Cybersecurity Research Institute TOP日本語
  1. Cybersecurity Laboratory
  2. Interviews
  3. DAISUKE INOUE

Interviews

An organization that stays one step ahead of attackers. The history and organization of the Cybersecurity Laboratory.

DAISUKE INOUE

Director, Cybersecurity Laboratory, Cybersecurity Research Institute (as of April 2023)
Director General, Cybersecurity Nexus, Cybersecurity Research Institute
Daisuke Inoue received B.E. and M.E. degrees in electrical and computer engineering and a Ph.D. degree in engineering from Yokohama National University in 1998, 2000, and 2003, respectively. He is currently the Director of the Cybersecurity Laboratory, National Institute of Information and Communications Technology (NICT). He has received several awards, including the Commendation for Science and Technology by the Minister of Education, Culture, Sports, Science and Technology (Science and Technology Award) in 2009, the Asia-Pacific Information Security Leadership Achievements (ISLA) in 2014, and an NDSS 2019 Distinguished Paper Award.

Launch of Cybersecurity Laboratory

The turning point was around 2000, when the world began to realize the importance of cybersecurity.

When I joined a university laboratory in 1997, cybersecurity was not yet a field that attracted much attention. At that time, the mainstream of security was cryptography research, and I myself was doing research on information hiding, in which secret information is embedded in dummy information and transported in secret. I think the turning point when cybersecurity began attracting attention was around 2000. There was an incident in which the web pages of a central government ministry were defaced, which was widely reported, and the world began to realize the importance of cybersecurity.

As a result, NICT decided to conduct security research as well, but even then, cybersecurity research at NICT at that time was still quite minor, starting out as a small research group of four or five people. I joined NICT as a trainee in 2000 when I was a student. At that time, we were called the Emergency Communications Group, and we were conducting research on communications necessary in the event of a disaster and on security as part of that research. From there, as understanding and awareness of cybersecurity research gradually increased, the size of the research group expanded, and in 2005, we started research and development on NICTER, a cyberattack observation and analysis system. This was the beginning of the Cybersecurity Laboratory (CSL). In 2011, the Cybersecurity Laboratory (CSL) was established.

CSL’s original development technology and its history

Starting a project that utilizes NICTER and deriving a system

It can be said that the research now being conducted at CSL is derived from NICTER, a large-scale observation network for indiscriminate attacks. NICTER captures cyberattacks on the Internet by observing communications to unused IP addresses, and the more IP addresses we observe, the more attacks we can detect. Therefore, NICTER has become an established observation network through the borrowing of unused IP addresses little by little in cooperation with various organizations. The number of addresses has now increased to about 300,000, making it the largest in Japan. Now that we have done that, we need to look at how we can actually utilize the collected data in Japanese society. Therefore, we have started a project to deploy DAEDALLUS, an anti-cyber-attack alert system that utilizes NICTER, a large-scale darknet observation network, to external organizations.

In the second phase (FY 2016-2020), we turned our attention to increasing not only the amount but also the types of data collected. For example, NICTER targets indiscriminate attacks, but we developed NIRVANA KAI to also observe targeted attacks against specific organizations. NIRVANA KAI is an integrated analysis platform that streamlines security operations by collecting local observations, such as traffic data on an organization’s network and alerts of cyberattacks. Unlike NICTER, WarpDrive targets attacks on the Web that cannot be observed by passive monitoring. Web-based attacks are triggered by a user’s browser access, so the attacks cannot be observed by simply waiting. Therefore, we started a mechanism to distribute sensors that run on users’ browsers to general users to collect information on Web-based attacks, while blocking malicious Web sites when users are about to access them. We have also researched and developed other data collection platforms for a wide variety of cyberattacks in the second phase, such as STARDUST, which stealthily observes attacker behavior in a large dummy network space.

Current initiatives

Future-oriented security research progressing on two fronts

In this fiscal year (2021-2025), looking ahead, we are proceeding with two lines of future-oriented security research: data-driven cybersecurity technology and emerging security technology.

One of the technologies of the former is CURE (Cybersecurity Universal Repository), which has been under development since the middle of the second phase. We are trying to realize a mechanism that collects cybersecurity information obtained from the systems we have developed on a larger scale and on a regular basis and to analyze them automatically. Cyberattacks are not necessarily independent, but behind the scenes, there is some kind of relationship, such as the same attack group or a large attack infrastructure being used for multiple attack activities. We are conducting research and development to find the hidden structures and relationships among these cyberattacks automatically using machine learning and other technologies.

In the latter area, we are working on research and development on security technologies that are compatible with new technologies that will become popular in the future. For example, new networks such as 5G and B5G have functions and features that did not exist in the past, and new security risks are hidden in them. We are conducting research and development on technologies to verify the security of such new networks. I am also working on low-layer security technology that analyzes hardware and boards for unauthorized chips and functions, as well as usable security, a security research field that focuses on human factor.

As a researcher and laboratory director

Creating a laboratory field is one experiment: From the first encounter with computers in elementary school to the transition to management

My interest in the field of cybersecurity was greatly influenced by my experiences in elementary and junior high school. The first computer I encountered in elementary school was a Sharp Pocket Computer, which I could program and run by myself, and I was immersed in programming even as a child. Also, there was the world’s first computer graphics movie “TRON” in 1982, in which human beings go inside a computer and fight within it, and there is a scene in which drinking blue water boosts their energy. I like this kind of computer-based science fiction, and I was fascinated by such a worldview where you can enter the computer world with hacking technology and so on. I think my desire to drink blue water someday was my initial motivation to become a researcher in the field of cybersecurity.

Researchers become professional researchers by starting their own research, writing papers, and eventually being accepted by good international conferences. However, especially in the field of cybersecurity, what one researcher alone can do is very limited. When it comes to creating a large-scale environment and observing data, naturally you need to collaborate with engineers, and you need more than one researcher. In other words, unless we work on a project basis, we cannot develop truly usable technologies. I began to understand this when I started my research and moved on to management, such as organization and system development.

Management at CSL is about gathering notable people and having them coexist, forming sub-teams like amoebas, and creating new things from there. That is how you create a field. I think that creating a field for the laboratory is one kind of experiment, and I enjoy doing it.

Beyond the never-ending battle

To remain an organization that conducts research and development one step ahead of attackers

I think one of the reasons why cybersecurity research used to be a minor field was the difficulty in getting people to properly understand cybersecurity. The peculiarity of this field is that we are dealing with human beings, not physical phenomena. If it is a physical phenomenon, there is the Shannon Limit, which is the limit in the communication capacity. However, when it comes to cybersecurity, we are dealing with human beings, so things are constantly evolving. I have often said since that time that criminal acts will not disappear forever. It is the same in cyberspace.

When will the game end - the answer to this question is that it will never end. However, we can continue to develop methods to detect and defend against criminal acts in cyberspace, as well as technologies to successfully stop people from committing criminal acts. To this end, it is important to create a system to observe all cyberattacks, collect data, and understand the situation, and CSL is playing this role.

Cybersecurity Research InstituteClick here for other organizations
cybersecurity research institute top
Share this page
back to page top