Kondo, Takao

写真a

Affiliation

Research Centers and Institutes, Computer Security Incident Response Team (Mita)

Position

Assistant Professor (Non-tenured)/Research Associate (Non-tenured)/Instructor (Non-tenured)

Related Websites

Other Affiliation 【 Display / hide

  • Cyber Security Research Center, Keio University, Researcher

  • Keio Research Institute of SFC, Keio University, Senior Researcher

  • KMD Research Institute, Keio University, Researcher

  • Industrial Cyber Security Center of Excellence, IPA, Researcher

Career 【 Display / hide

  • 2013.04
    -
    2017.03

    Graduate School of Science and Technology, Keio University., Project Researcher

  • 2017.04
    -
    2020.10

    Keio University, Headquarters of Information Technology Center, Assistant Professor

  • 2020.11
    -
    Present

    Keio University, Computer Security Incident Response Team, Assistant Professor

Academic Background 【 Display / hide

  • 2009.04
    -
    2013.03

    Keio University, Faculty of Science and Technology, Department of Information and Computer Science

    University, Graduated

  • 2013.04
    -
    2015.03

    Keio University, Graduate School of Science and Technology

    Graduate School, Completed, Master's course

  • 2015.04
    -
    2016.03

    Keio University, Graduate School of Medicine

    Graduate School, Completed, Master's course

  • 2016.04
    -
    2022.03

    Keio University, Graduate School of Science and Technology

    University, Completed, Doctoral course

Academic Degrees 【 Display / hide

  • Doctor (Engineering), Keio University, Coursework, 2022.03

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

Licenses and Qualifications 【 Display / hide

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2022.08

 

Research Areas 【 Display / hide

  • Informatics / Information network

  • Informatics / Information security

Research Keywords 【 Display / hide

  • Internet, Distributed Systems

  • Cyber Security

 

Papers 【 Display / hide

  • ContMEC: An Architecture of Multi-access Edge Computing for Offloading Container-Based Mobile Applications

    Watanabe H., Yasumori R., Kondo T., Kumakura K., Maesako K., Zhang L., Inagaki Y., Teraoka F.

    IEEE International Conference on Communications (IEEE International Conference on Communications)  2022-May   3647 - 3653 2022

    ISSN  15503607

     View Summary

    This paper proposes an architecture called Cont-MEC for enabling UEs (User Equipments) to offload a part of applications to MEC (Multi-access Edge Computing) servers. It is expected that a MEC infrastructure is composed of a small number of centralized data centers and geographically distributed edge stations, in each of which multiple edge servers are installed. It is also expected that applications on UEs are implemented as container clusters similar to cloud-native applications and they are deployed on computing clusters. ContMEC has the following three features: (i) constructing a computing cluster per edge station for scalability to the number of UEs, (ii) hierarchical resource management for scalability and efficient resource sharing among computing clusters, and (iii) overlapped computing clusters for efficient resource sharing. A PoC (Proof-of Concept) implementation of ContMEC employs Kubernetes as a container orchestration system without modifications although Kubernetes does not take account of the MEC infrastructure. The PoC implementation shows that advantage of offloading is larger than disadvantage of implementing applications as container clusters, control traffic is moderate against the number of UEs, and efficient resource sharing among computing clusters is achieved.

  • LiONv2: An Experimental Network Construction Tool Considering Disaggregation of Network Configuration and Device Configuration

    Nagai Y., Watanabe H., Kondo T., Teraoka F.

    Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021 (Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021)     171 - 175 2021.06

    ISSN  9781665405225

     View Summary

    An experimental network environment plays an important role to examine new systems and protocols. We have developed an experimental network construction tool called LiONv1 (Lightweight On-Demand Networking, ver.1). LiONv1 satisfies the following four requirements: programmer-friendly configuration file based on Infrastructure as Code, multiple virtualization technologies for virtual nodes, physical topology conscious virtual node placement, and L3 protocol agnostic virtual networks. None of existing experimental network environments satisfy all the four requirements. In this paper, we develop LiONv2 which satisfies three more requirements: diversity of available network devices, Internet-scale deployment, and disaggregation of network configuration and device configuration. LiONv2 employs NETCONF and YANG to achieve diversity of available network devices and Internet-scale deployment. LiONv2 also defines two YANG models which disaggregate network configuration and device configuration. LiONv2 is implemented in Go and C languages with public libraries for Go. Measurement results show that construction time of a virtual network is irrelevant to the number of virtual nodes if a single virtual node is created per physical node.

  • Verification of the Effectiveness to Monitor Darknet across Multiple Organizations

    Nishijima K., Kondo T., Hosokawa T., Shigemoto T., Kawaguchi N., Hasegawa H., Honda H., Suzuki Y., Kaji T., Nakamura O.

    Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021 (Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021)     346 - 351 2021

    ISSN  9781665428354

     View Summary

    Researchers and network operators regularly monitor unused Internet address space called the darknet to understand malicious activities on the Internet such as malware infections, DDoS, and scanning to find vulnerable systems. The purpose of this study is to demonstrate the effectiveness of darknet monitoring across multiple organizations by conducting a detailed similarity analysis. In this paper, we analyze darknet data observed in two organizations in different industries and the first octet subnet range. We compared the results of the similarity analysis between intra-organization and inter-organization calculations by dividing the address space into multiple blocks so that one organization conducts similarity analysis in an intra-organization manner. The results show that the similarity of the source hosts is lower in the inter-organization calculation than in the intra-organization calculation. In addition, we monitor more source hosts in inter-organization. Moreover, this work also reports that the results differ depending on the destination ports/protocols. From the results obtained, we clarified the effectiveness of distributing the monitoring points of the darknet across multiple organizations.

  • Management and network orchestration for edge/fog-based distributed data processing

    Watanabe H., Hayashi K., Sato T., Kondo T., Teraoka F.

    Journal of Information Processing (Journal of Information Processing)  29   640 - 648 2021

    ISSN  03875806

     View Summary

    In the age of edge/fog computing, it is important to consider not only computing resources but also network resources when hosting services. Since service is composed of multiple small functions in the microservice architecture, we treat a service as a set of BFs (basic functions) that fulfill a single task. It is required to place BFs at edge/fog nodes considering the computing resources and network requirements within a practical time. This paper proposes a MANO (Management and Network Orchestration) for deploying services composed of multiple BFs with requirements to computing and network resources of distributed nodes. The proposed MANO considers the computing resources of edge/fog/cloud as well as the network delay and the bandwidth between them. This paper proposes an optimal method and a heuristic method for calculating the placement of BFs. The evaluation results show that the placement calculation time for a service composed of four BFs is about 10 seconds with the optimal method and about 20 seconds with the heuristic method. The calculation time is within the practical range.

  • GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN

    Wakui T., Kondo T., Teraoka F.

    Annales des Telecommunications/Annals of Telecommunications (Annales des Telecommunications/Annals of Telecommunications)  77 ( 5-6 ) 437 - 454 2021

    ISSN  00034347

     View Summary

    This paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.

display all >>

 

Courses Taught 【 Display / hide

  • INCIDENT RESPONSE AND FORENSIC

    2022

  • INCIDENT RESPONSE AND FORENSIC

    2021

  • DATA SECURITY

    2021

  • DATA SECURITY

    2020

  • INCIDENT RESPONSE AND FORENSIC

    2020

 

Committee Experiences 【 Display / hide

  • 2018.03
    -
    Present

    Board member, WIDE Project