| Presentation | 2013-11-12 Evaluations of Multi-Stage Traffic Analysis against Attacks on Websites Takeshi YAGI, Takeo HARIU, Hiroki TAKAKURA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | This paper proposes a method for increasing the amount of information about malware attack features in order to improve the attack detection rate. This method divides the destination URI of attacks collected by a decoy honeypot system into two portions, the one indicates the address parameter and the other indicates the parameter input value, and uses each portion in turn to monitor website accesses for a match. If a match is discovered, the method judges that access to be an attack and extracts its feature information, which increases the amount of attack feature information. A cross-validation check using multiple honeypots and a field test conducted with actual university traffic showed that this method can increase the amount of attack feature information by several times and improve the attack detection rate. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | website / attack / malware / multi-stage analysis |
| Paper # | ICSS2013-57 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2013/11/5(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Evaluations of Multi-Stage Traffic Analysis against Attacks on Websites |
| Sub Title (in English) | |
| Keyword(1) | website |
| Keyword(2) | attack |
| Keyword(3) | malware |
| Keyword(4) | multi-stage analysis |
| 1st Author's Name | Takeshi YAGI |
| 1st Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation() |
| 2nd Author's Name | Takeo HARIU |
| 2nd Author's Affiliation | NTT Secure Platform Laboratories, NTT Corporation |
| 3rd Author's Name | Hiroki TAKAKURA |
| 3rd Author's Affiliation | Graduate School of Information Science, Nagoya University |
| Date | 2013-11-12 |
| Paper # | ICSS2013-57 |
| Volume (vol) | vol.113 |
| Number (no) | 288 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |