Detecting attacks against data in web applications

Ludinard, Romaric; Totel, Éric; Tronel, Frédéric; Nicomette, Vincent; Kaâniche, Mohamed; Alata, Éric; Akrout, R.; Bachy, Yann

doi:10.1109/crisis.2012.6378943

Cited by 15 publications

(10 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach is based on the automatic generation of invariants that are discovered during a learning phase and verified during the execution of the application. The paper extends the results presented in (Ludinard et al, 2012) by providing more details about the implementation of the approach and the generation of the invariants. First Section State of the Art presents previous work about intrusion detection that can be applied in the context of web applications.…”

mentioning

confidence: 60%

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

Ludinard

Totel

Tronel

et al. 2014

International Journal of Secure Software Engineering

Self Cite

View full text Add to dashboard Cite

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

show abstract

mentioning

confidence: 60%

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

Ludinard

Totel

Tronel

et al. 2014

International Journal of Secure Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…This model successfullydetects SQL injection attacks but miss the mark for XSS attacks. [13] Large research has been done on IDS for SQL injection and XSS using various platforms like Perl, Ruby on rails, etc. but no IDS is perfectly secure.…”

Section: Literature Surveymentioning

confidence: 99%

A novel approach for detection of SQL injection and cross site scripting attacks

Sonewar

Mhetre

2015

2015 International Conference on Pervasive Computing (ICPC)

View full text Add to dashboard Cite

Web applications provide vast category of functionalities and usefulness. As more and more sensitive data is available over the internet hackers are becoming more interested in such data revealing which can cause massive damage. SQL injection is one of such attacks. This attack can be used to infiltrate the database of any web application that may lead to alteration of database or disclosing important information. Cross site scripting is one more attack in which attacker obfuscates the input given to the web application that may lead to changes in view of the web page. Three tier web applications can be categorized statically and dynamically for detecting and preventing these types of attacks. Mapping model in which requests are mapped on queries can be used effectively to detect such kind of attacks and prevention logic can be applied.

show abstract

“…For this category of IDS, IDS is distinguished into three approaches that have different levels of analysis: a "Black box", "Gray box" and "White box" approach. Each one is based on the type of information available to construct the reference model of application [13][14][15][16][17][18][19].…”

Section: Anomaly-based Intrusion Detection Systemsmentioning

confidence: 99%

“…In "White Box" approaches, the information in the code source of the program is used to build a pattern or a model of intrusion detection at the application level. This approach can be used to detect both attacks against the control flow of the application and attacks against the data [18][19].…”

Section:  Gray Boxmentioning

confidence: 99%

Web Application Attacks Detection: A Survey and Classification

Moussaid¹,

Toumanari²

2014

IJCA

View full text Add to dashboard Cite

The number of attacks is increasing day by day, especially the web attacks due to the shift of the majority of companies towards web applications. Therefore, the security of their sensitive data against attackers becomes a crucial matter for all organization and companies. Thus the necessity to use intrusion detection systems are required in order to increases the protection and prevent attackers from exploiting these data in illegal way. In this paper we begin by giving a survey of web application attacks and vulnerabilities, also approaches to improve the web application security using intrusion detection systems and scanners based on machine learning and artificial intelligence. When it comes to vulnerability, it is also an attack which exploits this vulnerability; therefore our paper presents web intrusion detection system based on detection of web vulnerabilities. Experimental results have been acquired from HTTP simulations in our network and from responses of HTTP requests sent to a bunch of websites and applications to test the efficiency of our intrusion detection system. This efficiency can be noticed from a High detection rate which is greater than 90%.

show abstract

Detecting attacks against data in web applications

Cited by 15 publications

References 13 publications

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

A novel approach for detection of SQL injection and cross site scripting attacks

Web Application Attacks Detection: A Survey and Classification

Contact Info

Product

Resources

About