| Presentation | 2020-03-03 Preliminary Study of WAF Signature Generation by Utilizing Real-time Information on the Web Masahito Kumazaki, Hirokazu Hasegawa, Yukiko Yamaguchi, Hajime Shimada, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Zero-day attacks and attacks based on publicly disclosed vulnerability information are one of the major threats in network security. In order to cope with such attacks, it is important to collect related information and deal with it as soon as possible. Therefore, we propose a system that collects vulnerability information related to Web applications from real-time information on the Web and generates WAF(Web Application Firewall) signatures from those information. In this paper, as an initial study, we extract vulnerability information containing the specified keyword from NVD(National Vulnerability Database) data feed, and generate WAF signatures automatically from extracted information. In addition, we discussed and examined WAF signatures generation from Tweet of the Twitter, which is a famous real-time information source on the Web. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Web Application Firewall(WAF) / Zero-day Attack / Vulnerability Information / Real-time Information |
| Paper # | ICSS2019-84 |
| Date of Issue | 2020-02-24 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2020/3/2(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Okinawa-Ken-Seinen-Kaikan |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Preliminary Study of WAF Signature Generation by Utilizing Real-time Information on the Web |
| Sub Title (in English) | |
| Keyword(1) | Web Application Firewall(WAF) |
| Keyword(2) | Zero-day Attack |
| Keyword(3) | Vulnerability Information |
| Keyword(4) | Real-time Information |
| 1st Author's Name | Masahito Kumazaki |
| 1st Author's Affiliation | Nagoya Univercity(Nagoya Univ.) |
| 2nd Author's Name | Hirokazu Hasegawa |
| 2nd Author's Affiliation | Nagoya Univercity(Nagoya Univ.) |
| 3rd Author's Name | Yukiko Yamaguchi |
| 3rd Author's Affiliation | Nagoya Univercity(Nagoya Univ.) |
| 4th Author's Name | Hajime Shimada |
| 4th Author's Affiliation | Nagoya Univercity(Nagoya Univ.) |
| Date | 2020-03-03 |
| Paper # | ICSS2019-84 |
| Volume (vol) | vol.119 |
| Number (no) | ICSS-437 |
| Page | pp.pp.97-102(ICSS), |
| #Pages | 6 |
| Date of Issue | 2020-02-24 (ICSS) |