantFiled: February 16, 2018Date of Patent: October 11, 2022Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo Orihara, Tohru Sato, Yohsuke Shimada, Yang Zhong, Yuta Iwaki
-
Patent number: 11244048Abstract: An attack pattern extraction device includes an extraction unit and an attack pattern generation unit. The extraction unit extracts a common character string of parameters included in an access log of communication that is determined as an attack. The attack pattern generation unit generates an attack pattern on the basis of a character string with a string length being equal to or longer than a predetermined length among extracted consecutive character strings.Type: GrantFiled: February 19, 2018Date of Patent: February 8, 2022Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo Orihara, Tohru Sato, Yohsuke Shimada, Yuta Iwaki, Yang Zhong
-
Patent number: 11233809Abstract: An extraction unit-extracts a specific request from among requests that do not match with a profile on the basis of a similarity to a request to a server, where the profile determines whether the request is an attack. Further, a determination unit determines whether the specific request extracted by the extraction unit meets a predetermined condition indicating that the specific request is continuously transmitted from a certain number or more of transmission sources. Furthermore, a control unit relearns the profile if the determination unit determines that the specific request meets the predetermined condition.Type: GrantFiled: February 20, 2018Date of Patent: January 25, 2022Assignee: NIPPON TELEGRAPE AND TELEPHONE CORPORATIONInventors: Yuta Iwaki, Shingo Orihara, Yang Zhong, Tohru Sato, Yohsuke Shimada
-
Publication number: 20210209504Abstract: A learning device generates a character class sequence abstracting a predetermined structure of a character string included in requests to a server. Also, the learning device saves an appearance frequency of each combination of predetermined identification information and character class sequence, which are included in requests for learning among the requests, as the profile. Also, the learning device collates combinations of predetermined identification information and character class sequence, which are included in requests for analysis among the requests, with the profile to detect abnormalities. Also, the learning device selects at least part of the requests, which are for analysis. Also, the learning device updates the profile based on the selected requests.Type: ApplicationFiled: April 19, 2019Publication date: July 8, 2021Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo ORIHARA, Yo KANEMOTO, Yuta IWAKI, Kunio MIYAMOTO, Yuichi MURATA
-
Publication number: 20210203677Abstract: A learning device generates a character class series abstracting a structure of a predetermined character string included in each of requests to the server which have been generated in a predetermined period. Also, for each of the combinations of the predetermined identification information and the character class series included in the requests, the learning device calculates a score for update which becomes higher as the number of times of appearance of the combination is increased and becomes higher as the appearance of the combination is continued. Based on the score for update, the learning device updates the profile of each combination for determining whether the request is an attack or not.Type: ApplicationFiled: April 16, 2019Publication date: July 1, 2021Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuta IWAKI, Shingo ORIHARA, Kunio MIYAMOTO, Yo KANEMOTO, Yuichi MURATA
-
Publication number: 20210168121Abstract: A generation method includes identifying, as paths that are abstraction candidates, dynamically generated paths among paths in a profile that is used to determine whether each request to a server is an attack, and counting numbers of path variations corresponding to the respective paths that are abstraction candidates, and abstracting paths contained in the profile when a number of variations counted at the counting satisfies a certain condition, by processing circuitry.Type: ApplicationFiled: April 15, 2019Publication date: June 3, 2021Applicant: Nippon Telegraph and Telephone CorporationInventors: Kunio MIYAMOTO, Shingo ORIHARA, Yuta IWAKI, Yo KANEMOTO, Yuichi MURATA
-
Patent number: 10860669Abstract: A user estimator includes an extractor extracting at least either order of page transitions on a website by a user or a time interval of transition to each page, as a feature amount of page browsing by the user, from data to be learned and representing a request by the user to the website, and extracting at least either order of page transitions on the website or a time interval of transition to each page, as a feature amount of page browsing by any user, from data to be estimated and representing requests by the users to the website, a learning unit creating a model indicating a feature of page browsing for each user, by learning the extracted feature amount, to be learned, of page browsing by each user, and an estimation unit referring to the feature amount, to be estimated, and the model, and estimating the user among users.Type: GrantFiled: June 2, 2016Date of Patent: December 8, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo Orihara, Yoshihito Oshima, Hiroshi Asakura
-
Patent number: 10789366Abstract: In a security information management device (10), security information, which is information related to security, is collected. The security information management device (10) extracts, by referring to a security dictionary storing therein a keyword related to security for each attribute, a keyword from referrer security information that becomes a source to be compared with security information for relevance thereto, and calculates, by comparing the extracted keyword with a keyword included in the collected security information, relevance between the referrer security information and the security information. The security information management device (10) then output security information having higher calculated relevance more preferentially.Type: GrantFiled: June 18, 2014Date of Patent: September 29, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tohru Sato, Yasushi Okano, Hiroshi Asakura, Shingo Orihara
-
Publication number: 20200252419Abstract: An extraction unit-extracts a specific request from among requests that do not match with a profile on the basis of a similarity to a request to a server, where the profile determines whether the request is an attack. Further, a determination unit determines whether the specific request extracted by the extraction unit meets a predetermined condition indicating that the specific request is continuously transmitted from a certain number or more of transmission sources. Furthermore, a control unit relearns the profile if the determination unit determines that the specific request meets the predetermined condition.Type: ApplicationFiled: February 20, 2018Publication date: August 6, 2020Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuta IWAKI, Shingo ORIHARA, Yang ZHONG, Tohru SATO, Yohsuke SHIMADA
-
Publication number: 20200012784Abstract: A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.Type: ApplicationFiled: February 16, 2018Publication date: January 9, 2020Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo ORIHARA, Tohru SATO, Yohsuke SHIMADA, Yang ZHONG, Yuta IWAKI
-
Publication number: 20190384910Abstract: An attack pattern extraction device includes an extraction unit and an attack pattern generation unit. The extraction unit extracts a common character string of parameters included in an access log of communication that is determined as an attack. The attack pattern generation unit generates an attack pattern on the basis of a character string with a string length being equal to or longer than a predetermined length among extracted consecutive character strings.Type: ApplicationFiled: February 19, 2018Publication date: December 19, 2019Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo ORIHARA, Tohru SATO, Yohsuke SHIMADA, Yuta IWAKI, Yang ZHONG
-
Publication number: 20190387012Abstract: A log analysis apparatus (10) extracts a parameter from an access log pertaining to a request issued from a user terminal to a server, learns the appearance frequency of the parameter, and stores the learning result in a profile storage unit (14a) as a profile. The log analysis apparatus (10) extracts a parameter from an access log under analysis, acquires a similarity by comparing the parameter with the parameter included in the profile stored in the profile storage unit (14a), and determines an access in the access log under analysis as an attack when the similarity is lower than a threshold. The log analysis apparatus (10) takes a tally of the number of different requesting user terminals, for each parameter, among the access logs under analysis including a parameter not found in the profile, or having a similarity lower than the threshold, and determines, when there is any parameter for which the number of such different user terminals is equal to or higher than a threshold, to re-learn the parameter.Type: ApplicationFiled: February 19, 2018Publication date: December 19, 2019Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo ORIHARA, Tohru SATO, Yohsuke SHIMADA, Yuta IWAKI, Yang ZHONG
-
Patent number: 10268820Abstract: A malware determination device, in which, upon input of an attribute name and an attribute value of an attribute of an executable file, a feature-selection setting unit registers the attribute with the attribute name in an attribute table as an attribute to be extracted, and registers the attribute value as an attribute value to be deleted in an attribute value table. Upon input of an executable file to be learned or to be determined, a feature extraction unit extracts an attribute value of an attribute registered as an attribute to be extracted in the attribute table from the executable file, to generate a feature vector including the extracted attribute value as a feature. A feature selection unit performs deletion of an attribute value registered as an attribute value to be deleted in the attribute value table from the feature vector.Type: GrantFiled: June 8, 2015Date of Patent: April 23, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yasushi Okano, Shingo Orihara, Tetsuya Abe, Hiroshi Asakura, Atsutoshi Kumagai
