Kondo, Takao

写真a

Affiliation

Research Centers and Institutes, Keio University Global Research Institute (Mita)

Position

Project Assistant Professor (Non-tenured)/Project Research Associate (Non-tenured)/Project Instructor (Non-tenured)

Related Websites

Other Affiliation 【 Display / hide

  • Cyber Security Research Center, Keio University, Researcher

  • Keio Research Institute of SFC, Keio University, Senior Researcher

  • KMD Research Institute, Keio University, Researcher

  • Industrial Cyber Security Center of Excellence, IPA, Researcher

Career 【 Display / hide

  • 2013.04
    -
    2017.03

    Keio University, Graduate School of Science and Technology, Project Researcher

  • 2017.04
    -
    2020.10

    Keio University, Headquarters of Information Technology Center, Assistant Professor

  • 2020.11
    -
    2023.09

    Keio University, Computer Security Incident Response Team, Assistant Professor

  • 2023.10
    -
    Present

    Keio University, Global Research Institute, Project Assistant Professor

  • 2023.10
    -
    Present

    Hokkaido University, Information Initiative Center, Assistant Professor

Academic Background 【 Display / hide

  • 2009.04
    -
    2013.03

    Keio University, Faculty of Science and Technology, Department of Information and Computer Science

    University, Graduated

  • 2013.04
    -
    2015.03

    Keio University, Graduate School of Science and Technology

    Graduate School, Completed, Master's course

  • 2015.04
    -
    2016.03

    Keio University, Graduate School of Medicine

    Graduate School, Completed, Master's course

  • 2016.04
    -
    2022.03

    Keio University, Graduate School of Science and Technology

    University, Completed, Doctoral course

Academic Degrees 【 Display / hide

  • Doctor (Engineering), Keio University, Coursework, 2022.03

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

Licenses and Qualifications 【 Display / hide

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2022.08

 

Research Areas 【 Display / hide

  • Informatics / Information network

  • Informatics / Information security

Research Keywords 【 Display / hide

  • Internet, Distributed Systems

  • Cyber Security

 

Papers 【 Display / hide

  • A Lightweight Abnormality Detection Mechanism by Stray Packets Analysis

    Jin Y., Matsuura S., Kondo T., Hosokawa T., Tomoishi M.

    Proceedings ACM SIGUCCS User Services Conference (Proceedings ACM SIGUCCS User Services Conference)     9 - 11 2023.03

     View Summary

    An academic organization network, e.g., a campus network, is running with limited financial support and manpower while it faces the same operational issues and cybersecurity threats as other organizations. Including the existing network facilities and computers for service providing, the increase of mobile devices such as BYOD becomes an issue in terms of misconfiguration and vulnerabilities. The current security systems focus on the backbone network so that the detailed traffic monitoring and data analysis cannot cover the abnormal behavior of all individual endpoints. In general, a misconfigured or intruded computer conducts some abnormal behavior, e.g., sending stray packets, compared to a normal device. Based on this point, we propose a lightweight abnormality detection mechanism by monitoring the stray packets in order to mitigate the above issues. As a result, not only the abnormal behavior can be detected but also maintain the performance of the existing security systems. In this paper, we describe the design and architecture of our proposed Traffic Analyzer', including the implementation and evaluation of our prototype system.

  • KANVAS: A Network Information Sharing Framework Based on Network Ontology Bonsai

    Kuchii K., Kondo T., Teraoka F.

    ACM International Conference Proceeding Series (ACM International Conference Proceeding Series)     79 - 87 2022.12

     View Summary

    Demands for acquiring Internet behavior are increasing for Internet-scale network understanding such as inter-AS path management and traffic engineering. Although there are several efforts to make Internet behavior public, most of the public information is not structured and it is hard for applications to use such information. This paper proposes a network information sharing framework called KANVAS. It defines a network ontology called Bonsai which models network structure from viewpoints of physical, logical, service, and operation network structures. Bonsai can express network virtualization technologies such as link aggregation (LAG), VLAN, L2 over L3 tunneling, and virtual routing and forwarding (VRF). Applications can access network information via useful API. As a first step of development of KANVAS and Bonsai, this paper describes network information sharing within a single domain focusing on failure localization and throughput monitoring as examples. Evaluation results on a PoC system show that the time for failure localization is short enough and a throughput monitoring tool can choose appropriate monitoring points.

