Chansu Han, Ph.D.

# Chansu Han, Ph.D. | <img src="https://i.imgur.com/ahiyDkr.jpg" width="200"> | Researcher, NICT, Japan Contact: <img src="https://i.imgur.com/ZelugIL.png" width="150"> <img src="https://scholar.google.com/favicon.ico" width=16> [Google Scholar](https://scholar.google.com/citations?user=ZvvIWZ4AAAAJ&hl=en) <img src="https://c5.rgstatic.net/m/41542880220916/images/favicon/favicon-32x32.png" width=16> [ResearchGate](https://www.researchgate.net/profile/Chansu-Han-2) <img src="https://dblp.org/img/dblp.icon.192x192.png" width=16> [dblp](https://dblp.org/pid/186/6829.html) <img src="https://www.webofscience.com/wos/static/favicon.png" width=16> [Web of Science](https://www.webofscience.com/wos/author/record/K-3263-2019) <img src="https://orcid.org/sites/default/files/images/orcid_16x16.png" width=16> [ORCID: 0000-0002-1728-5300](https://orcid.org/0000-0002-1728-5300) <img src="https://i.imgur.com/WHU1i4e.png" width="16"> [LinkedIn](https://www.linkedin.com/in/chansu-han-aa0857193/) | | -------- | -------- | ## Current Position - **Researcher** Since 2025, I have been appointed as a researcher at the Center for Research on AI Security and Technology Evolution (CREATE), National Institute of Information and Communications Technology (NICT), Japan. I am concurrently affiliated with the [Cybersecurity Laboratory, NICT](https://csl.nict.go.jp/en/), which I originally joined in 2018 after receiving my M.S. degree in informatics from Kyushu University under the supervision of Professor [Jun'ichi Takeuchi](http://www.me.inf.kyushu-u.ac.jp/%7etak/homepage.en.html). - [Cybersecurity Laboratory, National Institute of Information and Communications Technology (NICT), Tokyo, Japan.](https://csl.nict.go.jp/en/people/chansu-han.html) - **Visiting Assistant Professor (Research Advisor)** I have also been appointed as a visiting assistant professor at Kyushu University since April 2023. - [Mathematical Engineering Laboratory, Graduate School and Faculty of Information Science and Electrical Engineering, Kyushu University](http://www.me.inf.kyushu-u.ac.jp/en/member.html) ## Biography Chansu Han received his B.E. degree in computer science, and M.S. and Ph.D. degrees in informatics engineering from Kyushu University in 2016, 2018, and 2021, respectively. Since 2025, he has been a researcher at the Center for Research on AI Security and Technology Evolution (CREATE), National Institute of Information and Communications Technology (NICT), Japan. He is also concurrently affiliated with the Cybersecurity Laboratory, NICT, which he initially joined in 2018. Additionally, he has served as a Visiting Assistant Professor at Kyushu University since 2023. His research interests span cybersecurity and AI security, including large language model (LLM) safety, anomaly detection, and network/malware analysis. ### Research Topics - Security for AI / LLM Safety: - Safety assessment of fine-tuned open-source LLMs - Construction of LLM security benchmarking environments - Development of benchmark datasets for LLM safety evaluation - AI for Security (Network Analysis, Malware Analysis): - Early detection of malware activities and tracking of coordinated scanners - Development of explainable network intrusion detection systems, and alert analysis - Fast clustering of large-scale IoT malware and behavior analysis of variants  --- ## Featured Publications - K. Abduaziz, **C. Han**, and J. Shin, ''Semi-supervised Traceability Analysis of Investigative Scanners of Darknet Traffic,'' *Computers & Security*, 2025. - Y. Chang, H. Chen, **C. Han**, T. Morikawa, T. Takahashi, and T. Lin, ''FINISH: Efficient and Scalable NMF-based Federated Learning for Detecting Malware Activities,'' *IEEE Transactions on Emerging Topics in Computing (TETC)*, Jul 2023. [\[DOI\]](https://doi.org/10.1109/TETC.2023.3292924) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10179267) - A. Tanaka, **C. Han**, and T. Takahashi, ''Detecting Coordinated Internet-Wide Scanning by TCP/IP Header Fingerprint,'' *IEEE ACCESS*, Feb 2023. [\[DOI\]](https://doi.org/10.1109/ACCESS.2023.3249474) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10054012) [\[Related Slides\]](https://drive.google.com/file/d/17RIq3J7ZxuwiQUxk6Hlyl8FGR7_4ZMde/view?usp=sharing) [\[Slides (Japanese)\]](https://drive.google.com/file/d/1sM0jIU7vBlNwvE-8LDP5-9nYEdorddck/view?usp=sharing) - T. He, **C. Han**, R. Isawa, T. Takahashi, S. Kijima, and J. Takeuchi, ''Scalable and Fast Algorithm for Constructing Phylogenetic Trees with Application to IoT Malware Clustering,'' *IEEE ACCESS*, Jan 2023. [\[DOI\]](https://doi.org/10.1109/ACCESS.2023.3238711) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10024280) [\[Related Slides (Japanese)\]](https://drive.google.com/file/d/1pgPkml6uFMmQG3IdFpt0INAr_9kBubm2/view?usp=sharing) - **C. Han**, J. Takeuchi, T. Takahashi, and D. Inoue, ''*Dark-TRACER*: Early Detection Framework for Malware Activity Based on Anomalous Spatiotemporal Patterns,'' *IEEE ACCESS*, Jan 2022. [\[DOI\]](https://doi.org/10.1109/ACCESS.2022.3145966) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9690867) [\[Related Slides\]](https://drive.google.com/file/d/1IlOar4ARu-olK4k-b5g6WWC4Id2abfnB/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) [\[Codes\]](https://github.com/Gotchance/Dark-TRACER) - R. Kawasoe, **C. Han**, R. Isawa, T. Takahashi, and J. Takeuchi, ''Investigating Behavioral Differences between IoT Malware via Function Call Sequence Graphs,'' *Proceedings of the 36th ACM/SIGAPP Symposium on Applied Computing (SAC)*, Mar 2021. (Acceptance rate: 24.9%) [\[DOI\]](https://doi.org/10.1145/3412841.3442041) [\[PDF\]](https://dl.acm.org/doi/pdf/10.1145/3412841.3442041) [\[Slides\]](https://drive.google.com/file/d/1eesRVIp0WTFu3iEcfAkdzEXRkx3WeRAm/view?usp=sharing) ## Awards/Honors - 情報処理学会 CSEC優秀研究賞 (第104回CSEC研究会) (CSEC Best Research Award, IPSJ), 2024 (共著) - 情報処理学会コンピュータセキュリティシンポジウム2021 CSS学生論文賞 (CSS Best Student Paper Award), 2021 (共著) --- ## Publications ### Refereed Journal Papers  1. K. Abduaziz, **C. Han**, and J. Shin, ''Semi-supervised Traceability Analysis of Investigative Scanners of Darknet Traffic,'' *Computers & Security*, 2025. 