Patents by Inventor Takeo Hariu
Takeo Hariu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11609998Abstract: A difference extracting unit extracts, from an executable file converted from a source code and an executable file converted from a source code after vulnerability correction is made to the source code, a difference of a part where the vulnerability correction is made. A feature calculating unit calculates features of the difference extracted by the difference extracting unit. A difference extracting unit extracts, from an executable file converted from a source code and an executable file converted from a source code after correction is made to the source code, a difference of a predetermined part. A similarity calculating unit calculates similarity between the difference of the predetermined part calculated by the difference extracting unit and the features of the difference of the part where the vulnerability correction is made calculated by the feature calculating unit.Type: GrantFiled: May 8, 2018Date of Patent: March 21, 2023Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Asuka Nakajima, Makoto Iwamura, Takeo Hariu
-
Patent number: 11481307Abstract: For the purpose of reproducing a call stack accurately without restricting the range of application, a stack scanner extracts, from a stack area of a thread whose call stack is to be acquired in a memory space of an application process, possible return addresses that are addresses in a feasible region in the memory space each representing a command right after a function call command. A program analyzer analyzes a control flow representing a flow of control configured by a branch in a function that is called by the function call command right before the command represented by each of the possible return addresses and, when there is a route reaching a command currently being executed in the control flow, determines that the possible return address is a return address and, when there is not the route, determines that the possible return address is not a return address.Type: GrantFiled: June 28, 2018Date of Patent: October 25, 2022Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuto Otsuki, Yuhei Kawakoya, Makoto Iwamura, Takeo Hariu, Takeshi Yagi
-
Patent number: 11283801Abstract: An account identification apparatus sets browsing authority for each of accounts such that browsing permission/prohibition is different for each of Web pages. Furthermore, the account identification apparatus causes a user terminal having accessed a predetermined Web site to transmit a request to each of the Web pages so as to acquire information about browsing permission/prohibition for each of the Web pages with regard to the user terminal and uses the acquired information about browsing permission/prohibition to identify an account with which the user terminal has logged in.Type: GrantFiled: May 24, 2018Date of Patent: March 22, 2022Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu
-
Patent number: 11182479Abstract: A call stack acquisition device reproduces, from a memory dump, a memory space of a process to which a thread as a production target of a call stack belongs. Then, the call stack acquisition device acquires execution context of the thread by acquiring, from a virtual memory space, register information of the thread, which is stored in a memory by an OS. In addition, the call stack acquisition device acquires a current stack position and a currently executed function from the acquired execution context. Thereafter, the call stack acquisition device acquires the call stack by tracing return addresses of a series of functions as callers of the currently executed function on the stack from metadata of an execution file of the process including the thread.Type: GrantFiled: July 2, 2018Date of Patent: November 23, 2021Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuto Otsuki, Yuhei Kawakoya, Makoto Iwamura, Takeo Hariu, Takeshi Yagi
-
Patent number: 10853483Abstract: A command server identification device adds a tag to data received by malware upon execution of the malware, the tag capable of uniquely identifying identification information for a transmission source of the data, and tracks propagation of the data added with the tag. The command server identification device acquires a tag of data referenced by a branch instruction executed by the malware, among the tracked data. The command server identification device analyzes information on an instruction of a branch destination not executed by the malware after the branch instruction. Then, the command server identification device identifies identification information of a command server for issuing a command to the malware from the identification information of the transmission source corresponding to the acquired tag, based on the result of analysis.Type: GrantFiled: December 4, 2015Date of Patent: December 1, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori Ikuse, Kazufumi Aoki, Takeo Hariu
-
Publication number: 20200242002Abstract: For the purpose of reproducing a call stack accurately without restricting the range of application, a stack scanner extracts, from a stack area of a thread whose call stack is to be acquired in a memory space of an application process, possible return addresses that are addresses in a feasible region in the memory space each representing a command right after a function call command. A program analyzer analyzes a control flow representing a flow of control configured by a branch in a function that is called by the function call command right before the command represented by each of the possible return addresses and, when there is a route reaching a command currently being executed in the control flow, determines that the possible return address is a return address and, when there is not the route, determines that the possible return address is not a return address.Type: ApplicationFiled: June 28, 2018Publication date: July 30, 2020Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuto OTSUKI, Yuhei KAWAKOYA, Makoto IWAMURA, Takeo HARIU, Takeshi YAGI
-
Publication number: 20200218803Abstract: A call stack acquisition device reproduces, from a memory dump, a memory space of a process to which a thread as a production target of a call stack belongs. Then, the call stack acquisition device acquires execution context of the thread by acquiring, from a virtual memory space, register information of the thread, which is stored in a memory by an OS. In addition, the call stack acquisition device acquires a current stack position and a currently executed function from the acquired execution context. Thereafter, the call stack acquisition device acquires the call stack by tracing return addresses of a series of functions as callers of the currently executed function on the stack from metadata of an execution file of the process including the thread.Type: ApplicationFiled: July 2, 2018Publication date: July 9, 2020Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuto OTSUKI, Yuhei KAWAKOYA, Makoto IWAMURA, Takeo HARIU, Takeshi YAGI
-
Publication number: 20200213314Abstract: An account identification apparatus sets browsing authority for each of accounts such that browsing permission/prohibition is different for each of Web pages. Furthermore, the account identification apparatus causes a user terminal having accessed a predetermined Web site to transmit a request to each of the Web pages so as to acquire information about browsing permission/prohibition for each of the Web pages with regard to the user terminal and uses the acquired information about browsing permission/prohibition to identify an account with which the user terminal has logged in.Type: ApplicationFiled: May 24, 2018Publication date: July 2, 2020Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Takuya WATANABE, Eitaro SHIOJI, Mitsuaki AKIYAMA, Takeshi YAGI, Takeo HARIU
-
Patent number: 10645098Abstract: A malware analysis system includes a preliminary analysis unit, a determination unit, and a designation unit. The preliminary analysis unit executes malware obtained as a candidate for an analyzing subject to obtain information related to communication transmitted from the malware. The determination unit determines whether the malware is handled as an analyzing subject based on information obtained by the preliminary analysis unit. The designation unit designates an analyzing order with respect to malware having been determined by the determination unit as an analyzing subject based on information obtained by the preliminary analysis unit.Type: GrantFiled: December 15, 2015Date of Patent: May 5, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori Ikuse, Kazufumi Aoki, Takeo Hariu
-
Publication number: 20200097664Abstract: A difference extracting unit extracts, from an executable file converted from a source code and an executable file converted from a source code after vulnerability correction is made to the source code, a difference of a part where the vulnerability correction is made. A feature calculating unit calculates features of the difference extracted by the difference extracting unit. A difference extracting unit extracts, from an executable file converted from a source code and an executable file converted from a source code after correction is made to the source code, a difference of a predetermined part. A similarity calculating unit calculates similarity between the difference of the predetermined part calculated by the difference extracting unit and the features of the difference of the part where the vulnerability correction is made calculated by the feature calculating unit.Type: ApplicationFiled: May 8, 2018Publication date: March 26, 2020Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Asuka NAKAJIMA, Makoto IWAMURA, Takeo HARIU
-
Patent number: 10534914Abstract: A vulnerability finding device has a vulnerability extracting unit, a normalization processing unit, and a matching unit. The vulnerability extracting unit extracts a first program code corresponding to a vulnerable part of software. The normalization processing unit performs normalization of a parameter included in the first program code extracted by the vulnerability extracting unit and a second program code of software to be inspected for a vulnerable part. The matching unit performs matching between the first program code after the normalization and the second program code after the normalization, and detects a program code, which is a program code that is the same as or similar to the first program code, from the second program code.Type: GrantFiled: July 30, 2015Date of Patent: January 14, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Asuka Nakajima, Makoto Iwamura, Takeo Hariu
-
Patent number: 10412101Abstract: A detection device includes a data-propagation tracking unit that gives communication data a tag including attribute information associated with communication destination information of the communication data and tracks propagation of communication data on which the tag including the attribute information is given, and a falsification detection unit that detects falsification on the communication data when, in the communication data, there is a tag including attribute information different from attribute information corresponding to a transmission destination or a transmission source of the communication data.Type: GrantFiled: June 24, 2015Date of Patent: September 10, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori Ikuse, Kazufumi Aoki, Takeo Hariu
-
Patent number: 10397261Abstract: An identifying device monitors malware to be analyzed and acquires, as log data, the malware, download data downloaded from a communication destination, and a relation of data transfer performed with the malware or the communication destination of the download data. Then, the identifying device creates, by using the acquired log data, a dependency relation graph that is a digraph in which the malware, download data, and communication destination are set as nodes and a dependency relation of each node is set as an edge. Then, the identifying device detects a malicious node by collating the respective nodes of the created dependency relation graph with the known maliciousness information, and traces an edge in a direction from a terminal point to a start point while setting the malicious node as a base point, and then identifies the traced node as a new malicious node.Type: GrantFiled: October 8, 2015Date of Patent: August 27, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori Ikuse, Kazufumi Aoki, Takeo Hariu