  • ContMEC: An Architecture of Multi-access Edge Computing for Offloading Container-Based Mobile Applications

    Watanabe H., Yasumori R., Kondo T., Kumakura K., Maesako K., Zhang L., Inagaki Y., Teraoka F.

    IEEE International Conference on Communications (IEEE International Conference on Communications)  2022-May   3647 - 3653 2022

    ISSN  15503607

     View Summary

    This paper proposes an architecture called Cont-MEC for enabling UEs (User Equipments) to offload a part of applications to MEC (Multi-access Edge Computing) servers. It is expected that a MEC infrastructure is composed of a small number of centralized data centers and geographically distributed edge stations, in each of which multiple edge servers are installed. It is also expected that applications on UEs are implemented as container clusters similar to cloud-native applications and they are deployed on computing clusters. ContMEC has the following three features: (i) constructing a computing cluster per edge station for scalability to the number of UEs, (ii) hierarchical resource management for scalability and efficient resource sharing among computing clusters, and (iii) overlapped computing clusters for efficient resource sharing. A PoC (Proof-of Concept) implementation of ContMEC employs Kubernetes as a container orchestration system without modifications although Kubernetes does not take account of the MEC infrastructure. The PoC implementation shows that advantage of offloading is larger than disadvantage of implementing applications as container clusters, control traffic is moderate against the number of UEs, and efficient resource sharing among computing clusters is achieved.

  • FedIoT: An Autonomous and Decentralized IoT System Federation Mechanism with Primitive API

    Shimada K., Watanabe H., Kondo T., Teraoka F.

    Journal of Information Processing (Journal of Information Processing)  30   898 - 908 2022

     View Summary

    Current IoT systems are closed and specialized for specific purposes. In the near future, IoT Service Providers (IoTSPs) will emerge to allow providing sensing data observed by IoTSPs to subscribers. This paper proposes a mechanism called FedIoT, in which IoTSPs federate or namely unite in an autonomous and decentralized manner. Subscribers to an IoTSP in an FedIoT system can obtain sensing data observed by any IoTSPs in the FedIoT system. The design principle of FedIoT is analogous to that of the Internet. A FedIoT system is composed of multiple IoTSPs as the Internet is composed of multiple ASs (Autonomous Systems). FedIoT basically provides only sensing data to IoT applications and it depends on IoT applications how the sensing data is utilized as the Internet basically provides data exchange between applications. IoTSPs are interconnected with a unified interface called Primitive API considering operation policy as ASs exchange routing information considering operation policy. FedIoT defines a domain ontology called OntoFedIoT as the unified representation of locations and types of sensor nodes. A proof of concept system is implemented in Go language. The basic performance evaluation in this paper shows that the time required for obtaining sensing data is short enough for practical use.

  • LiONv2: An Experimental Network Construction Tool Considering Disaggregation of Network Configuration and Device Configuration

    Nagai Y., Watanabe H., Kondo T., Teraoka F.

    Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021 (Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021)     171 - 175 2021.06

    ISSN  9781665405225

     View Summary

    An experimental network environment plays an important role to examine new systems and protocols. We have developed an experimental network construction tool called LiONv1 (Lightweight On-Demand Networking, ver.1). LiONv1 satisfies the following four requirements: programmer-friendly configuration file based on Infrastructure as Code, multiple virtualization technologies for virtual nodes, physical topology conscious virtual node placement, and L3 protocol agnostic virtual networks. None of existing experimental network environments satisfy all the four requirements. In this paper, we develop LiONv2 which satisfies three more requirements: diversity of available network devices, Internet-scale deployment, and disaggregation of network configuration and device configuration. LiONv2 employs NETCONF and YANG to achieve diversity of available network devices and Internet-scale deployment. LiONv2 also defines two YANG models which disaggregate network configuration and device configuration. LiONv2 is implemented in Go and C languages with public libraries for Go. Measurement results show that construction time of a virtual network is irrelevant to the number of virtual nodes if a single virtual node is created per physical node.

display all >>

Papers, etc., Registered in KOARA 【 Display / hide

 

Courses Taught 【 Display / hide

  • INCIDENT RESPONSE AND FORENSIC

    2023

  • INCIDENT RESPONSE AND FORENSIC

    2022

  • INCIDENT RESPONSE AND FORENSIC

    2021

  • DATA SECURITY

    2021

  • DATA SECURITY

    2020

display all >>

 

Committee Experiences 【 Display / hide

  • 2018.03
    -
    Present

    Board member, WIDE Project