| Presentation | 2016-03-03 Detection of Vulnerability Scanning Using Features of Collective Accesses Collected from Several Honeypots Naomi Kuze, Shu Ishikura, Takeshi Yagi, Daiki Chiba, Masayuki Murata, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Attacks against websites are increasing rapidly with the expansion of web services. Diversifying web services make it difficult to prevent such attacks due to many unknown vulnerabilities in websites. To overcome this problem, we need to collect the most recent attacks using decoy web honeypots and to implement countermeasures against malicious threats. Web honeypots collect not only malicious accesses but also benign accesses such as those by web crawlers. Therefore, it is essential to identify automatically malicious accesses from mixed collected data. Specifically, detecting vulnerability scanning, which is a preliminary process of web attacks, is important for preventing attacks. In this study, we focused on classification of web crawler and vulnerability scanning since these are too similar to be identified. We propose feature vectors including features of collective accesses obtained with multiple honeypots deployed in different networks. Through our evaluation, we show that features of collective accesses are advantageous for web crawler and vulnerability scanning classification. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Intrusion detection / Web attacks / Classification / Features of collective accesses |
| Paper # | ICSS2015-55 |
| Date of Issue | 2016-02-25 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2016/3/3(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Academic Center for Computing and Media Studies, Kyoto University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Information and Communication System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Takashi Nishide(Mitsubishi Electric) / Yoshiaki Shiraishi(NII) |
| Assistant | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Detection of Vulnerability Scanning Using Features of Collective Accesses Collected from Several Honeypots |
| Sub Title (in English) | |
| Keyword(1) | Intrusion detection |
| Keyword(2) | Web attacks |
| Keyword(3) | Classification |
| Keyword(4) | Features of collective accesses |
| 1st Author's Name | Naomi Kuze |
| 1st Author's Affiliation | Osaka University(Osaka Univ.) |
| 2nd Author's Name | Shu Ishikura |
| 2nd Author's Affiliation | Osaka University(Osaka Univ.) |
| 3rd Author's Name | Takeshi Yagi |
| 3rd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 4th Author's Name | Daiki Chiba |
| 4th Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 5th Author's Name | Masayuki Murata |
| 5th Author's Affiliation | Osaka University(Osaka Univ.) |
| Date | 2016-03-03 |
| Paper # | ICSS2015-55 |
| Volume (vol) | vol.115 |
| Number (no) | ICSS-488 |
| Page | pp.pp.47-52(ICSS), |
| #Pages | 6 |
| Date of Issue | 2016-02-25 (ICSS) |