-
Patent number: 10262122Abstract: An analysis apparatus analyzes access logs including authentication results and authentication information of users, and includes: a calculation unit that calculates a similarity between pieces of authentication information in two consecutive access logs when access logs of the same access source, from the access logs, are chronologically arranged, and presumes that a piece of authentication information of the access logs of the user has been input by a human if the calculated similarity is equal to or greater than a predetermined value; and a risk determination unit that determines that there is a possibility that the access source in the access logs is being an attack source if an authentication result of any of the two access logs is authentication failure and the calculation unit presumes that any piece of authentication information of the two access logs has not been input by a human.Type: GrantFiled: October 22, 2015Date of Patent: April 16, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo Orihara, Hiroshi Asakura, Yang Zhong
-
Patent number: 10243982Abstract: A device including: a parameter extracting unit that extracts each parameter from an access request, a character-string class converting unit that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit that stores, as a profile in a storage unit, a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request.Type: GrantFiled: June 1, 2015Date of Patent: March 26, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yang Zhong, Hiroshi Asakura, Shingo Orihara, Kazufumi Aoki
-
Publication number: 20190087750Abstract: An input unit receives an input of data, as learning purpose data and determination target data, in which requests made to a server by a user are represented in a time series. Then, a shaping unit shapes the received data. A classifying unit classifies the shaped data for each user who made the requests. Then, a learning unit extracts, from the classified learning purpose data, consecutive n requests as feature values of the learning purpose data, performs learning by using the feature values of the learning purpose data, and creates a profile for each user. A determination unit extracts, from the classified determination target data, consecutive n requests as feature values of the determination target data and performs determination of the determination target data based on the feature values of the determination target data and based on the profiles created by the learning unit.Type: ApplicationFiled: January 19, 2017Publication date: March 21, 2019Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo ORIHARA, Masaki TANIKAWA, Tohru SATO, Yuta IWAKI
-
Publication number: 20180165369Abstract: A user estimation apparatus according to the present invention includes an extraction unit (11) that extracts at least either order of page transitions on a website by a user or a time interval of a transition to each page, as a feature amount of page browsing by the user, from data which is to be learned and represents a request by the user to the website, and the extraction unit extracts at least either order of page transitions on the website or a time interval of a transition to each page, as a feature amount of page browsing by any user, from data which is to be estimated and represents requests by the users to the website, a learning unit (12) that creates a model indicating a feature of page browsing for each user, by learning the extracted feature amount, which is to be learned, of page browsing by each user, and an estimation unit (14) that refers to the feature amount, which is to be estimated, of page browsing by the user, and the model, and estimates who the user is among users.Type: ApplicationFiled: June 2, 2016Publication date: June 14, 2018Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo ORIHARA, Yoshihito OSHIMA, Hiroshi ASAKURA
-
Patent number: 9940319Abstract: An information analysis system includes a remark analysis unit, a thread analysis unit, and a storing unit. The remark analysis unit analyzes importance of a remark included in a thread serving as a group of remarks posted on a network, based on remark data serving as data relating to the remark, for each of the remarks. The thread analysis unit analyzes which of a plurality of preset categories the thread belongs to, based on thread data serving as data relating to the thread. The storing unit stores the remark, the importance of the remark, and a category of the thread including the remark in association with each other for each of the remarks, in a predetermined storage unit.Type: GrantFiled: May 25, 2015Date of Patent: April 10, 2018Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Shingo Orihara, Atsutoshi Kumagai, Tetsuya Abe