Kondo, Takao



Research Centers and Institutes, Computer Security Incident Response Team (Mita)


Assistant Professor (Non-tenured)/Research Associate (Non-tenured)/Instructor (Non-tenured)

Related Websites

Other Affiliation 【 Display / hide

  • Cyber Security Research Center, Keio University, Researcher

  • Keio Research Institute of SFC, Keio University, Senior Researcher

  • KMD Research Institute, Keio University, Researcher

  • Industrial Cyber Security Center of Excellence, IPA, Researcher

Career 【 Display / hide

  • 2013.04

    Graduate School of Science and Technology, Keio University., Project Researcher

  • 2017.04

    Keio University, Headquarters of Information Technology Center, Assistant Professor

  • 2020.11

    Keio University, Computer Security Incident Response Team, Assistant Professor

Academic Background 【 Display / hide

  • 2009.04

    Keio University, Faculty of Science and Technology, Department of Information and Computer Science

    University, Graduated

  • 2013.04

    Keio University, Graduate School of Science and Technology

    Graduate School, Completed, Master's course

  • 2015.04

    Keio University, Graduate School of Medicine

    Graduate School, Completed, Master's course

  • 2016.04

    Keio University, Graduate School of Science and Technology

    University, Completed, Doctoral course

Academic Degrees 【 Display / hide

  • Doctor (Engineering), Keio University, Coursework, 2022.03

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture


Research Areas 【 Display / hide

  • Informatics / Information network

  • Informatics / Information security

Research Keywords 【 Display / hide

  • Internet, Distributed Systems

  • Cyber Security


Papers 【 Display / hide

  • LiONv2: An Experimental Network Construction Tool Considering Disaggregation of Network Configuration and Device Configuration

    Nagai Y., Watanabe H., Kondo T., Teraoka F.

    Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021 (Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021)     171 - 175 2021.06

    ISSN  9781665405225

     View Summary

    An experimental network environment plays an important role to examine new systems and protocols. We have developed an experimental network construction tool called LiONv1 (Lightweight On-Demand Networking, ver.1). LiONv1 satisfies the following four requirements: programmer-friendly configuration file based on Infrastructure as Code, multiple virtualization technologies for virtual nodes, physical topology conscious virtual node placement, and L3 protocol agnostic virtual networks. None of existing experimental network environments satisfy all the four requirements. In this paper, we develop LiONv2 which satisfies three more requirements: diversity of available network devices, Internet-scale deployment, and disaggregation of network configuration and device configuration. LiONv2 employs NETCONF and YANG to achieve diversity of available network devices and Internet-scale deployment. LiONv2 also defines two YANG models which disaggregate network configuration and device configuration. LiONv2 is implemented in Go and C languages with public libraries for Go. Measurement results show that construction time of a virtual network is irrelevant to the number of virtual nodes if a single virtual node is created per physical node.

  • Verification of the Effectiveness to Monitor Darknet across Multiple Organizations

    Nishijima K., Kondo T., Hosokawa T., Shigemoto T., Kawaguchi N., Hasegawa H., Honda H., Suzuki Y., Kaji T., Nakamura O.

    Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021 (Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021)     346 - 351 2021

    ISSN  9781665428354

     View Summary

    Researchers and network operators regularly monitor unused Internet address space called the darknet to understand malicious activities on the Internet such as malware infections, DDoS, and scanning to find vulnerable systems. The purpose of this study is to demonstrate the effectiveness of darknet monitoring across multiple organizations by conducting a detailed similarity analysis. In this paper, we analyze darknet data observed in two organizations in different industries and the first octet subnet range. We compared the results of the similarity analysis between intra-organization and inter-organization calculations by dividing the address space into multiple blocks so that one organization conducts similarity analysis in an intra-organization manner. The results show that the similarity of the source hosts is lower in the inter-organization calculation than in the intra-organization calculation. In addition, we monitor more source hosts in inter-organization. Moreover, this work also reports that the results differ depending on the destination ports/protocols. From the results obtained, we clarified the effectiveness of distributing the monitoring points of the darknet across multiple organizations.

  • Management and network orchestration for edge/fog-based distributed data processing

    Watanabe H., Hayashi K., Sato T., Kondo T., Teraoka F.

    Journal of Information Processing (Journal of Information Processing)  29   640 - 648 2021

    ISSN  03875806

     View Summary

    In the age of edge/fog computing, it is important to consider not only computing resources but also network resources when hosting services. Since service is composed of multiple small functions in the microservice architecture, we treat a service as a set of BFs (basic functions) that fulfill a single task. It is required to place BFs at edge/fog nodes considering the computing resources and network requirements within a practical time. This paper proposes a MANO (Management and Network Orchestration) for deploying services composed of multiple BFs with requirements to computing and network resources of distributed nodes. The proposed MANO considers the computing resources of edge/fog/cloud as well as the network delay and the bandwidth between them. This paper proposes an optimal method and a heuristic method for calculating the placement of BFs. The evaluation results show that the placement calculation time for a service composed of four BFs is about 10 seconds with the optimal method and about 20 seconds with the heuristic method. The calculation time is within the practical range.

  • GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN

    Wakui T., Kondo T., Teraoka F.

    Annales des Telecommunications/Annals of Telecommunications (Annales des Telecommunications/Annals of Telecommunications)   2021

    ISSN  00034347

     View Summary

    This paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.

  • AFC: A Mechanism for Distributed Data Processing in Edge/Fog Computing

    Watanabe H., Sato T., Kondo T., Teraoka F.

    2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings (2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings)   2021

     View Summary

    A service in cloud computing is executed in a data center, which may result in large communication delay. To host applications requiring low latency, edge/fog computing has attracted great attention. This paper proposes a mechanism called AFC (Application Function Chaining) for realizing distributed edge/fog computing. In AFC, an application is defined as a Chained-AF, which is composed of one or more AFs (Application Functions) with control structures such as conditional branches. An AF basically fulfills a single task similar to a UNIX command. Thus, a Chained-AF looks like a distributed shell script and the networks look like a single computer from users' viewpoint. A MANO (Management and Network Orchestration) mechanism in AFC places AFs on optimal edge/fog servers which satisfy Chained-AF's requirements when it is launched. Evaluation results of a prototype implementation show that it takes 0.5 seconds and 3 seconds to launch a Chained-AF composed of two and six AFs, respectively, and that the throughput of a Chained-AF is more than 90 % of the line speed, which is independent of the number of AFs. The throughput of an AFC depends on processing performance of AFs, not on the AFC mechanism.

display all >>


Courses Taught 【 Display / hide












Committee Experiences 【 Display / hide

  • 2018.03

    Board member, WIDE Project