Cyber Attack Detection/Triage Technologies for Web Servers
To handle cyber attacks against Web servers, NTT SPL is conducting research and development of technologies to detect unknown attacks (zero-day attacks) that cannot be detected by existing security appliances and technologies to evaluate alert severity by analyzing its impact.
Zero-day attack detection technology that determines anomaly HTTP request as malicious.
Alert triage technology that determines whether an attack was successful or not by correlating a security appliance alert with system events or HTTP request/response data.
Yang Zhong, Hiroshi Asakura, Hiroki Takakura, Yoshihito Oshima, "An Anomaly Detection Method for Parameter Manipulation Attacks to Web Application", Computer Security Symposium 2014 (CSS2014)
Yang Zhong, Hiroshi Asakura, Hiroki Takakura, Yoshihito Oshima, "Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences", Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual
Yang Zhong, Hiroshi Asakura, Masaki Tanikawa, Yoshihito Oshima, "A Log Correlation Method to Identify the Target and the Effect of Web Attacks", Computer Security Symposium 2015 (CSS2015)
Yang Zhong, Masaki Tanikawa, Yoshihito Oshima, "An Accurate Event Correlation Method for Identifying Influence of Web Attacks", 2016 Symposium on Cryptography and Information Security (SCIS2016)
Yang Zhong, Tohru, Sato, Masaki Tanikawa, "A Host based Intrusion Detection Method for Identifying Effective Web Attacks", Computer Security Symposium 2016(CSS2016)
Yang Zhong, Tohru, Sato, Masaki Tanikawa, "Towards Reducing False Positives of Host based Intrusion Detection by Static Code Analysis of Web Applications", IEICE Technical Report 116(522)
Yang Zhong, Kazufumi Aoki, Jun Miyoshi, Hajime Shimada, Hiroki Takakura, "AVT Lite: Detection Successful Web Attacks based-on Attack Code Emulation", Computer Security Symposium 2017(CSS2017)
Yo Kanemoto, Kazufumi Aoki, Makoto Iwamura, Jun Miyoshi, Daisuke Kotani, Hiroki Takakura, Yasuo Okabe, "Detecting Successful Attacks Based on Emulation of Remote Shellcodes", Computer Security Symposium 2018(CSS2018)