2. K. Miyamoto, M. Iida, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach,'' *IEEE ACCESS*, Nov 2023. [\[DOI\]](https://doi.org/10.1109/ACCESS.2023.3335600) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10325518) 4. Y. Chang, H. Chen, **C. Han**, T. Morikawa, T. Takahashi, and T. Lin, ''FINISH: Efficient and Scalable NMF-based Federated Learning for Detecting Malware Activities,'' *IEEE Transactions on Emerging Topics in Computing (TETC)*, Jul 2023. [\[DOI\]](https://doi.org/10.1109/TETC.2023.3292924) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10179267) 5. A. Tanaka, **C. Han**, and T. Takahashi, ''Detecting Coordinated Internet-Wide Scanning by TCP/IP Header Fingerprint,'' *IEEE ACCESS*, Feb 2023. [\[DOI\]](https://doi.org/10.1109/ACCESS.2023.3249474) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10054012) [\[Slides\]](https://drive.google.com/file/d/17RIq3J7ZxuwiQUxk6Hlyl8FGR7_4ZMde/view?usp=sharing) [\[Related Slides (Japanese)\]](https://drive.google.com/file/d/1sM0jIU7vBlNwvE-8LDP5-9nYEdorddck/view?usp=sharing) 6. T. He, **C. Han**, R. Isawa, T. Takahashi, S. Kijima, and J. Takeuchi, ''Scalable and Fast Algorithm for Constructing Phylogenetic Trees with Application to IoT Malware Clustering,'' *IEEE ACCESS*, Jan 2023. [\[DOI\]](https://doi.org/10.1109/ACCESS.2023.3238711) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10024280) [\[Related Slides (Japanese)\]](https://drive.google.com/file/d/1pgPkml6uFMmQG3IdFpt0INAr_9kBubm2/view?usp=sharing) 7. R. Ishibashi, K. Miyamoto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Generating Labeled Training Datasets Towards Unified Network Intrusion Detection Systems,'' *IEEE ACCESS*, May 2022. [\[DOI\]](https://doi.org/10.1109/ACCESS.2022.3176098) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9777676) [\[Related Slides (@AsiaJCIS'21)\]](https://drive.google.com/file/d/1WSmsCvpRJ2spJIaBS2sIWdYf6bAt5_wp/view?usp=sharing) [\[Codes & Datasets\]](https://github.com/suuri-kyudai/Generating-Dataset-for-NIDS) 8. **C. Han**, J. Takeuchi, T. Takahashi, and D. Inoue, ''*Dark-TRACER*: Early Detection Framework for Malware Activity Based on Anomalous Spatiotemporal Patterns,'' *IEEE ACCESS*, Jan 2022. [\[DOI\]](https://doi.org/10.1109/ACCESS.2022.3145966) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9690867) [\[Related Slides\]](https://drive.google.com/file/d/1IlOar4ARu-olK4k-b5g6WWC4Id2abfnB/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) [\[Codes\]](https://github.com/Gotchance/Dark-TRACER) 9. B. Sun, T. Ban, **C. Han**, T. Takahashi, K. Yoshioka, J. Takeuchi, A. Sarrafzadeh, M. Qiu, and D. Inoue, ''Leveraging Machine Learning Technique to Identify Deceptive Decoy Documents Associated with Targeted Email Attacks,'' *IEEE ACCESS*, May 2021. [\[DOI\]](https://doi.org/10.1109/ACCESS.2021.3082000) [\[PDF\]](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9435284) 10. **C. Han**, J. Shimamura, T. Takahashi, D. Inoue, J. Takeuchi, and K. Nakao, ''Real-time Detection of Global Cyberthreat Based on Darknet by Estimating Anomalous Synchronization Using Graphical Lasso,'' *IEICE Transactions on Information and Systems, Vol.E103-D, No.10*, pp.2113-2124, Oct 2020. [\[DOI\]](https://doi.org/10.1587/transinf.2020EDP7076) [\[PDF\]](https://www.jstage.jst.go.jp/article/transinf/E103.D/10/E103.D_2020EDP7076/_pdf) [\[Related Slides\]](https://drive.google.com/file/d/1dIJjqipH49RewPDGlMT3LL-xODIclPqc/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) ### Refereed Conference Papers  1. Y. Lee, **C. Han**, M. Peng, and T. Takahashi, ''A Framework for Mapping Snort Rules to MITRE ATT&CK Techniques with Large Language Models,'' *IEEE Conference on Dependable and Secure Computing (DSC)*, Oct 2025. 1. S. Kawanaka, K. Miyamoto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Towards Explainable Machine Learning NIDS Reflecting Cyber-Attack Characteristics,'' *Workshop on Recent Advances in Resilient and Trustworthy MAchine learning-driveN systems (ARTMAN)*, Oct 2025. 2. K. Ma, **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Towards Architecture-Independent Function Call Analysis for IoT Malware,'' *Information Security Conference (ISC)*, Oct 2025. **(Tier 3)** 3. K. Miyamoto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Intrusion Detection Simplified: A Feature-free Approach to Traffic Classification Using Transformers,'' *Workshop on Recent Advances in Resilient and Trustworthy MAchine learning-driveN systems (ARTMAN)*, Dec 2024. [\[DOI\]](https://doi.org/10.1109/ACSACW65225.2024.00011) [\[PDF\]](https://www.researchgate.net/publication/389970359_Intrusion_Detection_Simplified_A_Feature-free_Approach_to_Traffic_Classification_Using_Transformers) [\[Slides\]](https://drive.google.com/file/d/12UUJAAm3IaptqfdMFzANn0mBJNbbzuXp/view?usp=sharing) 6. **C. Han**, A. Tanaka, T. Takahashi, S. Dadkhah, A. Ghorbani, and T. Lin, ''Traceability Measurement Analysis of Sustained Internet-Wide Scanners via Darknet,'' *IEEE Conference on Dependable and Secure Computing (DSC)*, Nov 2024. [\[DOI\]](https://doi.org/10.1109/DSC63325.2024.00015) [\[PDF\]](https://www.researchgate.net/publication/386267696_Traceability_Measurement_Analysis_of_Sustained_Internet-Wide_Scanners_via_Darknet) [\[Slides\]](https://drive.google.com/file/d/1WUWhQFSaON_GG-3VMm1H59b-wWucyDz1/view?usp=sharing) 7. K. Nikawa, **C. Han**, A. Tanaka, K. Iwamoto, T. Takahashi, and J. Takeuchi, ''Poster: Analyzing the Impact of User Code and Library Functions for Improving IoT Malware Clustering,'' *IEEE Conference on Dependable and Secure Computing (DSC)*, Nov 2024. [\[Poster\]](https://drive.google.com/file/d/18A6LgyDNLd29NpQJ9K3anLnjsWZJlRh-/view?usp=sharing) 8. S. Kawanaka, K. Miyamoto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Poster: From Packets to Explanation: Enhancing NIDS with XAI and Cyber-Attack Analysis,'' *IEEE Conference on Dependable and Secure Computing (DSC)*, Nov 2024. [\[Poster\]](https://drive.google.com/file/d/1FHDhxnDv8iU5uSBD0VTIsZ6xLe6Rw6Z5/view?usp=sharing) 