Baskoro Adi Pratomo scite author profile

Attackers are most likely to exploit invalidated and unsanitized user input with several attacks such as cross-site scripting (XSS) or SQLinjection. Many methods were proposed to prevent those attacks. Some of them were created to learn about pattern and behavior of the attacker. That is honeypot.Honeypot is classified into two types based on the simulation that honeypot can do : low interaction and high interaction.In this paper, we propose a low-interaction honeypot for emulating vulnerabilities that can be exploited using XSS and SQL injection attacks. But this honeypot not only records attacker's request, but also try to expose attacker identity by using some browser exploitation techniques. Some attackers would use techniques to hide their identity, thus they couldn't be tracked. Our proposed honeypot was trying to overcome this problem by giving them malicious JavaScript codes. The malicious JavaScript codes will be run when an attacker open the honeypot's website.We have conducted several test to see how our honeypot's performance. Our honeypot could catch more useful information about the HTTP request than popular web-based honeypot, Glastopf. Moreover, there were attacker's social media accounts caught by using LikeJacking technique although they might have used proxy or TOR to hide their identity.Web applications are often become the main target of attacks. A survey conducted by Open Web Application Security Project (OW ASP) have launched several common attacks aimed at web applications [1]. Some top attacks recorded were XSS and SQL injection. SQL injection is performed by exploiting weaknesses in web applications that do not perform validation and sanitation in the input data. Th is kind of web applications vulnerability makes some parties initiate the creation of a system that is specifically designed to observe the behavior of cracker. The system is then known as ahoneypot.A honey pot is a system created to emulate service that runs on a server to observe the pattern of attacks. In general, honeypot is divided into two types based on the level of interaction with attacker, namely high-interaction and low interaction honey pot [2]. Low-interaction honeypot has a limited level of interaction because it only emulates a particular service on a system In contrast, high -interaction 978-1-4799-6432-1/14/$31.00 ©2014 IEEE honeypot has a high level of interaction because it uses the actual systems and services to be accessed by crackers. This leads high-interaction honeypot has higher risk when compared with low-interaction one. By studying the patterns of attack, the protection of production systems can be formulated.

show abstract

SQL injection detection and prevention system with raspberry Pi honeypot cluster for trapping attacker

Djanali

Arunanto

Pratomo

et al. 2014

View full text Add to dashboard Cite

One of the most common security attack for web application is SQL injection. It is an attack to acquire access to application's database through injection of script or malicious query attributes. This attack can be executed in any page of web application which interacts with database. SQL injection could be more dangerous if the victim was an enterprise system such as online banking. Many methods have been researched and developed to prevent SQL injection attacks. One of them is the use of a honeypot. This paper proposed a method for increasing system's capability to detect and prevent SQL injection attacks based on removal of SQL query attribute values and honeypot for trapping attackers. A honeypot is placed as decoy system to hide actual web server from attacker.Malicious queries from attackers will be sent to honeypot while normal queries will be sent directly to the real web server. Honeypot is also used to provide activity logging of each attack which can be used for further analysis. We play with Raspberry Pi because it is cheap and effective to be used as a honeypot. Due to its limited computational ability, we make cluster to improve its power. Based on conducted experiments, we could achieve up to 64% accuracy of SQL injection attack. Moreover, with the redirection, our honeypot could get more attack data to be analyzed.

show abstract

BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks

Pratomo

Burnap

Theodorakopoulos

2020

Security and Communication Networks

View full text Add to dashboard Cite

Detecting exploits is crucial since the effect of undetected ones can be devastating. Identifying their presence on the network allows us to respond and block their malicious payload before they cause damage to the system. Inspecting the payload of network traffic may offer better performance in detecting exploits as they tend to hide their presence and behave similarly to legitimate traffic. Previous works on deep packet inspection for detecting malicious traffic regularly read the full length of application layer messages. As the length varies, longer messages will take more time to analyse, during which time the attack creates a disruptive impact on the system. Hence, we propose a novel early exploit detection mechanism that scans network traffic, reading only 35.21% of application layer messages to predict malicious traffic while retaining a 97.57% detection rate and a 1.93% false positive rate. Our recurrent neural network- (RNN-) based model is the first work to our knowledge that provides early prediction of malicious application layer messages, thus detecting a potential attack earlier than other state-of-the-art approaches and enabling a form of early warning system.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.