著者
中里 純二 班 涛 島村 隼平 衛藤 将史 井上 大介 中尾 康二
出版者
一般社団法人電子情報通信学会
雑誌
電子情報通信学会技術研究報告. ICSS, 情報通信システムセキュリティ (ISSN:09135685)
巻号頁・発行日
vol.113, no.502, pp.101-106, 2014-03-20

スパムメール本文を用いた特徴分析では,スパムメールの目的や攻撃活動(キャンペーン)の違いにより特徴が変化する.そこで,キャンペーンなどに影響を受けない新たな分析手法として,メールヘッダ内に記載されている転送経路に着目したスパムメール分析を行う.複数のスパムメールの転送経路情報を利用する事で,確度の高い分析を行う事が可能となる.本論文では,スパムメール関連ホストの状態をNICTERで収集しているスパムメールと大規模ダークネット観測を用いた分析を行う.複数のスパムメールから抽出した転送経路とダークネットトラフィックを突合する事で,ボットなどによるスパム送信ホストやリレーサーバの存在を明らかにする.
著者
西田 雅太 星澤 裕二 笠間 貴弘 衛藤 将史 井上 大介 中尾 康二
出版者
一般社団法人情報処理学会
雑誌
研究報告マルチメディア通信と分散処理(DPS) (ISSN:09196072)
巻号頁・発行日
vol.2014, no.21, pp.1-7, 2014-02-27

近年増加しているドライブバイダウンロード攻撃では,JavaScript を介して攻撃を行うものがあり,悪意のある JavaScript を検出する手法が希求されている.本稿では,難読化が施された JavaScript の文字出現頻度が一般の JavaScript とは異なる傾向があることに着目し,スクリプトの文字出現頻度を機械学習のパラメータとすることで,悪意のある難読化スクリプトを検出する手法を提案する.また提案手法の検証として,一般サイトの JavaScript と MWS データセット内の D3M 攻撃通信データの JavaScript を入力として学習した結果を示す.Today the number of Drive-by-Download attacks using JavaScript has increased. Therefore we need an efficient method to detect malicious JavaScript. In this paper, we focus our attention on a bias of character frequency of obfuscated malicious JavaScript. We will propose the use of machine learning with character frequency to detect obfuscated malicious JavaScript. This paper will also evaluate the proposed method by using various JavaScript in benign web sites and D3M pcap of MWS dataset.
著者
イスマイル オマル 衛藤 将史 門林 雄基 山口 英
出版者
一般社団法人電子情報通信学会
雑誌
電子情報通信学会技術研究報告. IA, インターネットアーキテクチャ (ISSN:09135685)
巻号頁・発行日
vol.104, no.554, pp.7-13, 2005-01-12

Cross-Site Scripting (XSS) is caused by the failure of Web applications to properly validate user input before returning it to the client's Web browser. Although some approaches exist for defending against XSS attacks, XSS vulnerabilities continue to appear in Web applications. These weaknesses, which often resulted from poorly developed Web applications and data processing systems, allow attackers to embed maliciuos HTML-based contents, such as Java Scripts, within HTTP requests or response messages. Through embedding HTML code and scripting elements, it is possible to steal session ID information, thus resulting in the leakage of private information. The classic XSS attack involves social engineering to trick the victims to click on a link with embedded scripts created by attackers. The victims do not necessarily have to click on a link. XSS code can also be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags, etc., We call this the "one-way XSS attack". We propose a system that not only detects and collects XSS attack-related information but also identifies the potential XSS attack codes. This system detects and, more importantly identifies new types of XSS attacks by manipulating HTTP server response. The system also shares collected vulnerability information via a central repository.
著者
イスマイル オマル 衛藤 将史 門林 雄基 山口 英
出版者
一般社団法人電子情報通信学会
雑誌
電子情報通信学会技術研究報告. MoMuC, モバイルマルチメディア通信 (ISSN:09135685)
巻号頁・発行日
vol.104, no.553, pp.7-13, 2005-01-12

Cross-Site Scripting (XSS) is caused by the failure of Web applications to properly validate user input before returning it to the client's Web browser. Although some approaches exist for defending against XSS attacks, XSS vulnerabilities continue to appear in Web applications. These weaknesses, which often resulted from poorly developed Web applications and data processing systems, allow attackers to embed maliciuos HTML-based contents, such as JavaScripts, within HTTP requests or response messages. Through embedding HTML code and scripting elements, it is possible to steal session ID information, thus resulting in the leakage of private information. The classic XSS attack involves social engineering to trick the victims to click on a link with embedded scripts created by attackers. The victims do not necessarily have to click on a link. XSS code can also be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags, etc, . We call this the "one-way XSS attack". We propose a system that not only detects and collects XSS attack-related information but also identifies the potential XSS attack codes. This system detects and, more importantly identifies new types of XSS attacks by manipulating HTTP server response. The system also shares collected vulnerability information via a central repository.
著者
オマル イスマイル 衛藤 将史 門林 雄基 山口 英
出版者
一般社団法人情報処理学会
雑誌
情報処理学会研究報告インターネットと運用技術(IOT) (ISSN:09196072)
巻号頁・発行日
vol.2005, no.2, pp.7-13, 2005-01-19

Cross-Site Script (XSS) is caused by the failure of Web applications to properly validate user input before returning it to the client's Web browser. Although some approaches exist for defending against XSS attacks XSS vulnerabilities continue to appear in Web applications. These weaknesses which often resulted from poorly developed Web applications and data processing system allow attackers to embed maliciuos HTML-based contents such as Javascripts within HTTP requests pr response messages. Through embedding HTML code and scripting elements it is possible to steal session ID information thus reslting in the leakage of private information. The classic XSS attack involves social engineering to trick the victims to click on a link with embedded scripts created by attackers. The victims do not necessarily have to click on a link. XSS code can also be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags ets We call this the "one-way XSS attack". We propose a system that not only detects and collects XSS attack-related information but also identifies the potential XSS attack codes. This system detects and more importantly identifies new types of XSS attacks by manipulating HTTP server response. The system also shares collected vulnerability information via a central repository.Cross-Site Script (XSS) is caused by the failure of Web applications to properly validate user input before returning it to the client's Web browser. Although some approaches exist for defending against XSS attacks, XSS vulnerabilities continue to appear in Web applications. These weaknesses, which often resulted from poorly developed Web applications and data processing system, allow attackers to embed maliciuos HTML-based contents, such as Javascripts, within HTTP requests pr response messages. Through embedding HTML code and scripting elements, it is possible to steal session ID information, thus reslting in the leakage of private information. The classic XSS attack involves social engineering to trick the victims to click on a link with embedded scripts created by attackers. The victims do not necessarily have to click on a link. XSS code can also be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags, ets, We call this the "one-way XSS attack". We propose a system that not only detects and collects XSS attack-related information but also identifies the potential XSS attack codes. This system detects and, more importantly identifies new types of XSS attacks by manipulating HTTP server response. The system also shares collected vulnerability information via a central repository.