Parameter manipulation attack prevention and detection by using web application deception proxy

Tomohisa Ishikawa, Kouichi Sakurai

研究成果: 著書/レポートタイプへの貢献会議での発言

4 引用 (Scopus)

抄録

The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

元の言語英語
ホスト出版物のタイトルProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
出版者Association for Computing Machinery, Inc
ISBN(電子版)9781450348881
DOI
出版物ステータス出版済み - 1 5 2017
イベント11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 - Beppu, 日本
継続期間: 1 5 20171 7 2017

出版物シリーズ

名前Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

その他

その他11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
日本
Beppu
期間1/5/171/7/17

Fingerprint

Industry

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems

これを引用

Ishikawa, T., & Sakurai, K. (2017). Parameter manipulation attack prevention and detection by using web application deception proxy. : Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 [74] (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3022227.3022300

Parameter manipulation attack prevention and detection by using web application deception proxy. / Ishikawa, Tomohisa; Sakurai, Kouichi.

Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc, 2017. 74 (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017).

研究成果: 著書/レポートタイプへの貢献会議での発言

Ishikawa, T & Sakurai, K 2017, Parameter manipulation attack prevention and detection by using web application deception proxy. : Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017., 74, Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017, Association for Computing Machinery, Inc, 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017, Beppu, 日本, 1/5/17. https://doi.org/10.1145/3022227.3022300
Ishikawa T, Sakurai K. Parameter manipulation attack prevention and detection by using web application deception proxy. : Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc. 2017. 74. (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). https://doi.org/10.1145/3022227.3022300
Ishikawa, Tomohisa ; Sakurai, Kouichi. / Parameter manipulation attack prevention and detection by using web application deception proxy. Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc, 2017. (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017).
@inproceedings{544906f44a6b4afeb75c3428b146f702,
title = "Parameter manipulation attack prevention and detection by using web application deception proxy",
abstract = "The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.",
author = "Tomohisa Ishikawa and Kouichi Sakurai",
year = "2017",
month = "1",
day = "5",
doi = "10.1145/3022227.3022300",
language = "English",
series = "Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017",
publisher = "Association for Computing Machinery, Inc",
booktitle = "Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017",

}

TY - GEN

T1 - Parameter manipulation attack prevention and detection by using web application deception proxy

AU - Ishikawa, Tomohisa

AU - Sakurai, Kouichi

PY - 2017/1/5

Y1 - 2017/1/5

N2 - The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

AB - The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

UR - http://www.scopus.com/inward/record.url?scp=85015147828&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015147828&partnerID=8YFLogxK

U2 - 10.1145/3022227.3022300

DO - 10.1145/3022227.3022300

M3 - Conference contribution

AN - SCOPUS:85015147828

T3 - Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

BT - Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

PB - Association for Computing Machinery, Inc

ER -