9. S. Kawanaka, Y. Kashiwabara, K. Miyamoto, M. Iida, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Packet-Level Intrusion Detection Using LSTM Focusing on Personal Information and Payloads,'' *Asia Joint Conference on Information Security (AsiaJCIS)*, Aug 2023. [\[DOI\]](https://doi.org/10.1109/AsiaJCIS60284.2023.00024) [\[PDF\]](https://www.researchgate.net/publication/376978134_Packet-Level_Intrusion_Detection_Using_LSTM_Focusing_on_Personal_Information_and_Payloads) [\[Slides\]](https://drive.google.com/file/d/1FaZuALLXTlxgpgg7WGFqOvi-zcSLzsqH/view?usp=sharing) 10. K. Oshio, S. Takada, T. He, **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Towards Functional Analysis of IoT Malware Using Function Call Sequence Graphs and Clustering,'' *IEEE Annual Computers, Software, and Applications Conference (COMPSAC)*, Jun 2023. [\[DOI\]](https://doi.org/10.1109/COMPSAC57700.2023.00239) [\[PDF\]](https://www.researchgate.net/publication/372864827_Towards_Functional_Analysis_of_IoT_Malware_Using_Function_Call_Sequence_Graphs_and_Clustering) [\[Slides\]](https://drive.google.com/file/d/1PPvqpM4K3Nkc6a9phedLOrDDbfVmXOZ1/view?usp=sharing) 11. T. He, **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Work in Progress: New Seed Set Selection Method of the Scalable Method for Constructing Phylogenetic Trees,'' *ACM International Conference on Computing Frontiers (CF)*, May 2023. [\[DOI\]](https://doi.org/10.1145/3587135.3592820) [\[PDF\]](https://www.researchgate.net/publication/372930489_Work_in_Progress_New_Seed_Set_Selection_Method_of_the_Scalable_Method_for_Constructing_Phylogenetic_Trees) [\[Slides\]](https://drive.google.com/file/d/1urhhi1yJp_02dPAa_-uPCLtwoSmJGZOy/view?usp=sharing) 12. M. Iida, K. Miyamoto, S. Kawanaka, Y. Takeishi, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Multimodal Feature Integration for High-Accuracy Network Intrusion Detection,'' *International Conference on Computer Applications and Information Security (ICCAIS)*, Mar 2023. [\[Slides\]](https://drive.google.com/file/d/1Q1qWoZjeAneXLTJomlhnYw-Wam6RRNzf/view?usp=sharing) 13. **C. Han**, A. Tanaka, J. Takeuchi, T. Takahashi, T. Morikawa, and T. Lin, ''Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis,'' *International Conference on Information Systems Security and Privacy (ICISSP)*, Feb 2023. [\[DOI\]](https://doi.org/10.5220/0011769300003405) [\[PDF\]](https://www.researchgate.net/publication/369018254_Towards_Long-Term_Continuous_Tracing_of_Internet-Wide_Scanning_Campaigns_Based_on_Darknet_Analysis) [\[Poster\]](https://drive.google.com/file/d/1ai1mrLnSdTMXcB16utr4SJAVR4njhGHZ/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) <details> <summary> Before 2023 (Refereed Conference Papers) </summary> <div> 13. **C. Han**, A. Tanaka, and T. Takahashi, ''Darknet Analysis-Based Early Detection Framework for Malware Activity: Issue and Potential Extension,'' *IEEE International Conference on Big Data*, Dec 2022. [\[DOI\]](https://doi.org/10.1109/BigData55660.2022.10021021) [\[PDF\]](https://www.researchgate.net/publication/367467291_Darknet_Analysis-Based_Early_Detection_Framework_for_Malware_Activity_Issue_and_Potential_Extension) [\[Slides\]](https://drive.google.com/file/d/1ORDkdILvprY8D2wCTP49_lfTWglJh5SJ/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 7. K. Oshio, S. Takada, **C. Han**, A. Tanaka, and J. Takeuchi, ''Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique,'' *IEEE Symposium on Computers and Communications (ISCC)*, Jun 2022. [\[DOI\]](https://doi.org/10.1109/ISCC55528.2022.9912475) [\[PDF\]](https://www.researchgate.net/publication/365112136_Poster_Flexible_Function_Estimation_of_IoT_Malware_Using_Graph_Embedding_Technique) [\[Poster\]](https://drive.google.com/file/d/1VXEkAuXN9_SCL5mKY16S2oT_xb80e-D8/view?usp=sharing) 8. K. Miyamoto, H. Goto, R. Ishibashi, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Malicious Packet Classification Based on Neural Network Using Kitsune Features,'' *Proceedings of the 2nd International Conference on Intelligent Systems and Pattern Recognition*, Springer, Jun 2022. [\[DOI\]](https://doi.org/10.1007/978-3-031-08277-1_25) [\[PDF\]](https://www.researchgate.net/publication/361364873_Malicious_Packet_Classification_Based_on_Neural_Network_Using_Kitsune_Features) [\[Slides\]](https://drive.google.com/file/d/1ZU98xh9WhpJLksvVZJtiMt_Zg4vVuO7-/view?usp=sharing) 9. A. Tanaka, **C. Han**, T. Takahashi, and K. Fujisawa, ''Internet-Wide Scanner Fingerprint Identifier Based on TCP/IP Header,'' *The 6th International Conference on Fog and Mobile Edge Computing (FMEC)*, IEEE, 2021. [\[DOI\]](https://doi.org/10.1109/FMEC54266.2021.9732414) [\[PDF\]](https://www.researchgate.net/publication/359273162_Internet-Wide_Scanner_Fingerprint_Identifier_Based_on_TCPIP_Header) [\[Slides\]](https://drive.google.com/file/d/1GJ1Fsosu54WIzxX0nJY1oKQTV2n_xeev/view?usp=sharing) 2. T. He, **C. Han**, T. Takahashi, S. Kijima, and J. Takeuchi, ''Scalable and Fast Hierarchical Clustering of IoT Malware Using Active Data Selection,'' *The 6th International Conference on Fog and Mobile Edge Computing (FMEC)*, IEEE, 2021. [\[DOI\]](https://doi.org/10.1109/FMEC54266.2021.9732550) [\[PDF\]](https://www.researchgate.net/publication/359273244_Scalable_and_Fast_Hierarchical_Clustering_of_IoT_Malware_Using_Active_Data_Selection) [\[Slides\]](https://drive.google.com/file/d/19-ntZMuONwAQN_sj85MVArDsJhObrxAu/view?usp=sharing) 7. **C. Han**, J. Takeuchi, T. Takahashi, and D. Inoue, ''Automated Detection of Malware Activities Using Nonnegative Matrix Factorization,'' *IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)*, Oct 2021. [\[DOI\]](https://doi.org/10.1109/TrustCom53373.2021.00085) [\[PDF\]](https://www.researchgate.net/publication/359121104_Automated_Detection_of_Malware_Activities_Using_Nonnegative_Matrix_Factorization) [\[Slides\]](https://drive.google.com/file/d/1UvKEEXsir7X_Vx7puhVCI8V9hpsvxS0O/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 8. R. Ishibashi, H. Goto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Which Packet Did They Catch? Associating NIDS Alerts with Their Communication Sessions,'' *Asia Joint Conference on Information Security (AsiaJCIS)*, 2021. [\[DOI\]](https://doi.org/10.1109/AsiaJCIS53848.2021.00012) [\[PDF\]](https://www.researchgate.net/publication/354887287_Which_Packet_Did_They_Catch_Associating_NIDS_Alerts_with_Their_Communication_Sessions) [\[Slides\]](https://drive.google.com/file/d/1WSmsCvpRJ2spJIaBS2sIWdYf6bAt5_wp/view?usp=sharing) 9. K. Masumi, **C. Han**, T. Ban, and T. Takahashi, ''Poster: Towards Efficient Labeling of Network Incident Datasets Using Tcpreplay and Snort,'' *ACM Conference on Data and Application Security and Privacy (CODASPY)*, 2021. [\[DOI (include video)\]](https://doi.org/10.1145/3422337.3450326) [\[PDF\]](https://www.researchgate.net/publication/351102418_Towards_Efficient_Labeling_of_Network_Incident_Datasets_Using_Tcpreplay_and_Snort) [\[Poster\]](https://drive.google.com/file/d/1dZnXrom8q0XXsHM9bqVuRiJgrWWhIy_r/view?usp=sharing) 10. T. Takahashi, Y. Umemura, **C. Han**, T. Ban, K. Furumoto, O. Nakamura, K. Yoshioka, J. Takeuchi, N. Murata, and Y. Shiraishi, ''Designing Comprehensive Cyber Threat Analysis Platform: Can We Orchestrate Analysis Engines?,'' *IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)*, pp.376-379, 2021. [\[DOI\]](https://doi.org/10.1109/PerComWorkshops51409.2021.9431125) [\[PDF\]](https://www.researchgate.net/publication/351829861_Designing_Comprehensive_Cyber_Threat_Analysis_Platform_Can_We_Orchestrate_Analysis_Engines) [\[Slides\]](https://drive.google.com/file/d/1I2loykY-R08cr3ePeAGHWzP5rPPLNBQU/view?usp=sharing) 11. R. Kawasoe, **C. Han**, R. Isawa, T. Takahashi, and J. Takeuchi, ''Investigating Behavioral Differences between IoT Malware via Function Call Sequence Graphs,'' *Proceedings of the 36th ACM/SIGAPP Symposium on Applied Computing (SAC)*, 2021. (Acceptance rate: 24.9%) [\[DOI\]](https://doi.org/10.1145/3412841.3442041) [\[PDF\]](https://dl.acm.org/doi/pdf/10.1145/3412841.3442041) [\[Slides\]](https://drive.google.com/file/d/1eesRVIp0WTFu3iEcfAkdzEXRkx3WeRAm/view?usp=sharing) 1. T. He, **C. Han**, R. Isawa, T. Takahashi, S. Kijima, J. Takeuchi, and K. Nakao, ''A Fast Algorithm for Constructing Phylogenetic Trees with Application to IoT Malware Clustering,'' *Neural Information Processing - 26rd International Conference (ICONIP)*, 2019. (Acceptance rate: 27.4%) [\[DOI\]](https://doi.org/10.1007/978-3-030-36708-4_63) [\[PDF\]](https://www.researchgate.net/publication/337922580_A_Fast_Algorithm_for_Constructing_Phylogenetic_Trees_with_Application_to_IoT_Malware_Clustering) [\[Slides\]](https://drive.google.com/file/d/1gITKqvXhNPeqG8sPya09vwsd4hRGK4zz/view?usp=sharing) 2. **C. Han**, J. Shimamura, T. Takahashi, D. Inoue, M. Kawakita, J. Takeuchi, and K. Nakao, ''Real-Time Detection of Malware Activities by Analyzing Darknet Traffic Using Graphical Lasso,'' *IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom): Security Track*, 2019. (Acceptance rate 28.67%=82/286) [\[DOI\]](https://doi.org/10.1109/TrustCom/BigDataSE.2019.00028) [\[PDF\]](https://www.researchgate.net/publication/336946818_Real-Time_Detection_of_Malware_Activities_by_Analyzing_Darknet_Traffic_Using_Graphical_Lasso) [\[Slides\]](https://drive.google.com/file/d/1dIJjqipH49RewPDGlMT3LL-xODIclPqc/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 3. **C. Han**, K. Kono, M. Kawakita, and J. Takeuchi, ''Botnet Detection Using Graphical Lasso with Graph Density,'' *Neural Information Processing - 23rd International Conference (ICONIP), vol.9947*, pp.537-545, 2016. [\[DOI\]](https://doi.org/10.1007/978-3-319-46687-3_59) [\[PDF\]](https://www.researchgate.net/publication/309176434_Botnet_Detection_Using_Graphical_Lasso_with_Graph_Density) [\[Slides\]](https://drive.google.com/file/d/1QbywuJC7g0pKLfpLqaSbuQqQSXPYW40M/view?usp=sharing) </div> </details> --- ### Non-refereed Domestic Conference Papers (Japan) 1. K. Ma, **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Removing obstacles to function call analysis in IoT malware,'' *Symposium on Cryptography and Information Security (SCIS2025)*, Jan 2025. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1i_rbRpaJP2xOZfzmEwwv9-3ui_OK-wmY/view?usp=sharing) 2. S. Kawanaka, K. Miyamoto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Investigating the Factors Influencing Cyber-Attack Detection in NIDS Using Explainable AI,'' *Symposium on Cryptography and Information Security (SCIS2025)*, Jan 2025. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1DzhHm1P3drSL59LMFM9CWAXgqRj--_00/view?usp=sharing) 3. K. Ma, **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Study of Graphing Methods for Functional Analysis of IoT Malware Using Function Call Sequence Graphs,'' *Computer Security Symposium (CSS2024)*, Oct 2024. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1Qr1ONg_9mDc82YWU53S20DMaYv_d5tBZ/view?usp=sharing) 4. K. Nikawa, **C. Han**, A. Tanaka, K. Iwamoto, T. Takahashi, and J. Takeuchi, ''Improvement of Distance Definition for In-Depth Functional Analysis in Phylogenetic Clustering of IoT Malware,'' *Computer Security Symposium (CSS2024)*, Oct 2024. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1O2RTE2Qg2ZIBiEyvRolfheBJ9g3msdqC/view?usp=sharing) 5. S. Akabane, **C. Han**, K. Iwamoto, R. Isawa, T. Takahashi, and D. Inoue, ''Identification of User-Defined Functions Based on Function Call Transition,'' *104th CSEC*, Mar 2024. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1sgZUehT_uujIwOrAPoyVrs_G3RF-l_sK/view?usp=sharing) 6. **C. Han**, A. Tanaka, and T. Takahashi, ''Study on Cluster Traceability of Internet-Wide Scanners,'' *Computer Security Symposium (CSS2023)*, Oct 2023. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1B7vr-Nw5HLVZ0GeJBvtO0KZnPYFmZsEE/view?usp=sharing) 7. K. Miyamoto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''An early and successive traffic classification based on packet-level features and prediction,'' *Computer Security Symposium (CSS2023)*, Oct 2023. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1d_dwSs4EKPKMGn68AY2AjMqn8iFU6HZu/view?usp=sharing) 8. M. Iida, K. Miyamoto, Y. Takeishi, S. Kawanaka, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Multimodal Feature Integration Toward High-Accuracy Network Intrusion Detection,'' *IEICE Tech. Rep., vol.122, no.422, ICSS2022-55*, pp.43-48, Mar 2023. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1XsXcgWFvKR2LK1KzLaVRJlT1VYVJJHuL/view?usp=sharing) 9. Y. Kashiwabara, K. Miyamoto, M. Iida, S. Kawanaka, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Consideration of a Packet Level Anomaly Communication Classification Model Using Word Embedding and LSTM,'' *IEICE Tech. Rep., vol.122, no.422, ICSS2022-53*, pp.31-36, Mar 2023. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1J9Agdh2n1aKLUpBZCqx9yDLoRabh6df1/view?usp=sharing) <details> <summary> Before 2023 (Non-refereed Domestic Conference Papers) </summary> <div> 10. **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Tracing Methodology for Scanning Campaigns Based on Darknet Analysis,'' *IEICE Tech. Rep., vol.122, no.244, ICSS2022-43*, pp.31-36, Nov 2022. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1wB1Jh2Ft_sVIpevXUg8ROOSnQz89FKDJ/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 7. **C. Han**, A. Tanaka, and T. Takahashi, ''Study on Validation and Future Extension of Early Detection Framework for Malware Activities Based on Darknet Analysis,'' *Computer Security Symposium (CSS2022)*, Oct 2022. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1NExxRpbl0kvS2hMtldCZikUX0PzLSP0G/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 8. A. Tanaka, **C. Han**, and T. Takahashi, ''Destination Port Set Analysis via Internet-Wide Scanner Fingerprint,'' *Computer Security Symposium (CSS2022)*, Oct 2022. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1CfIvloo8aJYCiehmD0X5MWSPcS7wnO_L/view?usp=sharing) 9. T. He, **C. Han**, A. Tanaka, T. Takahashi, and J. Takeuchi, ''Implement and evaluation of the online processing algorithm for scalable malware clustering based on the phylogenetic tree,'' *Computer Security Symposium (CSS2022)*, Oct 2022. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/14KCrd5KMQc4vDWNBOL2KC2rvhgvZqH5u/view?usp=sharing) 10. K. Miyamoto, Y. Takeishi, M. Iida, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Network Traffic Classification: Go from Packet Level to Session Level,'' *Computer Security Symposium (CSS2022)*, Oct 2022. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1iDFSbpYqtPcP_FPrNThEI7EcerelYMTi/view?usp=sharing) 11. S. Takada, T. He, **C. Han**, A. Tanaka, and J. Takeuchi, ''Behavior Analysis of IoT Malware Using Function Call Sequence Graphs and Clustering,'' *IEICE Tech. Rep., vol.121, no.410, ICSS2021-77*, pp.111-116, Mar 2022. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1m-XomDwPPvQYcD9Ag4-KFz7C0fGABXm-/view?usp=sharing) 9. **C. Han**, J. Takeuchi, T. Takahashi, and D. Inoue, ''Study on the Early Detection Framework for Malware Activity Based on Anomalous Synchronization Estimation,'' *Computer Security Symposium (CSS2021)*, Oct 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/13yc8xgMuI1mjBJRXKnC6GxDxI33aIdOV/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 7. A. Tanaka, **C. Han**, T. Takahashi, and K. Fujisawa, ''Proposing a Genetic Algorithm Approach for Unveiling Fingerprint of Internet-Wide Scanner,'' *Computer Security Symposium (CSS2021)*, Oct 2021. **\<CSS Best Student Paper Award\>** [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1CXBqSGTiO8OX9GWZh5SMCOIUI0Y3xgU2/view?usp=sharing) 8. T. He, **C.Han**, T. Takahashi, S. Kijima, and J. Takeuchi, ''Malware Hierarchical Clustering Applying Active Learning,'' *Computer Security Symposium (CSS2021)*, Oct 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1oIoNFbd_FS-ghi12RHe99hgDRXx9F_XU/view?usp=sharing) 9. S. Takada, R. Kawasoe, T. He, **C. Han**, A. Tanaka, and J. Takeuchi, ''Study on Improvement of Function Estimation Method of IoT Malware Using Graph Embedding,'' *Computer Security Symposium (CSS2021)*, Oct 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/167LTZOfNkfoMNeotsY3K697jYBQpBJdq/view?usp=sharing) 10. K. Miyamoto, H. Goto, R. Ishibashi, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Malicious Packet Classification Using Kitsune Features,'' *Computer Security Symposium (CSS2021)*, Oct 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1TQx3Adr1GMZMYDk1ZYo8gCXdEVIFk-_x/view?usp=sharing) 11. T. He, **C. Han**, R. Isawa, T. Takahashi, S. Kijima, and J. Takeuchi, ''An Evaluation of Scalable Clustering in Fast Construction Algorithm of Phylogenetic Tree,'' *IEICE Tech. Rep., vol.120, no.384, ICSS2020-38*, pp.72-77, Mar 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1LeW2lXccer54Im5FQykTu75CT_iN2tj4/view?usp=sharing) 12. R. Kawasoe, **C. Han**, R. Isawa, T. Takahashi, and J. Takeuchi, ''Improvement of Functional Difference Investigation Method and Analyzing for Clusters of IoT Malware,'' *IEICE Tech. Rep., vol.120, no.384, ICSS2020-39*, pp.78-83, Mar 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1cVK5f-suLwQ_gDW9rw3oPwgMjMMyXGVD/view?usp=sharing) 13. R. Ishibashi, H. Goto, **C. Han**, T. Ban, T. Takahashi, and J. Takeuchi, ''Developing and Characterizing a New Approach to Extracting Communication Sessions Associated with NIDS Alerts,'' *IEICE Tech. Rep., vol.120, no.384, ICSS2020-26*, pp.1-6, Mar 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1wOrsGtVpIIhyfNYQn1-MzTFfGbPXafmA/view?usp=sharing) 14. **C. Han**, J. Takeuchi, T. Takahashi, and D. Inoue, ''Evaluation of Malware Activity Detection Method Using Nonnegative Matrix Factorization,'' *Symposium on Cryptography and Information Security (SCIS2021)*, Jan 2021. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1XszA9pQDcO-FgvN-KFeRO2uU8oLfNX8C/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 1. R. Kawasoe, **C. Han**, R. Isawa, T. Takahashi, and J. Takeuchi, ''A Feasibility Study on Investigating Functional Differences between IoT Malware,'' *Computer Security Symposium (CSS2020)*, Oct 2020. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1DIFyjaLyzT2dbKcX1pBIttQHclu26aBj/view?usp=sharing) 1. R. Kawasoe, **C. Han**, R. Isawa, T. Takahashi, and J. Takeuchi, ''A Study on Function Estimation of IoT Malware Focusing on Function Call Sequence,'' *Symposium on Cryptography and Information Security (SCIS2020)*, Jan 2020. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1hIucksOE7IyocdLz5k7KoTW2pus5JVd3/view?usp=sharing) 1. T. He, **C. Han**, R. Isawa, T. Takahashi, S. Kijima, J. Takeuchi, and K. Nakao, ''A Fast Algorithm for Constructing Phylogenetic Trees and Its Evaluation,'' *IEICE Tech. Rep., vol.119, no.288, ICSS2019-61*, pp.7-12, Nov 2019. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1VZy3EcXSG_Q-jlkikofLuAn-_BdI7LcU/view?usp=sharing) 1. Y. Nakagawa, **C. Han**, J. Shimamura, T. Takahashi, A. Fujita, K. Yoshioka, and D. Inoue, ''An Investigation of Constant Internet-Wide Scanning through Analysis of Darknet Traffic,'' *Computer Security Symposium (CSS2019)*, Oct 2019. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1gcIzE0_Isg0pOiihvU-Dfx0R2v2dEsPK/view?usp=sharing) 1. **C. Han**, J. Shimamura, T. Takahashi, D. Inoue, J. Takeuchi, and K. Nakao, ''Evaluation of Cyber Attack Detection Method based on Darknet Traffic Analysis,'' *Symposium on Cryptography and Information Security (SCIS2019)*, Jan 2019. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1snxK6ZKIKzCPa6_OtI0-TU4kFDS3CEuU/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 1. **C. Han**, J. Shimamura, T. Takahashi, D. Inoue, M. Kawakita, J. Takeuchi, and K. Nakao, ''A Study on Malware Activity Detection Based on Real-time Analysis of Darknet Data Using Graphical Lasso,'' *IEICE Tech. Rep., vol.117, no.481, ICSS2017-51*, pp.1-6, Mar 2018. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1Skr58QPau27t5mFn_wJTFaFgyQW5iUPP/view?usp=sharing) 1. **C. Han**, S. Matsumoto, J. Kawamoto, and K. Sakurai, ''Classified by the API call record and personal information leakage detection of Android malware,'' *Hinokuni - Land of Fire Information Processing Symposium, 3A-4*, 2016. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1MFJlulvPfX_7fJc5s9IUMje8uLA5z0qJ/view?usp=sharing) <div> </details> <details> <summary> In Japanese (Non-refereed Domestic Conference Papers) </summary> <div> 1. 馬権聖, **韓燦洙**, 田中智, 高橋健志, 竹内純一, ''IoTマルウェアにおける関数呼び出し分析の阻害要因の除去,'' *暗号と情報セキュリティシンポジウム (SCIS2025)*, 2025年1月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1i_rbRpaJP2xOZfzmEwwv9-3ui_OK-wmY/view?usp=sharing) 1. 川中翔太, 宮本耕平, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''説明可能AIを用いたNIDSにおけるサイバー攻撃検出要因の調査,'' *暗号と情報セキュリティシンポジウム (SCIS2025)*, 2025年1月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1DzhHm1P3drSL59LMFM9CWAXgqRj--_00/view?usp=sharing) 1. 馬権聖, **韓燦洙**, 田中智, 高橋健志, 竹内純一, ''関数呼び出し時系列グラフを用いたIoTマルウェアの機能分析のためのグラフ作成手法の検討,'' *コンピュータセキュリティシンポジウム2024 (CSS2024)*, 2024年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1Qr1ONg_9mDc82YWU53S20DMaYv_d5tBZ/view?usp=sharing) 1. 二川功佑, **韓燦洙**, 田中智, 岩本一樹, 高橋健志, 竹内純一, ''IoTマルウェアの系統樹クラスタリングにおける機能面に踏み込んだ解析のための距離定義の改良,'' *コンピュータセキュリティシンポジウム2024 (CSS2024)*, 2024年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1O2RTE2Qg2ZIBiEyvRolfheBJ9g3msdqC/view?usp=sharing) 1. 赤羽秀, **韓燦洙**, 岩本一樹, 伊沢亮一, 高橋健志, 井上大介, ''関数呼び出しの推移に基づいたユーザ定義関数の特定,'' *第104回コンピュータセキュリティ研究会 (CSEC)*, 2024年3月 **\<CSEC優秀研究賞\>** [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1sgZUehT_uujIwOrAPoyVrs_G3RF-l_sK/view?usp=sharing) 1. **韓燦洙**, 田中智, 高橋健志, ''インターネットスキャナのクラスタ追跡可能性評価,'' *コンピュータセキュリティシンポジウム2023 (CSS2023)*, 2023年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1B7vr-Nw5HLVZ0GeJBvtO0KZnPYFmZsEE/view?usp=sharing) 1. 宮本耕平, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''パケット単位の特徴量に基づいた通信の逐次的な早期分類,'' *コンピュータセキュリティシンポジウム2023 (CSS2023)*, 2023年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1d_dwSs4EKPKMGn68AY2AjMqn8iFU6HZu/view?usp=sharing) 1. 飯田昌澄, 宮本耕平, 武石啓成, 川中翔太, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''高精度なネットワーク侵入検知のための特徴量の統合,'' *信学技報, vol.122, no.422, ICSS2022-55*, pp.43-48, 2023年3月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1XsXcgWFvKR2LK1KzLaVRJlT1VYVJJHuL/view?usp=sharing) 1. 柏原芳克, 宮本耕平, 飯田昌澄, 川中翔太, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''単語埋め込みとLSTMを用いたパケット単位異常通信分類モデルに関する考察,'' *信学技報, vol.122, no.422, ICSS2022-53*, pp.31-36, 2023年3月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1J9Agdh2n1aKLUpBZCqx9yDLoRabh6df1/view?usp=sharing) 1. **韓燦洙**, 田中智, 高橋健志, 竹内純一, ''ダークネット解析に基づくスキャンキャンペーンの追跡手法の提案,'' *信学技報, vol.122, no.244, ICSS2022-43*, pp.31-36, 2022年11月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1wB1Jh2Ft_sVIpevXUg8ROOSnQz89FKDJ/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 1. **韓燦洙**, 田中智, 高橋健志, ''ダークネット解析に基づくマルウェア活動の早期検知フレームワークの有効性の検証と今後の拡張,'' *コンピュータセキュリティシンポジウム2022 (CSS2022)*, 2022年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1NExxRpbl0kvS2hMtldCZikUX0PzLSP0G/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/) 1. 田中智, **韓燦洙**, 高橋健志, ''フィンガープリントを用いたスキャナの分類及び宛先ポートセットの分析,'' *コンピュータセキュリティシンポジウム2022 (CSS2022)*, 2022年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1CfIvloo8aJYCiehmD0X5MWSPcS7wnO_L/view?usp=sharing) 1. 何天祥, **韓燦洙**, 田中智, 高橋健志, 竹内純一, ''系統樹に基づくスケーラブルなマルウェアクラスタリングのオンライン処理手法の実装と評価,'' *コンピュータセキュリティシンポジウム2022 (CSS2022)*, 2022年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/14KCrd5KMQc4vDWNBOL2KC2rvhgvZqH5u/view?usp=sharing) 1. 宮本耕平, 武石啓成, 飯田昌澄, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''パケット単位分類に基いたセッション単位での通信分類,'' *コンピュータセキュリティシンポジウム2022 (CSS2022)*, 2022年10月. [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1iDFSbpYqtPcP_FPrNThEI7EcerelYMTi/view?usp=sharing) 1. 高田智史, 何天祥, **韓燦洙**, 田中智, 竹内純一, ''関数呼び出しシーケンスグラフとクラスタリングを用いたIoTマルウェアの機能分析,'' *信学技報, vol.121, no.410, ICSS2021-77*, pp.111-116, 2022年3月. [\[Slides\]](https://drive.google.com/file/d/1m-XomDwPPvQYcD9Ag4-KFz7C0fGABXm-/view?usp=sharing) 1. **韓燦洙**, 竹内純一, 高橋健志, 井上大介, ''異常同期性推定に基づくマルウェア活動の早期検知フレームワークの検討,'' *コンピュータセキュリティシンポジウム2021 (CSS2021)*, 2021年10月. [\[Slides\]](https://drive.google.com/file/d/13yc8xgMuI1mjBJRXKnC6GxDxI33aIdOV/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/index.ja.html) 1. 田中智, **韓燦洙**, 高橋健志, 藤澤克樹, ''遺伝的アルゴリズムに基づいた広域スキャンのフィンガープリント特定技術の提案,'' *コンピュータセキュリティシンポジウム2021 (CSS2021)*, 2021年10月. **\<CSS学生論文賞\>** [\[Slides\]](https://drive.google.com/file/d/1CXBqSGTiO8OX9GWZh5SMCOIUI0Y3xgU2/view?usp=sharing) 1. 