Seyed Ali Mirheidari scite author profile

Jalili

2013

Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. To reach these goals, many algorithms have been introduced in the world with many advantages and disadvantages. In this paper, we are trying to present a comprehensive survey on already proposed alert correlation algorithms. The approach of this survey is mainly focused on algorithms in correlation engines which can work in enterprise and practical networks. Having this aim in mind, many features related to accuracy, functionality, and computation power are introduced and all algorithm categories are assessed with these features. The result of this survey shows that each category of algorithms has its own strengths and an ideal correlation frameworks should be carried the strength feature of each category.

Performance Evaluation of Shared Hosting Security Methods

Khoshkdahan³

2012

Shared hosting is a kind of web hosting in which multiple websites reside on one webserver. It is cost-effective and makes the administration easier for websites' owners. However, shared hosting has some performance and security issues. In default shared hosting configuration, all websites' scripts are executed under the webserver's user account regardless of their owners. Therefore, a website is able to access other websites' resources. This security problem arises from lack of proper isolation between different websites hosted on the same webserver. In this survey, we have examined different methods for handling mentioned security issue. Also we evaluated the performance of mentioned methods.Finally, we evaluated performance of these methods with various configurations.

Large-Scale Analysis of Style Injection by Relative Path Overwrite

Lauinger

et al. 2018

Relative Path Overwrite (RPO) is a recent technique to inject style directives into sites even when no style sink or markup injection vulnerability is present. It exploits differences in how browsers and web servers interpret relative paths (i.e., path confusion) to make a HTML page reference itself as a stylesheet; a simple text injection vulnerability along with browsers' leniency in parsing CSS resources results in an attacker's ability to inject style directives that will be interpreted by the browser. Even though style injection may appear less serious a threat than script injection, it has been shown that it enables a range of attacks, including secret exfiltration.In this paper, we present the first large-scale study of the Web to measure the prevalence and significance of style injection using RPO. Our work shows that around 9 % of the sites in the Alexa Top 10,000 contain at least one vulnerable page, out of which more than one third can be exploited. We analyze in detail various impediments to successful exploitation, and make recommendations for remediation. In contrast to script injection, relatively simple countermeasures exist to mitigate style injection. However, there appears to be little awareness of this attack vector as evidenced by a range of popular Content Management Systems (CMSes) that we found to be exploitable.

A Comprehensive Approach to Abusing Locality in Shared Web Hosting Servers

Khoshkdahan³

et al. 2013

with the growing of network technology along with the need of human for social interaction, using websites nowadays becomes critically important which leads in the increasing number of websites and servers. One popular solution for managing these large numbers of websites is using shared web hosting servers in order to decrease the overall cost of server maintenance. Despite affordability, this solution is insecure and risky according to high amount of reported defaces and attacks during recent years. In this paper, we introduce top ten most common attacks in shared web hosting servers which can occur because of the nature and bad configuration in these servers. Moreover, we present several simple scenarios that are capable of penetrating these kinds of servers even with the existence of several securing mechanisms. Finally, we provide a comprehensive secure configuration for confronting these attacks.

You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures

Innocenti

Kharraz

et al. 2021