Parameter manipulation attack prevention and detection by using web application deception proxy

Tomohisa Ishikawa; Kouichi Sakurai

doi:10.1145/3022227.3022300

Parameter manipulation attack prevention and detection by using web application deception proxy

Tomohisa Ishikawa, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Citations (Scopus)

Abstract

The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

Original language	English
Title of host publication	Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
Publisher	Association for Computing Machinery, Inc
ISBN (Electronic)	9781450348881
DOIs	https://doi.org/10.1145/3022227.3022300
Publication status	Published - Jan 5 2017
Event	11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 - Beppu, Japan Duration: Jan 5 2017 → Jan 7 2017

Publication series

Name	Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

Other

Other	11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
Country/Territory	Japan
City	Beppu
Period	1/5/17 → 1/7/17

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems

Access to Document

10.1145/3022227.3022300

Cite this

Ishikawa, T., & Sakurai, K. (2017). Parameter manipulation attack prevention and detection by using web application deception proxy. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 Article 74 (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3022227.3022300

Parameter manipulation attack prevention and detection by using web application deception proxy. / Ishikawa, Tomohisa; Sakurai, Kouichi.
Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc, 2017. 74 (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ishikawa, T & Sakurai, K 2017, Parameter manipulation attack prevention and detection by using web application deception proxy. in Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017., 74, Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017, Association for Computing Machinery, Inc, 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017, Beppu, Japan, 1/5/17. https://doi.org/10.1145/3022227.3022300

Ishikawa T, Sakurai K. Parameter manipulation attack prevention and detection by using web application deception proxy. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc. 2017. 74. (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017). doi: 10.1145/3022227.3022300

Ishikawa, Tomohisa ; Sakurai, Kouichi. / Parameter manipulation attack prevention and detection by using web application deception proxy. Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017. Association for Computing Machinery, Inc, 2017. (Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017).

@inproceedings{544906f44a6b4afeb75c3428b146f702,

title = "Parameter manipulation attack prevention and detection by using web application deception proxy",

abstract = "The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.",

author = "Tomohisa Ishikawa and Kouichi Sakurai",

year = "2017",

month = jan,

day = "5",

doi = "10.1145/3022227.3022300",

language = "English",

series = "Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017",

publisher = "Association for Computing Machinery, Inc",

booktitle = "Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017",

note = "11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 ; Conference date: 05-01-2017 Through 07-01-2017",

}

TY - GEN

T1 - Parameter manipulation attack prevention and detection by using web application deception proxy

AU - Ishikawa, Tomohisa

AU - Sakurai, Kouichi

PY - 2017/1/5

Y1 - 2017/1/5

N2 - The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

AB - The attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such as Microsoft IIS or Apache are quickly discovered by security researchers around the world, it is hard to identify the vulnerabilities in customized web applications developed by each organization. On top of that, in the case of large corporations, it is hard to manage all web applications since their business domains are diversified, and each division has various web applications. In this paper, we propose web application deception proxy as a defense approach, and we show that it is very helpful to prevent and detect web application attacks.

UR - http://www.scopus.com/inward/record.url?scp=85015147828&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015147828&partnerID=8YFLogxK

U2 - 10.1145/3022227.3022300

DO - 10.1145/3022227.3022300

M3 - Conference contribution

AN - SCOPUS:85015147828

T3 - Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

BT - Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

PB - Association for Computing Machinery, Inc

T2 - 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

Y2 - 5 January 2017 through 7 January 2017

ER -

Parameter manipulation attack prevention and detection by using web application deception proxy

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this