Patents by Inventor Tsunato NAKAI

Tsunato NAKAI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210112062
    Abstract: An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, in order to generate a whitelist used for whitelisting intrusion detection, and includes a model verification unit that verifies, on the basis of an input model, at least one of whether or not normal communication in the system has been modeled correctly and whether or not the model is logically consistent, and a model conversion unit that converts the verified model into a whitelist.
    Type: Application
    Filed: January 23, 2017
    Publication date: April 15, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI, Tsunato NAKAI, Takeshi UEDA, Nobuhiro KOBAYASHI, Benoit BOYER
  • Publication number: 20210006570
    Abstract: A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).
    Type: Application
    Filed: April 26, 2016
    Publication date: January 7, 2021
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Tsunato NAKAI, Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
  • Publication number: 20200314130
    Abstract: In an attack detection device, a white list storage unit correlates and stores, for each system state, a white list defining system information permitted in the system state. A state estimation unit estimates a current system state of a control system on the basis of communication data communicated between a server device and equipment. An attack determination unit acquires the white list corresponding to the current system state from the white list storage unit, and determines whether or not an attack has been detected, on the basis of the acquired white list and the system information in the current system state.
    Type: Application
    Filed: January 19, 2017
    Publication date: October 1, 2020
    Applicant: Mitsubishi Electric Corporation
    Inventors: Tsunato NAKAI, Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
  • Publication number: 20200279174
    Abstract: A model generation unit (112) generates a state model that indicates a measurement value in each state of a monitoring target, based on a plurality of measurement values obtained by measuring the monitoring target. An integration unit (114) generates a detection rule that indicates communication information in each state of the monitoring target, based on pieces of communication data communicated by the monitoring target in a time period during which the plurality of measurement values are obtained. An attack detection unit (115) determines whether new communication data is attack data, using the state model and the detection rule.
    Type: Application
    Filed: January 17, 2018
    Publication date: September 3, 2020
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Tsunato NAKAI, Sachihiro ICHIKAWA
  • Publication number: 20200092313
    Abstract: An allowed communication list conversion unit (123) assigns one or more flags to request communication and response communication, between which a correspondence relationship is described in a detection rule, and describes, in an allowed communication list, details of a flag operation specifying a value to be set to the flag and a flag condition for determining whether the value to be set is set in the flag, in association with each other. A determination unit (103) sets the value after determining that communication data on the request communication is normal, determines whether the value is set in the flag based on the flag condition when determining whether communication data on the response communication to the request communication is normal, and determines that the communication data on the response communication is normal when the value is set, to thereby reset the flag.
    Type: Application
    Filed: January 20, 2017
    Publication date: March 19, 2020
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Teruyoshi YAMAGUCHI, Tsunato NAKAI, Koichi SHIMIZU, Nobuhiro KOBAYASHI
  • Publication number: 20190141059
    Abstract: A state management unit (210) identifies a state of an operational system, and determines presence or absence of a state transition of the operational system based on the identified state. In a case where there has been a state transition of the operational system, the state management unit determines, with use of a state transition scenario indicating a transition pattern of state transition, whether the state transition of the operational system matches the transition pattern indicated in the state transition scenario. If the state transition of the operational system does not match the transition pattern, an alert output unit (293) outputs an alert. If the state transition of the operational system matches the transition pattern, a whitelist management unit (220) switches whitelists, and an intrusion detection unit (230) performs whitelist-type intrusion detection.
    Type: Application
    Filed: June 23, 2016
    Publication date: May 9, 2019
    Applicant: Mitsubishi Electric Corporation
    Inventors: Koichi SHIMIZU, Teruyoshi YAMAGUCHI, Tsunato NAKAI, Nobuhiro KOBAYASHI
  • Patent number: 10171252
    Abstract: A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in respective operating states, a communication unit to obtain communication determination data, and a determination unit to determine whether or not the communication determination data is communication permitted data whose communication has been permitted in a current operating state, using the current operating state and the communication permission list.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: January 1, 2019
    Assignee: Mitsubishi Electric Corporation
    Inventors: Teruyoshi Yamaguchi, Koichi Shimizu, Nobuhiro Kobayashi, Tsunato Nakai
  • Publication number: 20170279622
    Abstract: A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in respective operating states, a communication unit to obtain communication determination data, and a determination unit to determine whether or not the communication determination data is communication permitted data whose communication has been permitted in a current operating state, using the current operating state and the communication permission list.
    Type: Application
    Filed: December 22, 2015
    Publication date: September 28, 2017
    Applicant: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Teruyoshi YAMAGUCHI, Koichi SHIMIZU, Nobuhiro KOBAYASHI, Tsunato NAKAI