2005 Fiscal Year Final Research Report Summary
Security Scanning System with High Usability
Project/Area Number |
16500037
|
Research Category |
Grant-in-Aid for Scientific Research (C)
|
Allocation Type | Single-year Grants |
Section | 一般 |
Research Field |
Computer system/Network
|
Research Institution | Iwate Prefectural University |
Principal Investigator |
TAKATA Toyoo Iwate Prefectural University, Faculty of Software Information Science, Professor, ソフトウェア情報学部, 教授 (50216652)
|
Co-Investigator(Kenkyū-buntansha) |
BISTA Bhed Bahadur Iwate Prefectural University, Faculty of Software Information Science, Associate Professor, ソフトウェア情報学部, 助教授 (10305287)
KOUMOTO Takuya Okayama University, Faculty of Engineering, Lecturer, 大学院・自然科学研究科, 講師 (00336918)
|
Project Period (FY) |
2004 – 2005
|
Keywords | Network Security / Security Scanner / Usability / Vulnerability / Denial of Service / Web Security / Referrer Spam |
Research Abstract |
In this research, we study the following three themes in regard to network security. 1.Design and Implementation of Security Scanning System with High Usability To enhance usability, we adopt the following design criteria (1)to avoid the burden of installation and settings, it is desirable the scanner is network based and only web browser is needed for starting scanning and viewing the scanning result. (2)User interface is designed based on the latest study for physiological workload, (3)Scanning web sites are distributed in the Internet to avoid network delay. To attain this, we also consider portability of the scanning system. The first contribution of this research is to establish the above scanning system and to evaluate it through the operational experiment in a real environment. 2.Defense Scheme against Distributed Denial of Service Attack Web based system like the above is inherently vulnerable to the distributed denial of service (DDoS) attack that enormous packets are sent to the
… More
target host from many attacker hosts which reside in various places. The second result of this research is to propose a new defense scheme against DDoS attack. In the scheme, we utilize the characteristics that the attack packets spoof their source addresses to hide their identity and the attackers send a query of the target system's IP address before attack. The proposed scheme is a DoS packet filtering scheme by checking the source address of the incoming packets with DNS response. We implement the prototype system of the proposed scheme and evaluate the throughput efficiency. 3.Referrer Spam Attack Defense Scheme for a New Web Applications Recently, Weblog becomes very popular as a new web application. Accordingly, a new type of fraud, referrer spam, which exploits a feature of weblog that create a backlink to the referrer URL, to aim to induce innocent visitors to his/her web site. The third result of this research is to develop the referrer spam blocking system by utilizing baysian filter which is used for filtering spam mail. We implement the prototype system and evaluate its false positive/negative rate. Less
|
Research Products
(10 results)