何天祥, **韓燦洙**, 高橋健志, 来嶋秀治, 竹内純一, ''能動学習に基づいたマルウェア階層的クラスタリング,'' *コンピュータセキュリティシンポジウム2021 (CSS2021)*, 2021年10月. [\[Slides\]](https://drive.google.com/file/d/1oIoNFbd_FS-ghi12RHe99hgDRXx9F_XU/view?usp=sharing) 1. 高田智史, 川添玲雄, 何天祥, **韓燦洙**, 田中智, 竹内純一, ''グラフ埋め込みを用いたIoTマルウェアの機能推定手法の改善の検討,'' *コンピュータセキュリティシンポジウム2021 (CSS2021)*, 2021年10月. [\[Slides\]](https://drive.google.com/file/d/167LTZOfNkfoMNeotsY3K697jYBQpBJdq/view?usp=sharing) 1. 宮本耕平, 後藤大輝, 石橋亮典, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''Kitsune特徴量を用いた悪性通信のパケット分類,'' *コンピュータセキュリティシンポジウム2021 (CSS2021)*, 2021年10月. [\[Slides\]](https://drive.google.com/file/d/1TQx3Adr1GMZMYDk1ZYo8gCXdEVIFk-_x/view?usp=sharing) 1. 何天祥, **韓燦洙**, 伊沢亮一, 高橋健志, 来嶋秀治, 竹内純一, ''高速な系統樹構成アルゴリズムにおけるスケーラブルなクラスタリング評価,'' *信学技報, vol.120, no.384, ICSS2020-38*, pp.72-77, 2021年3月. [\[Slides\]](https://drive.google.com/file/d/1LeW2lXccer54Im5FQykTu75CT_iN2tj4/view?usp=sharing) 2. 川添玲雄, **韓燦洙**, 伊沢亮一, 高橋健志, 竹内純一, ''IoTマルウェアの機能差分調査手法の改善及びクラスタに対する分析,'' *信学技報, vol.120, no.384, ICSS2020-39*, pp.78-83, 2021年3月. [\[Slides\]](https://drive.google.com/file/d/1cVK5f-suLwQ_gDW9rw3oPwgMjMMyXGVD/view?usp=sharing) 3. 石橋亮典, 後藤大輝, **韓燦洙**, 班涛, 高橋健志, 竹内純一, ''NIDSアラートに対する原因通信の抽出手法の提案及び考察,'' *信学技報, vol.120, no.384, ICSS2020-26*, pp.1-6, 2021年3月. [\[Slides\]](https://drive.google.com/file/d/1wOrsGtVpIIhyfNYQn1-MzTFfGbPXafmA/view?usp=sharing) 4. **韓燦洙**, 竹内純一, 高橋健志, 井上大介, ''非負値行列因子分解を用いたマルウェア活動検知手法の評価,'' *2021年暗号と情報セキュリティシンポジウム (SCIS2021)*, 2021年1月. [\[Slides\]](https://drive.google.com/file/d/1XszA9pQDcO-FgvN-KFeRO2uU8oLfNX8C/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/index.ja.html) 5. 川添玲雄, **韓燦洙**, 伊沢亮一, 高橋健志, 竹内純一, ''関数呼び出しシーケンスに着目したIoTマルウェアの機能差分調査,'' *コンピュータセキュリティシンポジウム2020 (CSS2020)*, 2020年10月. [\[Slides\]](https://drive.google.com/file/d/1DIFyjaLyzT2dbKcX1pBIttQHclu26aBj/view?usp=sharing) 6. 川添玲雄, **韓燦洙**, 伊沢亮一, 高橋健志, 竹内純一, ''関数呼び出しシーケンスに着目したIoTマルウェアの機能推定に関する考察,'' *2020年暗号と情報セキュリティシンポジウム (SCIS2020)*, 2020年1月. [\[Slides\]](https://drive.google.com/file/d/1hIucksOE7IyocdLz5k7KoTW2pus5JVd3/view?usp=sharing) 7. 何天祥, **韓燦洙**, 伊沢亮一, 高橋健志, 来嶋秀治, 竹内純一, 中尾康二, ''高速な系統樹構成アルゴリズムの提案及びその評価,'' *信学技報, vol.119, no.288, ICSS2019-61*, pp.7-12, 2019年11月. [\[Slides\]](https://drive.google.com/file/d/1VZy3EcXSG_Q-jlkikofLuAn-_BdI7LcU/view?usp=sharing) 8. 中川雄太, **韓燦洙**, 島村隼平, 高橋健志, 藤田彬, 吉岡克成, 井上大介, ''ダークネットトラフィックの分析に基づく継続的な広域ネットワークスキャンの調査,'' *コンピュータセキュリティシンポジウム2019 (CSS2019)*, 2019年10月. [\[Slides\]](https://drive.google.com/file/d/1gcIzE0_Isg0pOiihvU-Dfx0R2v2dEsPK/view?usp=sharing) 9. **韓燦洙**, 島村隼平, 高橋健志, 井上大介, 竹内純一, 中尾康二, ''ダークネットトラフィック分析に基づくサイバー攻撃検知手法の評価,'' *2019年暗号と情報セキュリティシンポジウム (SCIS2019)*, 2019年1月. [\[Slides\]](https://drive.google.com/file/d/1snxK6ZKIKzCPa6_OtI0-TU4kFDS3CEuU/view?usp=sharing) [\[Datasets\]](https://csdataset.nict.go.jp/darknet-2022/index.ja.html) 10. **韓燦洙**, 島村隼平, 高橋健志, 井上大介, 川喜田雅則, 竹内純一, 中尾康二, ''Graphical Lassoを用いたダークネットデータのリアルタイム分析に基づくマルウェア活動検知に関する検討,'' *信学技報, vol.117, no.481, ICSS2017-51*, pp.1-6, 2018年3月. [\[Slides\]](https://drive.google.com/file/d/1Skr58QPau27t5mFn_wJTFaFgyQW5iUPP/view?usp=sharing) 11. **韓燦洙**, 松本晋一, 川本淳平, 櫻井幸一, ''AndroidマルウェアのAPI呼出し記録による分類及び個人情報漏えい検知,'' *火の国情報シンポジウム, 3A-4*, 2016. [\[Slides\]](https://drive.google.com/file/d/1MFJlulvPfX_7fJc5s9IUMje8uLA5z0qJ/view?usp=sharing) <div> </details> --- ### Non-refereed Academic Magazine 1. T. Takahashi, K. Furumoto, and **C. Han**, ''Cyber Wars: 2. Boosting Cybersecurity with Machine Learning Techniques,'' *IPSJ Magazine, vol.61(7), pp.672-677*, Jul. 2020. ### Non-refereed Oral Presentation/Talk 1. **Chansu Han**, ''Overview of Cybersecurity Laboratory in NICT and Recent Trends in AI Safety,'' *2024 First Autonomous Driving Technology Development Innovation Project Demand Company Technology Committee Meeting*, KATECH, Korea, Aug, 2024. 1. A. Tanaka, **C. Han**, and T. Takahashi, ''Port Set Clustering for Internet-Wide Scanner,'' *The 6th RIKEN-IMI-ISM-NUS-ZIB-MODAL-NHR Workshop on Advances in Classical and Quantum Algorithms for Optimization and Machine Learning*, Sep. 2022. 2. **Chansu Han**, ''Real-time Detection of Anomalous Cooperation based on Darknet using Graphical Lasso,'' *The 1st International Joint Conference on AI \& Data Science*, Suwon, Korea, Nov. 2019. ### Thesis 1. Real-time Detection of Malware Activities and Analysis of Behavioral Differences Between IoT Malware, Doctoral Dissertation, *ISEE, Kyushu University*, Date Accepted: 2021-01-12, Granted Date: 2021-03-24, Degree: Doctor of Engineering [\[PDF\]](https://catalog.lib.kyushu-u.ac.jp/opac_download_md/4475145/isee0693.pdf) [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1jNFK8CPlbF7-diEdqFEt6e3nH_uJSviC/view?usp=sharing) [\[Details\]](http://hdl.handle.net/2324/4475145) 2. A study on real-time detection of malware activity by the graphical lasso and graph density, Master Thesis, *ISEE, Kyushu University*, Date Accepted: 2018-02-21, Granted Date: 2018-03-20, Degree: Master of Science [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1caEugXNzXR_854WzpGKmtPkvUGk-bobr/view?usp=sharing) 3. Detection of Android malware by dynamic analysis using API call record, Bachelor Thesis，*EECS, Kyushu University*, Granted Date: 2016-03-25, Degree: Bachelor of Engineering [\[Slides (in Japanese)\]](https://drive.google.com/file/d/1TA8rwGobdpguwiWsboxEbWprviWPMe5M/view?usp=sharing) --- # Others ## Projects - NARLabs-NICT Joint Project: Efficient and effective network management and cybersecurity, 2024.04-2026.03 - NARLabs-NICT Joint Project: NICTER(Network Incident analysis Center for Tactical Emergency Response), 2021.04-2023.03 - 電波利用料: 電波の有効利用のためのIoTマルウェアの挙動検知及び駆除技術の実現，横国大(主体)，2020-2022(3年)，総務省 - MITIGATE, Research and Development for Expansion of Radio Wave Resources (JPJ000254), Ministry of Internal Affairs and Communications, Japan. - 官民研究開発投資拡大プログラム（PRISM）「AI技術領域」: サイバー攻撃ハイブリッド高速分析プラットフォームの研究開発，NICT(主体)，2019(1年) - NICTER Project (Network Incident analysis Center for Tactical Emergency Response) https://www.nicter.jp/en/  ## Awards/Honors - 情報処理学会 CSEC優秀研究賞 (第104回CSEC研究会) (CSEC Best Research Award, IPSJ), 2024 (共著) - 情報処理学会コンピュータセキュリティシンポジウム2021 CSS学生論文賞 (CSS Best Student Paper