It has been nearly 20 years since the launch of the Leurré.com project, which deployed honeypots in over 30 countries to collect anomalous traffic data. Honeypots are a cybersecurity technology designed to attract attackers by intentionally exposing systems that appear vulnerable, enabling the observation and analysis of various malicious activities, such as unauthorized access or malware execution. Although the project is no longer active, the landscape of Internet usage has drastically changed since that time, with the emergence of a wide variety of applications. As a result, there remains a pressing need to continuously monitor and investigate security threats through large-scale honeypot deployments. In this research, in close collaboration with international research institutions such as Inria and DFKI, we aim to realize more secure network operations by addressing two key research questions: what the characteristics of newly observed anomalous traffic captured by large-scale honeypot deployments are, and what kinds of countermeasures can be developed to address these new forms of anomalous traffic. To achieve this goal, we observe the evolving security threats posed by the growing diversity of applications and build effective countermeasures using advanced machine learning and deep learning models that were not available at the time of the earlier project. Achievements 1. T. Angeli, F. Beck, D. Kondo, I. Chrisment, H. Tode, and H. D. Schotten, "Demo: SweetsPot: A Distributed Honeypot Federation Platform," in Proc. 2025 IEEE 50th Conference on Local Computer Networks (LCN), 2025, pp. 1–4.

Email was invented approximately 50 years ago as a fundamental means of communication. In recent years, messaging applications such as WhatsApp, which allow direct communication via centralized servers, have become widespread. However, email remains essential for commercial communication, and it is unlikely to be completely replaced by these applications. Its widespread use and importance provide attackers with a strong incentive to send malicious emails. Email attacks have become increasingly sophisticated. While some use tailored messages targeting individuals, recent developments in Large Language Models enable the easy generation of highly realistic malicious emails in a wide variety of formats. As a result, conventional security measures alone are often insufficient for users to distinguish between legitimate and malicious emails. This study aims to provide a secure email environment by conducting header analysis, including evaluation of sending domains, as well as content analysis focusing on linguistic patterns, event themes, and structural characteristics typical of malicious emails. Through this approach, we aim to deepen the understanding of email authentication practices and attack methods, thereby contributing to the dissemination of effective security measures. Achievements 1. 近藤 大嗣, 澁谷 遊野, 山口 利恵, 中田 登志之, 浅見 徹, "日本国内におけるメールセキュリティに関する実態把握," 情報処理学会論文誌（推薦論文）, vol. 64, no. 11, pp. 1537–1547, 2023年11月.（特選論文） 2. D. Kondo, Y. Shibuya, R. S. Yamaguchi, T. Ishihara, Y. Sekiya, T. Nakata, and T. Asami, "Who Did Not Implement Email Security Measures After Google's New Email Sender Guidelines?: A Large-Scale Measurement Study," in Proc. 2025 9th Network Traffic Measurement and Analysis Conference (TMA), 2025, pp. 1–10.