-
Patent number: 10382455Abstract: A command and control server identifying apparatus provides data received by malware upon execution of the malware with a tag that allows to uniquely identify communication destination information of a source of the data, and tracks propagation of the data provided with the tag. Then, the command and control server identifying apparatus obtains a tag of data referred to by a branch instruction executed by the malware among tracked data. Then, the command and control server identifying apparatus identifies communication destination information of a command and control server that issues a command to the malware, based on communication destination information of a source associated with the obtained tag.Type: GrantFiled: March 5, 2015Date of Patent: August 13, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori Ikuse, Kazufumi Aoki, Takeo Hariu
-
Patent number: 10248790Abstract: A virtual machine includes a shadow memory, a shadow disk, and a virtual NIC. A virtual machine includes a guest OS. The shadow memory and the shadow disk each store therein pieces of data and pieces of tag information assigned to the pieces of data, so as to be kept in correspondence with one another. When malware transmits data, the virtual NIC generates the transmission information containing the transmitted data and tag information assigned to the transmitted data and further transmits the generated transmission information to the virtual machine. The guest OS extracts the tag information from the received transmission information. Further, the guest OS determines a transfer destination of the transmission information on the basis of the extracted tag information and further transfers the transmission information to the determined transfer destination.Type: GrantFiled: June 10, 2015Date of Patent: April 2, 2019Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Makoto Iwamura, Tomonori Ikuse, Mitsuaki Akiyama, Kazufumi Aoki, Takeo Hariu
-
Patent number: 10129275Abstract: An information processing device and method that monitor a behavior of malware (program), and generate a log which associates identification information of an invoked library function, input data to the library function, output data from the library function and a taint tag for uniquely specifying output data every time the program invokes a library function. Further, the information processing device and method refer to a taint tag set to output data from an information processing device and a log, track a dependent relationship between items of data input and output to and from libraries and specify a library function which has generated the output data from the information processing device.Type: GrantFiled: March 27, 2014Date of Patent: November 13, 2018Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Yuhei Kawakoya, Makoto Iwamura, Takeo Hariu
-
Patent number: 10108797Abstract: A monitoring device inspects a redirect code inserted into content of a compromised web site, and, in accordance with a result thereof, when information of a new malicious website is described in the redirect code, the monitoring device acquires information of the malicious website and registers the information on a blacklist. In addition, the monitoring device unregisters information of the malicious website that is no longer described in the redirect code in the content from the blacklist.Type: GrantFiled: March 6, 2015Date of Patent: October 23, 2018Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Mitsuaki Akiyama, Takeo Hariu
-
Patent number: 10097567Abstract: An information processing apparatus includes an adding unit and an identifying unit. The adding unit adds, to data received from a communication destination device by a program to be analyzed, a tag, by which the communication destination device is identifiable. If the tag has been added to data executed by a new program when an activation of or an activation reservation for the new program is detected, the identifying unit identifies the communication destination device identified by the tag.Type: GrantFiled: March 26, 2014Date of Patent: October 9, 2018Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Makoto Iwamura, Yuhei Kawakoya, Takeo Hariu
-
Publication number: 20180020012Abstract: A malware analysis system includes a preliminary analysis unit, a determination unit, and a designation unit. The preliminary analysis unit executes malware obtained as a candidate for an analyzing subject to obtain information related to communication transmitted from the malware. The determination unit determines whether the malware is handled as an analyzing subject based on information obtained by the preliminary analysis unit. The designation unit designates an analyzing order with respect to malware having been determined by the determination unit as an analyzing subject based on information obtained by the preliminary analysis unit.Type: ApplicationFiled: December 15, 2015Publication date: January 18, 2018Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori IKUSE, Kazufumi AOKI, Takeo HARIU
-
Publication number: 20170329962Abstract: A command server identification device adds a tag to data received by malware upon execution of the malware, the tag capable of uniquely identifying identification information for a transmission source of the data, and tracks propagation of the data added with the tag. The command server identification device acquires a tag of data referenced by a branch instruction executed by the malware, among the tracked data. The command server identification device analyzes information on an instruction of a branch destination not executed by the malware after the branch instruction. Then, the command server identification device identifies identification information of a command server for issuing a command to the malware from the identification information of the transmission source corresponding to the acquired tag, based on the result of analysis.Type: ApplicationFiled: December 4, 2015Publication date: November 16, 2017Applicant: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Tomonori IKUSE, Kazufumi AOKI, Takeo HARIU