Kondo, Takao

写真a

Affiliation

Research Centers and Institutes, Keio University Global Research Institute ( Mita )

Position

Project Associate Professor (Non-tenured)

Related Websites
Scopus Paper Info  
Paper Count: 29 Citation Count: 55 h-index: 4

Click to view the Scopus page. The data was downloaded from Scopus API in May 24, 2026, via http://api.elsevier.com and http://www.scopus.com .

Page Top ▲

Other Affiliation 【 Display / hide

  • Cyber Security Research Center, Keio University, Researcher

  • Keio Research Institute of SFC, Keio University, Senior Researcher

  • KMD Research Institute, Keio University, Researcher

  • Industrial Cyber Security Center of Excellence, IPA, Expert Committee Member

Page Top ▲

Career 【 Display / hide

  • 2013.04
    -
    2017.03

    Keio University, Graduate School of Science and Technology, Project Researcher

  • 2017.04
    -
    2020.10

    Keio University, Headquarters of Information Technology Center, Assistant Professor

  • 2020.11
    -
    2023.07

    Keio University, Computer Security Incident Response Team, Assistant Professor

  • 2023.08
    -
    2026.03

    Hokkaido University, Information Initiative Center, Assistant Professor

  • 2023.10
    -
    2026.03

    Keio University, Global Research Institute, Project Assistant Professor

display all >>

Page Top ▲

Academic Background 【 Display / hide

  • 2009.04
    -
    2013.03

    Keio University, Faculty of Science and Technology, Department of Information and Computer Science

    University, Graduated

  • 2013.04
    -
    2015.03

    Keio University, Graduate School of Science and Technology

    Graduate School, Completed, Master's course

  • 2015.04
    -
    2016.03

    Keio University, Graduate School of Medicine

    Graduate School, Completed, Master's course

  • 2016.04
    -
    2022.03

    Keio University, Graduate School of Science and Technology

    University, Completed, Doctoral course

Page Top ▲

Academic Degrees 【 Display / hide

  • Doctor (Engineering), Keio University, Coursework, 2022.03

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

Page Top ▲

Licenses and Qualifications 【 Display / hide

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2022.08

Page Top ▲
 

Research Areas 【 Display / hide

  • Informatics / Information security

  • Informatics / Information network

Page Top ▲

Research Keywords 【 Display / hide

  • Cybersecurity

  • Internet Engineering

  • Distributed Systems

Page Top ▲
 

Papers 【 Display / hide

  • A Network Management Method Using Network Ontology Bonsai and Network Information Sharing Framework KANVAS

    Mori K., Kuchii K., Kondo T., Teraoka F.

    IEICE Transactions on Communications E109.B ( 2 ) 107 - 126 2026.02

    ISSN  09168516

     View Summary

    Generally, a network administrator designs, constructs, and operates an enterprise network. To manage a network correctly, the network administrator needs to understand its configuration. Since inconsistencies between the network design understood by the administrator and the actual network configuration might arise due to mistakes or errors, a method for automatically detecting such inconsistencies is needed. The following five techniques are necessary for this purpose: (i) a machine-readable notation to represent the network configuration, (ii) a tool to write down the network design in the machine-readable notation defined in (i), (iii) a tool to automatically detect the current network configuration and write it down in the machine-readable notation defined in (i), (iv) a tool to compare the two outputs generated in (ii) and (iii), and (v) a network management framework using machine-readable notation to simplify the network administrator’s tasks. This paper employs the network ontology called Bonsai for (i). Bonsai can represent not only a physical network configuration but also a network configuration with various network virtualization technologies such as VLAN (Virtual Local Area Network) and overlay. This paper proposes three tools, nc-design, nc-detect, and nc-diff, for (ii)–(iv) and confirms that they work as expected in a test network. In addition, this paper proposes a network information sharing framework called KANVAS (Knowledge base system in wide Area Networks with general Versatility, Availability, and Scalability) for (v). Evaluation results in a test network with virtualization technologies show that the proposed network management method can localize a network failure in a practical time.

  • GAMPALv2.5: Enhancing Large-scale Scanning Attack Inference in General-purpose Internet Traffic Anomaly Detection Mechanism

    Tachibana K., Kondo T., Minami H.

    2026 International Conference on Computing Networking and Communications Icnc 2026    484 - 490 2026

     View Summary

    To detect anomalies in the Internet backbone traffic, Wakui et al. (2025) proposed GAMPALv2 (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data, version 2). It detects anomalies by comparing the predicted flow sizes with the real observation on aggregated flow traffic, using random forest regression models. It has detected YouTube service disruption, some event traffic and DDoS attacks. However, it does not have enough potential to detect a sort of initial attack activities like scanning and spam. In this paper, we extend it as GAMPALv2.5 to detect them, employing three traffic indicators, specifically flow size, packet count, and session count. We also evaluate and compare the performance with GAMPALv2 through a benchmark dataset.

