The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
웹 애플리케이션의 취약점은 컴퓨터 네트워크를 보안 위협에 노출시키며, 많은 웹사이트는 공격자가 다른 웹사이트와 사용자 단말기를 공격하기 위한 도약 사이트로 사용됩니다. 이러한 사고는 서비스 제공업체가 안전한 네트워킹 환경을 구축하는 것을 방해합니다. 웹 애플리케이션의 취약점을 악용하는 공격으로부터 웹사이트를 보호하기 위해 서비스 제공업체는 웹 애플리케이션 방화벽(WAF)을 사용합니다. WAF는 이전 공격의 익스플로잇 코드를 기반으로 생성된 서명을 사용하여 공격자의 액세스를 필터링합니다. 그러나 서명이 새로운 유형의 공격을 반영할 수 없기 때문에 WAF는 알려지지 않은 공격을 필터링할 수 없습니다. 서비스 제공업체 환경에서는 최근 클라우드 컴퓨팅을 통해 개발된 취약한 웹 애플리케이션이 확산되면서 익스플로잇 코드 수가 급증하고 있다. 따라서 모든 익스플로잇 코드에 대한 서명을 생성하는 것은 어렵습니다. 이러한 문제를 해결하기 위해 우리가 제안하는 기법은 이미 익스플로잇 코드를 받은 웹 사이트에서 전송된 악성 코드 다운로드를 탐지하고 필터링합니다. 또한, 악성코드 다운로드 탐지를 위한 정보 수집을 위해 익스플로잇 코드의 통신기록을 자동으로 추출하는 웹 허니팟을 활용하고 있다. 프로토타입을 이용한 실험 결과에 따르면, 우리의 방식은 공격을 자동으로 필터링하여 서비스 제공업체가 안전하고 비용 효과적인 네트워크 환경을 제공할 수 있도록 합니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Takeshi YAGI, Naoto TANIMOTO, Takeo HARIU, Mitsutaka ITOH, "Design of Provider-Provisioned Website Protection Scheme against Malware Distribution" in IEICE TRANSACTIONS on Communications,
vol. E93-B, no. 5, pp. 1122-1130, May 2010, doi: 10.1587/transcom.E93.B.1122.
Abstract: Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E93.B.1122/_p
부
@ARTICLE{e93-b_5_1122,
author={Takeshi YAGI, Naoto TANIMOTO, Takeo HARIU, Mitsutaka ITOH, },
journal={IEICE TRANSACTIONS on Communications},
title={Design of Provider-Provisioned Website Protection Scheme against Malware Distribution},
year={2010},
volume={E93-B},
number={5},
pages={1122-1130},
abstract={Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.},
keywords={},
doi={10.1587/transcom.E93.B.1122},
ISSN={1745-1345},
month={May},}
부
TY - JOUR
TI - Design of Provider-Provisioned Website Protection Scheme against Malware Distribution
T2 - IEICE TRANSACTIONS on Communications
SP - 1122
EP - 1130
AU - Takeshi YAGI
AU - Naoto TANIMOTO
AU - Takeo HARIU
AU - Mitsutaka ITOH
PY - 2010
DO - 10.1587/transcom.E93.B.1122
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E93-B
IS - 5
JA - IEICE TRANSACTIONS on Communications
Y1 - May 2010
AB - Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.
ER -