Award, IPSJ), 2021 (共著) ## Teaching/Education/Lecture - 非常勤講師，津田塾大学，2024年度, 2023年度 ## Patents - [2022-123952, 2022-123955] フィンガープリント特定システム及びフィンガープリント特定方法, 2022 ## Mass Media - **韓燦洙**, ''サイバー脅威　AIで発見,'' *日刊工業新聞｢NICT先端研究｣第141回掲載*, 2020年7月28日 [\[PDF\]](https://www.nict.go.jp/gaibu-keisai/oi25v200000005r2-att/141.pdf) ## Member - Information Processing Society of Japan (IPSJ) --- ## Professional Services ### Editorial Service - Editorial Committee, Journal of Information Processing (IPSJ), Special issue on Computer Security Technologies for AI Society, 2024--2025 - Editorial Committee, Journal of Information Processing (IPSJ), Special issue on Cybersecurity Technologies for Secure Supply-Chain, 2023--2024 ### Conference/Workshop Organization - [Local Arrangement Chair] International Conference on Artificial Intelligence Computing and Systems (AICompS), 2025 ### Program Committee Member - [Poster Session Chair] IEEE Conference on Dependable and Secure Computing (DSC), 2024 - International Conference on Neural Information Processing (ICONIP), 2024, 2021, 2019 - IEEE International Joint Conference on Neural Networks (IJCNN), 2024 ### Session Chair - International Conference on Information Systems Security and Privacy (ICISSP), 2023 - Computer Security Symposium (CSS), 2021, 2020 ### Review Experiences - IEEE Transactions on Reliability, 2025, 2024 - IPSJ Journal of Information Processing, 2025, 2024, 2022, 2021 - International Conference on Artificial Intelligence Computing and Systems (AICompS), 2025 - IEEE Conference on Dependable and Secure Computing (DSC), 2024 - International Conference on Neural Information Processing (ICONIP), 2024, 2021, 2019 - IEEE International Joint Conference on Neural Networks (IJCNN), 2024 - Peer-to-Peer Networking and Applications, 2023 - The Journal of Supercomputing, 2023 - Computer Security Symposium (CSS), 2021, 2020, 2019 - Finnish-Russian University Cooperation in Telecommunication (FRUCT), 2021, 2020 - IEEE International Conference on Smart Computing (SMARTCOMP), 2021 - IEICE Transactions on Information and Systems, 2021 - International Computer Symposium (ICS), 2020 - IEICE Transactions on Communications, 2019 - International Journal of Information Security, 2019 - Annual Computer Security Applications Conference (ACSAC), 2018 --- ## Academic Background and Career | Date | Academic Background and Career | | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | --Feb. 2012 | Graduated Gwangdeok High School, Gwangju, Republic of Korea | | Apr. 2012--Mar. 2016 | Department of Electrical Engineering and Computer Science, School of Engineering, Kyushu University (Received Bachelor of Engineering) | | Apr. 2016--Mar. 2018 | Department of Informatics, Graduate School of Information Science and Electrical Engineering, Kyushu University (Received Master of Science) | | Apr. 2018--Mar. 2021 | Department of Informatics, Graduate School of Information Science and Electrical Engineering, Kyushu University (Received Doctor of Engineering) | | Apr. 2018--present | Researcher, Cybersecurity Laboratory, National Institute of Information and Communications Technology (NICT) | | Apr. 2023--present | Visiting Assistant Professor (Research Advisor), Mathematical Engineering Laboratory, Graduate School and Faculty of Information Science and Electrical Engineering, Kyushu University | | Jun. 2023--Aug. 2023 | Visiting Researcher with the University of New Brunswick to collaborate on research with Prof. Ali Ghorbani, Director of the Canadian Cybersecurity Center, UNB. | | Apr. 2025–present | Researcher, Center for Research on AI Security and Technology Evolution (CREATE), National Institute of Information and Communications Technology (NICT) | <details> <summary> 履歴 </summary> <div> ## 学歴 | 日付 | 学歴 | | --- | --- | | 2012年2月 | 大韓民国　光州広域市　光徳高校卒業 | | 2012年4月 | 九州大学　工学部　電気情報工学科　入学 | | 2016年3月 | 九州大学　工学部　電気情報工学科　卒業学士（工学）取得 | | 2016年4月 | 九州大学大学院　システム情報科学府　情報学専攻　修士課程　入学 | | 2018年3月 | 九州大学大学院　システム情報科学府　情報学専攻　修士課程　卒業修士（理学）取得 | | 2018年4月 | 九州大学大学院　システム情報科学府　情報学専攻　博士後期課程　入学 | | 2021年3月 | 九州大学大学院　システム情報科学府　情報学専攻　博士後期課程　卒業博士（工学）取得 | ## 職歴（インターン含む） | 日付 | 職歴(インターン含む) | | ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 2012年7月~2013年6月 | [株式会社テンエックスラボ](https://10xlab.jp/) インターン(1年間) | | 2015年4月~2016年3月 | [九州大学工学部櫻井研究室](http://itslab.csce.kyushu-u.ac.jp/index-j.html) 学士（工学）修了 | | 2015年6月~2016年3月 | [公益財団法人九州先端科学技術研究所](http://www.isit.or.jp/) 情報セキュリティ研究室研究助手 | | 2016年4月~2018年3月 | [九州大学大学院システム情報科学府回路研究室](http://www.me.inf.kyushu-u.ac.jp/homepage.ja.html) 修士（理学）修了 | | 2016年4月~2018年3月 | [九州大学アジア人財プログラム](http://www.aq-program.kyushu-u.ac.jp/) 修了 | | 2016年8月~2016年9月 | [NTTデータ先端技術株式会社](http://www.intellilink.co.jp/) インターン(3週間) | | 2016年9月~2016年9月 | [セキュリティ・キャンプ九州 in 福岡 2016](http://www.security-camp.org/minicamp/kyushu2016.html) (3日間) | | 2017年2月~2017年3月 | [The 21st Century Challenges in Living Abroad Program, Chinese](http://www.isc.kyushu-u.ac.jp/intlweb/study/short-term) 台湾で中国語研修(3週間) | | 2017年8月~2017年9月 | [情報通信研究機構(NICT) サイバーセキュリティ研究室](http://nict.go.jp/cyber/index.html) 共同研究員として出張 (16日間) | | 2018年4月~2021年3月 | [九州大学大学院システム情報科学府数理工学研究室](http://www.me.inf.kyushu-u.ac.jp/homepage.ja.html) 博士（工学）修了 | | 2018年4月~現在 | [情報通信研究機構(NICT) サイバーセキュリティ研究室](http://nict.go.jp/cyber/index.html) 研究員 | | 2023年4月~現在 | [九州大学大学院システム情報科学府数理工学研究室](http://www.me.inf.kyushu-u.ac.jp/homepage.ja.html) 研究指導者(客員助教) | | 2023年6月~2023年8月 | Visiting Researcher with the University of New Brunswick to collaborate on research with Dr. Ali Ghorbani, Director of the Canadian Cybersecurity Center, UNB. | ## 奨学金受給 | 日付 | 奨学財団名 | | --- | --- | | 2012年4月~2014年3月(2年間) | 学習奨励金（日本学生支援機構JASSO） | | 2016年4月~2018年3月(2年間) | NTTドコモ留学生奨学金 | ## コミュニケーション可能な言語 * 韓国語（母国語） * 日本語（ネイティブレベル） * 英語（日常会話レベル） * 中国語（初級者レベル） ## 資格・受賞 | 日付 | 資格・受賞 | | --- | --- | | 2005年9月 | 全国漢字能力検定試験 3級(韓国) | | 2011年9月 | コンピュータ活用能力 1級(韓国国家技術資格) | | 2011年10月 | ITQ Excel, PowerPoint, Internet 全てA等級(韓国) | | 2011年10月 | ITQ OA Master(韓国) | | 2011年12月 | 情報処理技能士(韓国国家技術資格) | | 2013年1月 | 九州大学外国語プレゼンテーションコンテスト中国語，日本語部門全て優秀賞 | | 2016年1月 | 日本語能力試験 1級(日本) | | 2017年3月 | HSK 4級 | | 2017年10月 | IPA(経済産業省) 応用情報技術者試験合格 | <div> </details>