Parameter manipulation attack prevention and detection by using web application deception proxy

Tomohisa Ishikawa, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

Original languageEnglish
Title of host publicationProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450348881
DOIs
Publication statusPublished - Jan 5 2017
Event11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 - Beppu, Japan
Duration: Jan 5 2017Jan 7 2017

Publication series

NameProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

Other

Other11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
CountryJapan
CityBeppu
Period1/5/171/7/17

Fingerprint

Industry

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems

Cite this

Ishikawa, T., & Sakurai, K. (2017). Parameter manipulation attack prevention and detection by using web application deception proxy. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 [74] (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3022227.3022300

Parameter manipulation attack prevention and detection by using web application deception proxy. / Ishikawa, Tomohisa; Sakurai, Kouichi.

Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc, 2017. 74 (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ishikawa, T & Sakurai, K 2017, Parameter manipulation attack prevention and detection by using web application deception proxy. in Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017., 74, Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017, Association for Computing Machinery, Inc, 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017, Beppu, Japan, 1/5/17. https://doi.org/10.1145/3022227.3022300
Ishikawa T, Sakurai K. Parameter manipulation attack prevention and detection by using web application deception proxy. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc. 2017. 74. (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). https://doi.org/10.1145/3022227.3022300
Ishikawa, Tomohisa ; Sakurai, Kouichi. / Parameter manipulation attack prevention and detection by using web application deception proxy. Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc, 2017. (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017).
@inproceedings{544906f44a6b4afeb75c3428b146f702,
title = "Parameter manipulation attack prevention and detection by using web application deception proxy",
abstract = "The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.",
author = "Tomohisa Ishikawa and Kouichi Sakurai",
year = "2017",
month = "1",
day = "5",
doi = "10.1145/3022227.3022300",
language = "English",
series = "Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017",
publisher = "Association for Computing Machinery, Inc",
booktitle = "Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017",

}

TY - GEN

T1 - Parameter manipulation attack prevention and detection by using web application deception proxy

AU - Ishikawa, Tomohisa

AU - Sakurai, Kouichi

PY - 2017/1/5

Y1 - 2017/1/5

N2 - The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

AB - The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

UR - http://www.scopus.com/inward/record.url?scp=85015147828&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015147828&partnerID=8YFLogxK

U2 - 10.1145/3022227.3022300

DO - 10.1145/3022227.3022300

M3 - Conference contribution

AN - SCOPUS:85015147828

T3 - Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

BT - Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

PB - Association for Computing Machinery, Inc

ER -