  • GAMPALv2: An Anomaly Detection Mechanism for Internet Traffic by Predicting Flow Size Range from Time Features

    Wakui T., Teraoka F., Kondo T.

    IEICE Transactions on Information and Systems E108.D ( 6 ) 505 - 516 2025.06

    ISSN  09168532

     View Summary

    To detect anomalies on an Internet backbone network, we proposed GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces PA (Prefix Aggregate). It adopts an LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) as a model that focuses on the periodicity of Internet traffic patterns at a weekly scale. However, GAMPAL has three issues: (i) computational complexity, (ii) difficulty in defining detection threshold, and (iii) difficulty in detecting when and in which PA anomaly occurred. Therefore, this paper proposes GAMPALv2, which solves these problems for the practical use of GAMPAL. To solve (i), GAMPALv2 reduces the dimension of the input variables from 288 (five-minute slots in a day) to 7 by defining time features. It also adopts the RFR (Random Forest Regressor) as a prediction model. To solve (ii) and (iii), GAMPALv2 defines the predicted range based on the predicted values of the RFR and detects anomalies for each PA by comparing the predicted range with the observed value. As a result, the training and prediction time is reduced from four days using a GPU to 23 minutes using an 8-core CPU. Utilizing semantics such as date, time, and day of the week defined in the time features improves prediction accuracy. The evaluation results show that GAMPALv2 can detect anomalies in the real world, such as connection failure on YouTube, DDoS (Distributed Denial of Service) attacks, and increasing traffic due to an event. In addition, the accuracy evaluation shows that the recall is improved. Although not precisely comparable due to the different calculation methods, the average recall in the previous work is 81.8%, whereas recall improves to 93.1% in GAMPALv2.

  • Using FIDO-based Authentication to Improve the Security of Software Supply Chains

    Luke K., Mayes K., Kondo T., Kai S., Tezuka S.

    Journal of Information Processing 33   708 - 722 2025

     View Summary

    Software supply chain security has relied upon layered protective measures, such as fuzzing, code signing, and secure coding, to protect against unintentional vulnerabilities and intentional tampering. Regrettably, attacks, such as Solar Winds and Log4Shell zero-day, demonstrated that current protections are insufficient. As a result, several projects have emerged, aimed at providing rigorous protections, focusing largely on dependency management, code signing, and binary file tracking. A common approach adds developer identity within the code signing ecosystem, establishing a chain of trust between developers and code-signing keys. However, these solutions depend upon external identity providers performing authentication correctly, leaving potential for account hijacking and other identity-based attacks. Mitigation is offered via monitoring and auditing, but relies on other parties to actively monitor for anomalies. In this paper, we propose and evaluate a FIDO-based extension to the Sigstore system, which would embed authentication data into the signing process, providing end-users with added identity assurance, complementing Sigstore’s key-to-identity mapping. By providing attestation information to increase authentication strength, we can potentially issue longer lifetime developer certificates, reducing the overall number, for a more scalable system. We also perform a basic evaluation to demonstrate that our improvements can be implemented feasibly with minimal changes to Sigstore.

  • Detecting Inconsistency between Network Design and Current State Based on Network Ontology Bonsai

    Mori K., Kondo T., Teraoka F.

    Asian Internet Engineering Conference Aintec 2024    76 - 84 2024.08

     View Summary

    Generally, a network administrator designs, constructs, and operates an enterprise network. Since inconsistency between the network design understood by the administrator and the actual network configuration might arise due to mistakes or errors, a method for automatically detecting such inconsistency is needed. The following four techniques are necessary for this purpose. (i) A machine-readable notation to represent the network configuration. (ii) A tool to write down the network design using the machine-readable notation. (iii) A tool to automatically detect the current network configuration and write it down in the machine-readable notation. (iv) A tool to compare the two outputs generated in (ii) and (iii). This paper employs the network ontology called Bonsai for (i). Bonsai can represent not only physical configurations but also virtualization technologies such as VLAN and overlay. This paper proposes three tools, nc-design, nc-detect, and nc-diff for (ii)-(iv), and confirms that they work as expected in the test network. This paper also measures their fundamental performance.

display all >>

Page Top ▲

Papers, etc., Registered in KOARA 【 Display / hide

Page Top ▲
 

Courses Taught 【 Display / hide

  • INCIDENT RESPONSE AND FORENSIC

    2026

  • INCIDENT RESPONSE AND FORENSIC

    2025

  • INCIDENT RESPONSE AND FORENSIC

    2024

  • INCIDENT RESPONSE AND FORENSIC

    2023

  • INCIDENT RESPONSE AND FORENSIC

    2022

display all >>

Page Top ▲
 

Committee Experiences 【 Display / hide

  • 2018.03
    -
    Present

    Board member, WIDE Project

Page Top ▲