What led him to join NICT
Studied abroad at a Japanese university. Started working at NICT upon entering the doctoral program.
I was originally interested in computers and taught myself programming and other things that were not taught in school before I became a high school student. In high school, I also became interested in security when I started reading news articles about hackers who targeted vulnerabilities in systems to disable services.
After graduating from high school, I entered a computer-related department of a Japanese university as an exchange student. From the time I entered university, I wanted to become a researcher, and this was due to the fact that I had seen my father be a professor at a university in Korea. Although my father’s specialty was Japanese and his field was completely different, I witnessed the process of creating a dictionary and always felt how cool it would be to be a researcher.
The reason I joined NICT was because my academic tutor was a professor specializing in artificial intelligence and had been conducting joint research with NICT for many years under the theme of automatic early detection of indiscriminate attacks in darknet analysis. I was given a wonderful opportunity to work at NICT at the same time I entered the doctoral course, but I had no hesitation in deciding to work at NICT because of the environment in which the staff could fully exercise their discretion, and because I wanted to finish the research project I was working on at the time.
Job details
Research using security data also involves processes that require manual preparation
Currently, I am conducting research mainly using three types of security data. The first is research on automating early detection, prediction, and tracking of indiscriminate attack activities based on darknet traffic data, the second is research on state-of-the-art network intrusion detection systems using the latest machine learning techniques based on live-net traffic data and data from several existing intrusion detection systems, and the third is research on malware to analyze the evolutionary process of malware lineages through high-speed clustering of large-scale malware analysis data.
A time-consuming process in automated analysis using cybersecurity data is understanding the data. It is easy for artificial intelligence to understand security information if there is a correct label for it, but in reality, there is often no correct label. Therefore, it takes a great deal of time to understand the characteristics of the data, which must then be prepared manually. Using darknet analysis as an example, we have no idea if the observed attacks are really attacks, what kind of attacks they are, or who sent these attacks and with what intention. This is the difficult part of learning and evaluation, and we are steadily working with analysts in the security field to evaluate what the purpose of this attack activity is.
Future goals
Aiming to be a socially influential researcher by voraciously challenging difficult international conferences and top journals
As an individual, I aim to become a socially influential researcher with a high number of cited papers and a broad network of contacts. In addition, I would like to work positively on social deployment, information disclosure, and technology transfer of the findings acquired in my research activities. To this end, I believe that it is my responsibility as a researcher to eagerly challenge difficult international conferences and top journals. Furthermore, one of my goals is to conduct synergistic collaborative research with domestic and international researchers. Although there is a wide variety of security data, I am currently handling only the aforementioned three types of data. In the future, I would like to increase the amount of data I can handle and be able to constantly input the latest AI technology into my mind and utilize it.
