Combinatorial methods for dynamic gray‐box SQL injection testing

Garn, Bernhard; Zivanovic, Jovan; Leithner, Manuel; Simos, Dimitris E.

doi:10.1002/stvr.1826

Cited by 8 publications

(1 citation statement)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Here are some common threats to web servers: DDoS Attacks: Distributed Denial of Service attacks aim to flood the server with unnecessary requests, overloading its capacity and making it unavailable to legitimate users [17], [18]. SQL Injection: Attackers manipulate a site's database by inputting malicious SQL statements in input fields, potentially leading to unauthorized viewing of data, corrupting or deleting data, and other malicious activities [19], [20]. Cross-Site Scripting (XSS): This occurs when malicious scripts are injected into web pages viewed by users.…”

Section: Web Servermentioning

confidence: 99%

Model Design of Intrusion Detection System on Web Server Using Machine Learning Based

Tedyyana,

Ghazali,

Purbo

2024

Proceedings of the 11th International Applied Business and Engineering Conference, ABEC 2023, September 21st, 2023, Bengkalis,

View full text Add to dashboard Cite

In the current era of information technology development, web server security has become a primary concern in maintaining data integrity, confidentiality, and availability. With the emergence of increasingly complex and evolving cyber threats, Intrusion Detection Systems (IDS) play a crucial role in addressing these challenges. In this research, we propose an innovative approach to enhance web server security by implementing an Intrusion Detection System empowered with Machine Learning Algorithms. In the pursuit of enhancing web server security, this research delves into designing an Intrusion Detection System (IDS) empowered by Machine Learning (ML). The foundation of this approach hinges on transparent public datasets, subjected to intensive pre-processing steps such as data cleaning, normalization, and feature selection. After refining, the data steers ML algorithms to discern potential cyber threats from standard patterns. The novel ML-based IDS showcases an ability superior to traditional systems, with the prowess to differentiate between benign and malicious activities. A salient feature of this IDS is its real-time alert mechanism on Telegram, ensuring immediate notification to security teams upon potential breach detection. Comparative results accentuate the model's enhanced accuracy and a significant reduction in false alarms. This study substantiates the utility of ML in elevating cybersecurity measures and paves the way for deeper investigations into advanced web server protective mechanisms.

show abstract

Section: Web Servermentioning

confidence: 99%

Model Design of Intrusion Detection System on Web Server Using Machine Learning Based

Tedyyana,

Ghazali,

Purbo

2024

Proceedings of the 11th International Applied Business and Engineering Conference, ABEC 2023, September 21st, 2023, Bengkalis,

View full text Add to dashboard Cite

show abstract

Boosting Multimode Ruling in DHR Architecture With Metamorphic Relations

Li,

Kong,

Guo

et al. 2024

Software Testing Verif & Rel

View full text Add to dashboard Cite

The DHR architecture provides a revolutionary security defense structure for cyberspace. The multimode ruling in DHR is expected to alleviate the oracle problem, which still suffers from the existence of common model vulnerability. In this work, we design a test segmentation method to transform multimode ruling to a metamorphic testing problem. The text test input that causes inconsistency of heterogeneous executors is converted to a condition set, and we extract subsets of conditions based on its syntax tree. The original test can exploit a specific vulnerability, the follow‐up tests are composed by different subsets of conditions within the original test. We collect the execution matrix for the follow‐up tests to analyse the impact of each subset of conditions on ruling decision. Metamorphic relations are extracted based on the localization of independent condition, that is, the subsets of conditions that can impact ruling decision independently. The executors in an inconsistent ruling should be examined with metamorphic testing methods, rather than traditional majority voting mechanism. The proposed test segmentation and improved multimode ruling methods are evaluated on two DHR‐based cases, SQL injection in cyber‐range system and deserialization attack in ‐ project. The experimental results show that our test segmentation can help to locate malicious expressions and the metamorphic testing‐based multimode ruling can generate more correct results than majority voting mechanism with an average 15.8% performance loss.

show abstract

Towards Dynamic Capture-The-Flag Training Environments For Reinforcement Learning Offensive Security Agents

Chetwyn

Erdődi

2022

2022 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

Combinatorial methods for dynamic gray‐box SQL injection testing

Cited by 8 publications

References 51 publications

Model Design of Intrusion Detection System on Web Server Using Machine Learning Based

Model Design of Intrusion Detection System on Web Server Using Machine Learning Based

Boosting Multimode Ruling in DHR Architecture With Metamorphic Relations

Towards Dynamic Capture-The-Flag Training Environments For Reinforcement Learning Offensive Security Agents

Contact Info

Product

Resources

About