Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences

Zhong, Yang; Asakura, H.; Takakura, Hiroki; Oshima, Yoshifumi

doi:10.1109/compsac.2015.73

Cited by 6 publications

(14 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Garcia-Teodoro et al [22] represented the normal behaviors of a service by Markov models, aiming to generate HTTP intrusion signatures for Network Intrusion Detection Systems (NIDS). Soon, Zhong et al [23] used Markov models whose inputs are each character of parameter values in normal payloads to build the normal profile. Earlier works, such as HMM-Payl [24], made similar use of Markov models.…”

Section: Constant Detectionmentioning

confidence: 99%

An adaptive system for detecting malicious queries in web attacks

Dong

Zhang

et al. 2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Web request query strings (queries), which pass parameters to the referenced resource, are always manipulated by attackers to retrieve sensitive data and even take full control of victim web servers and web applications. However, existing malicious query detection approaches in the current literature cannot cope with changing web attacks with constant detection models. In this paper, we propose AMODS, an adaptive system that periodically updates the detection model to detect the latest unknown attacks. We also propose an adaptive learning strategy, called SVM HYBRID, leveraged by our system to minimize manual work. In the evaluation, an up-to-date detection model is trained on a ten-day query dataset collected from an academic institute's web server logs. Our system outperforms existing web attack detection methods, with an F-value of 94.79% and FP rate of 0.09%. The total number of malicious queries obtained by SVM HYBRID is 2.78 times that by the popular Support Vector Machine Adaptive Learning (SVM AL) method. The malicious queries obtained can be used to update the Web Application Firewall (WAF) signature library.

show abstract

Section: Constant Detectionmentioning

confidence: 99%

An adaptive system for detecting malicious queries in web attacks

Dong

Zhang

et al. 2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…Existen distintas técnicas, metodologías y sistemas para la detección de ataques que generan defacement en una página web; como técnicas se encuentran el análisis dinámico, estático y la utilización de la inteligencia artificial. Por otra parte, existen diversas metodologías de trabajo en donde se describen las actividades para el análisis de ataques web (Bartoli, Davanzo, & Medvet, 2010;Zhong, Asakura, Takakura, & Oshima, 2015;Roesch, 1999). Adicionalmente, se han propuesto distintas soluciones como por ejemplo: Tripwire (Kim & Spafford, 1994), contenidos de políticas de seguridad (Stamm, Sterne, & Markham, 2010), IPVmon (IPVTec, 2014), StatusCake (Barnes, 2013), Socuri (2016), y Nagios (Aman, Yamashita, Sasaki, & Kawahara, 2014), entre otras.…”

Section: Sql Injectionunclassified

“…There are two approaches to the web applications attacks detection (Zhong et al, 2015): a technique is based on signatures in order to detect attacks from a database that contains several characteristics of the data transmitted from a malicious communication; the other is the technique of anomalies detection, which is composed of two phases: the first one is responsible to build a web page profile using different features extracted of the legimitate HTTP requests, and the second one is responsible to monitor and detect any anomaly into the requests with the profile previously created. Nevertheless, there are different techniques for the analysis on computer security , among these are: buenos resultados en el desarrollo de los axiomas con un mínimo de falsos positivos; y en la fase real PHP-Sensor se detectaron los catorce ataques controlados.…”

Section: Web Defacement Management Developmentmentioning

confidence: 99%

“…Existen dos enfoques para la detección de ataques a las aplicaciones web (Zhong et al, 2015): una técnica está basada en firmas, y su objetivo es detectar los ataques a partir de una base de datos que contiene distintas características de los datos transmitidos de una comunicación maliciosa; otras en la detección de anomalías, y está compuesta por dos fases, la primera se encarga de la construcción de un perfil de la página web a partir de distintas características extraídas de las peticiones legítimas HTTP, y la segunda de monitorear y detectar si hay alguna anomalía en las peticiones respecto del perfil creado. Por otra parte, existen distintas técnicas para el análisis en la seguridad de la computación , entre estas se encuentran:…”

Section: Trabajos Para El Control Del Web Defacementunclassified

“…There are several techniques, methods and systems for detecting attacks which leads for defacement on a website; such as dynamic and static analysis and the use of artificial intelligence. Furthermore, there are different work methodologies which describe the analysis of web attacks (Bartoli, Davanzo, & Medvet, 2010;Zhong, Asakura, Takakura, & Oshima, 2015;Roesch, 1999). In addition, many solutions have been proposed such as: Tripwire (Kim & Spafford, 1994), content security policy (Stamm, Sterne, & Markham, 2010), IPVmon (IPVTec, 2014), StatusCake (Barnes, 2013), Socuri (2016), and Nagios (Aman, Yamashita, Sasaki, & Kawahara, 2014), among others.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Antidefacement

et al. 2016

View full text Add to dashboard Cite

Internet connects around three billions of users worldwide, a number increasing every day. Thanks to this technology, people, companies and devices perform several tasks, such as information broadcasting through websites. Because of the large volumes of sensitive information and the lack of security in the websites, the number of attacks on these applications has been increasing significantly. Attacks on websites have different purposes, one of these is the introduction of unauthorized modifications (defacement). Defacement is an issue which involves impacts on both, system users and company image, thus, the researchers community has been working on solutions to reduce security risks. This paper presents an introduction to the state of the art about techniques, methodologies and solutions proposed by both, the researchers community and the computer security industry.

show abstract

Modeling Attackers Based on Heterogenous Graph through Malicious HTTP Requests

Luo

et al. 2021

2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD)

View full text Add to dashboard Cite

Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences

Cited by 6 publications

References 9 publications

An adaptive system for detecting malicious queries in web attacks

An adaptive system for detecting malicious queries in web attacks

Antidefacement

Modeling Attackers Based on Heterogenous Graph through Malicious HTTP Requests

Contact Info

Product

Resources

About