近藤 賢郎 ( コンドウ タカオ )

Kondo, Takao

写真a

所属(所属キャンパス)

研究所・センター等 グローバルリサーチインスティテュート ( 三田 )

職名

特任准教授(有期)

HP
Scopus 論文情報  
総論文数: 29 総引用数: 55 h-index: 4

Click to view the Scopus page. The data was downloaded from Scopus API inMay 24, 2026, via http://api.elsevier.com and http://www.scopus.com .

このページの先頭へ▲

その他の所属・職名 【 表示 / 非表示

  • 慶應義塾大学 サイバーセキュリティ研究センター, 所員

  • 慶應義塾大学 SFC 研究所, 上席所員

  • 慶應義塾大学 KMD 研究所, リサーチャー

  • 独立行政法人情報処理推進機構 (IPA) 産業サイバーセキュリティセンター, 専門委員

このページの先頭へ▲

経歴 【 表示 / 非表示

  • 2013年04月
    -
    2017年03月

    慶應義塾大学, 大学院理工学研究科, 研究員

  • 2017年04月
    -
    2020年10月

    慶應義塾, インフォメーションテクノロジーセンター本部, 助教

  • 2020年11月
    -
    2023年07月

    慶應義塾, 情報セキュリティインシデント対応チーム, 助教

  • 2023年08月
    -
    2026年03月

    北海道大学, 情報基盤センター, 助教

  • 2023年10月
    -
    2026年03月

    慶應義塾大学, グローバルリサーチインスティチュート, 特任助教

全件表示 >>

このページの先頭へ▲

学歴 【 表示 / 非表示

  • 2009年04月
    -
    2013年03月

    慶應義塾大学, 理工学部, 情報工学科

    大学, 卒業

  • 2013年04月
    -
    2015年03月

    慶應義塾大学, 大学院理工学研究科

    大学院, 修了, 博士前期

  • 2015年04月
    -
    2016年03月

    慶應義塾大学, 大学院医学研究科

    大学院, 修了, 博士前期

  • 2016年04月
    -
    2022年03月

    慶應義塾大学, 大学院理工学研究科

    大学, 修了, 博士

このページの先頭へ▲

学位 【 表示 / 非表示

  • 博士(工学), 慶應義塾大学, 課程, 2022年03月

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

このページの先頭へ▲

免許・資格 【 表示 / 非表示

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2022年08月

このページの先頭へ▲
 

研究分野 【 表示 / 非表示

  • 情報通信 / 情報セキュリティ

  • 情報通信 / 情報ネットワーク

このページの先頭へ▲

研究キーワード 【 表示 / 非表示

  • サイバーセキュリティ

  • インターネット工学

  • 分散システム

このページの先頭へ▲
 

論文 【 表示 / 非表示

  • A Network Management Method Using Network Ontology Bonsai and Network Information Sharing Framework KANVAS

    Mori K., Kuchii K., Kondo T., Teraoka F.

    IEICE Transactions on Communications E109.B ( 2 ) 107 - 126 2026年02月

    ISSN  09168516

     概要を見る

    Generally, a network administrator designs, constructs, and operates an enterprise network. To manage a network correctly, the network administrator needs to understand its configuration. Since inconsistencies between the network design understood by the administrator and the actual network configuration might arise due to mistakes or errors, a method for automatically detecting such inconsistencies is needed. The following five techniques are necessary for this purpose: (i) a machine-readable notation to represent the network configuration, (ii) a tool to write down the network design in the machine-readable notation defined in (i), (iii) a tool to automatically detect the current network configuration and write it down in the machine-readable notation defined in (i), (iv) a tool to compare the two outputs generated in (ii) and (iii), and (v) a network management framework using machine-readable notation to simplify the network administrator’s tasks. This paper employs the network ontology called Bonsai for (i). Bonsai can represent not only a physical network configuration but also a network configuration with various network virtualization technologies such as VLAN (Virtual Local Area Network) and overlay. This paper proposes three tools, nc-design, nc-detect, and nc-diff, for (ii)–(iv) and confirms that they work as expected in a test network. In addition, this paper proposes a network information sharing framework called KANVAS (Knowledge base system in wide Area Networks with general Versatility, Availability, and Scalability) for (v). Evaluation results in a test network with virtualization technologies show that the proposed network management method can localize a network failure in a practical time.

  • GAMPALv2.5: Enhancing Large-scale Scanning Attack Inference in General-purpose Internet Traffic Anomaly Detection Mechanism

    Tachibana K., Kondo T., Minami H.

    2026 International Conference on Computing Networking and Communications Icnc 2026    484 - 490 2026年

     概要を見る

    To detect anomalies in the Internet backbone traffic, Wakui et al. (2025) proposed GAMPALv2 (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data, version 2). It detects anomalies by comparing the predicted flow sizes with the real observation on aggregated flow traffic, using random forest regression models. It has detected YouTube service disruption, some event traffic and DDoS attacks. However, it does not have enough potential to detect a sort of initial attack activities like scanning and spam. In this paper, we extend it as GAMPALv2.5 to detect them, employing three traffic indicators, specifically flow size, packet count, and session count. We also evaluate and compare the performance with GAMPALv2 through a benchmark dataset.

