WAF Signature Generation with Real-Time Information on the Web

Kumazaki, Masahito; Yamaguchi, Yukiko; Shimada, Hajime; Hasegawa, Hirokazu

Home // SECURWARE 2020, The Fourteenth International Conference on Emerging Security Information, Systems and Technologies // View article

WAF Signature Generation with Real-Time Information on the Web

Authors:
Masahito Kumazaki
Yukiko Yamaguchi
Hajime Shimada
Hirokazu Hasegawa

Keywords: Web Application Firewall(WAF); Zero-day Attack; Vulnerability Information; Real-time Information.

Abstract:
Zero-day attacks and attacks based on publicly disclosed vulnerability information are one of the major threats in network security. To cope with such attacks, it is important to collect related information and deal with vulnerabilities as soon as possible. Therefore, we propose a system that collects vulnerability information related to Web applications from real-time information on the Web and generates Web Application Firewall (WAF) signatures. In this paper, at first, we collected vulnerability information containing the specified keyword from the National Vulnerability Database (NVD) data feed and generated WAF signatures automatically. Then, we confirmed the possibility of WAF signature generation from one tweet. Finally, we extracted tweets that may contain vulnerability information and labeled them according to the filtering algorithm. From these results, we could prove the efficiency of the proposed system.

Pages: 40 to 45

Copyright: Copyright (c) IARIA, 2020

Publication date: November 21, 2020

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-821-1

Location: Valencia, Spain

Dates: from November 21, 2020 to November 25, 2020