Design of provider-provisioned website protection scheme against malware distribution

IEICE Transactions on Communications

Volumn E93-B, Issue 5, 2010, Pages 1122-1130

  Yagi, Takeshi ^a   Tanimoto, Naoto ^a   Hariu, Takeo ^a   Itoh, Mitsutaka ^a  

^a NTT CORPORATION   (Japan)

Author keywords

Application; Malware; Security; Vulnerability; Web

Indexed keywords

APPLICATIONS; CODES (SYMBOLS); COMPUTER CRIME; COST EFFECTIVENESS; NETWORK SECURITY; WEB CRAWLER; WEB DESIGN; WEB SERVICES; WEBSITES;

COMMUNICATION RECORDS; COST-EFFECTIVE NETWORK; SECURE NETWORKING; SECURITY; SECURITY THREATS; VULNERABILITY; WEB APPLICATION FIREWALLS; WEBSITE PROTECTIONS;

MALWARE;

EID: 77951832059     PISSN: 09168516     EISSN: 17451345     Source Type: Journal    
DOI: 10.1587/transcom.E93.B.1122     Document Type: Article

References (20)

1. Symantec, http://www.symantec.com/business/resources/articles/ article.jsp?aid=20080513-sym-report-attacks-increasingly
2. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, 'The ghost in the browser analysis of Web-based malware," In the First USENIX Workshop on Hot Topics in Botnets (HotBots'07), 2007.
3. "Web application security consortium." http://www.webappsec. org/ projects/wafec/
4. "The honeynet project." http://www.honeynet.org/
5. "Dshield Web honeypot project." http://sites.google.com/site/ web honeypotsite/
6. H.F.G. Robledo, "Type of hosts on remote file inclusion (rfi) botnet," The Electronics, Robotics and Automotive Mechanics Conference (CERMA) 2008, Sept. 2008.
7. S. Nanda, L. Lam, and T. Chiueh, "Web application attack prevention for tiered internet services," Proc. 4th International Conference on Information Assurance and Security (IAS'08), Sept. 2008.
8. C. Kruegel and G. Vigna, "Anomaly detection of Web-based attacks," Proc. 10th ACM Conference on Computer and Communications Security, Oct. 2003. (Pubitemid 40673807)
9. T. Huang, S. Huang, and T. Lin, "Web application security assessment by fault injection and behavior monitoring," ACM, Proc. 12th International World Wide Web Conference, May 2003.
10. J.M. Estevez-Tapiador, P. Garcia-Teodoro, and J.E. Diaz-Verdejo, "Detection of Web-based attacks through Markovian protocol parsing," Proc. 10th IEEE Symposium on Computer and Communications, Oct. 2005. (Pubitemid 41543313)
11. M. Sharifi, M. Zoroufi, and A. Saberi, "How to counter control flow tampering attacks," Computer Systems and Applications 2007. AICCSA'07. IEEE/ACS International Conference, May 2007. (Pubitemid 350130025)
12. D. Scott and R. Sharp, "Specifying and enforcing application-level Web security policies," IEEE Transaction on Knowledge and Data Engineering, vol.15, no.4, pp.771-783, Aug. 2003.
13. OWAPS, "OWAPS best practices: Use of Web application firewalls." http://www.owasp.Org/index.php/Category:OWASP-Best-Practices:- Use-of-Web-Application-Firewalls
14. E. Eliam, Reversing: Secrets of Reverse Engineering, Wiley, 2005.
15. SecureWorks, "The reusable unknown malware analysis net." http://www.secureworks.com/research/tools/truman.html
16. VMware. http://www.vmware.com/
17. Sourceforge, "Tripwire." http://www.sourceforge.net/projects/ trip wire/
18. SANS, 'The top cyber security risks." http://www.sans.org/top-cyber- security-risks/
19. OWAPS, "2007 OWASP top 10 most critical Web application security vulnerabilities." http://www.owasp.org/images/f/fb/OWASP-Top-10-2007-v6.ppt
20. T.C.S. Nanda, "Execution trace-driven automated attack signature generation," Computer Security Applications Coference 2008, Dec. 2008.