  • GAMPALv2: An Anomaly Detection Mechanism for Internet Traffic by Predicting Flow Size Range from Time Features

    Wakui T., Teraoka F., Kondo T.

    IEICE Transactions on Information and Systems E108.D ( 6 ) 505 - 516 2025年06月

    ISSN  09168532

     概要を見る

    To detect anomalies on an Internet backbone network, we proposed GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces PA (Prefix Aggregate). It adopts an LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) as a model that focuses on the periodicity of Internet traffic patterns at a weekly scale. However, GAMPAL has three issues: (i) computational complexity, (ii) difficulty in defining detection threshold, and (iii) difficulty in detecting when and in which PA anomaly occurred. Therefore, this paper proposes GAMPALv2, which solves these problems for the practical use of GAMPAL. To solve (i), GAMPALv2 reduces the dimension of the input variables from 288 (five-minute slots in a day) to 7 by defining time features. It also adopts the RFR (Random Forest Regressor) as a prediction model. To solve (ii) and (iii), GAMPALv2 defines the predicted range based on the predicted values of the RFR and detects anomalies for each PA by comparing the predicted range with the observed value. As a result, the training and prediction time is reduced from four days using a GPU to 23 minutes using an 8-core CPU. Utilizing semantics such as date, time, and day of the week defined in the time features improves prediction accuracy. The evaluation results show that GAMPALv2 can detect anomalies in the real world, such as connection failure on YouTube, DDoS (Distributed Denial of Service) attacks, and increasing traffic due to an event. In addition, the accuracy evaluation shows that the recall is improved. Although not precisely comparable due to the different calculation methods, the average recall in the previous work is 81.8%, whereas recall improves to 93.1% in GAMPALv2.

  • Using FIDO-based Authentication to Improve the Security of Software Supply Chains

    Luke K., Mayes K., Kondo T., Kai S., Tezuka S.

    Journal of Information Processing 33   708 - 722 2025年

     概要を見る

    Software supply chain security has relied upon layered protective measures, such as fuzzing, code signing, and secure coding, to protect against unintentional vulnerabilities and intentional tampering. Regrettably, attacks, such as Solar Winds and Log4Shell zero-day, demonstrated that current protections are insufficient. As a result, several projects have emerged, aimed at providing rigorous protections, focusing largely on dependency management, code signing, and binary file tracking. A common approach adds developer identity within the code signing ecosystem, establishing a chain of trust between developers and code-signing keys. However, these solutions depend upon external identity providers performing authentication correctly, leaving potential for account hijacking and other identity-based attacks. Mitigation is offered via monitoring and auditing, but relies on other parties to actively monitor for anomalies. In this paper, we propose and evaluate a FIDO-based extension to the Sigstore system, which would embed authentication data into the signing process, providing end-users with added identity assurance, complementing Sigstore’s key-to-identity mapping. By providing attestation information to increase authentication strength, we can potentially issue longer lifetime developer certificates, reducing the overall number, for a more scalable system. We also perform a basic evaluation to demonstrate that our improvements can be implemented feasibly with minimal changes to Sigstore.

  • Detecting Inconsistency between Network Design and Current State Based on Network Ontology Bonsai

    Mori K., Kondo T., Teraoka F.

    Asian Internet Engineering Conference Aintec 2024    76 - 84 2024年08月

     概要を見る

    Generally, a network administrator designs, constructs, and operates an enterprise network. Since inconsistency between the network design understood by the administrator and the actual network configuration might arise due to mistakes or errors, a method for automatically detecting such inconsistency is needed. The following four techniques are necessary for this purpose. (i) A machine-readable notation to represent the network configuration. (ii) A tool to write down the network design using the machine-readable notation. (iii) A tool to automatically detect the current network configuration and write it down in the machine-readable notation. (iv) A tool to compare the two outputs generated in (ii) and (iii). This paper employs the network ontology called Bonsai for (i). Bonsai can represent not only physical configurations but also virtualization technologies such as VLAN and overlay. This paper proposes three tools, nc-design, nc-detect, and nc-diff for (ii)-(iv), and confirms that they work as expected in the test network. This paper also measures their fundamental performance.

全件表示 >>

このページの先頭へ▲

KOARA(リポジトリ)収録論文等 【 表示 / 非表示

このページの先頭へ▲
 

担当授業科目 【 表示 / 非表示

  • インシデントレスポンス・フォレンジック

    2026年度

  • インシデントレスポンス・フォレンジック

    2025年度

  • インシデントレスポンス・フォレンジック

    2024年度

  • インシデントレスポンス・フォレンジック

    2023年度

  • インシデントレスポンス・フォレンジック

    2022年度

全件表示 >>

このページの先頭へ▲
 

委員歴 【 表示 / 非表示

  • 2018年03月
    -
    継続中

    運営協議会委員, WIDEプロジェクト

このページの先頭へ▲