pSigene: Webcrawling to Generalize SQL Injection Signatures

Howard, Gaspar Modelo; Gutierrez, Christopher; Arshad, Fahad A.; Bagchi, Saurabh; Qin, Yuan

doi:10.1109/dsn.2014.21

Cited by 12 publications

(9 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…On the other hand, we simply expect to obtain as many malicious queries as possible to update the WAF signature library. Signature generation is outside our subject, which commonly uses regular expressions [34].…”

Section: Constant Detectionmentioning

confidence: 99%

An adaptive system for detecting malicious queries in web attacks

Dong

Zhang

et al. 2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Web request query strings (queries), which pass parameters to the referenced resource, are always manipulated by attackers to retrieve sensitive data and even take full control of victim web servers and web applications. However, existing malicious query detection approaches in the current literature cannot cope with changing web attacks with constant detection models. In this paper, we propose AMODS, an adaptive system that periodically updates the detection model to detect the latest unknown attacks. We also propose an adaptive learning strategy, called SVM HYBRID, leveraged by our system to minimize manual work. In the evaluation, an up-to-date detection model is trained on a ten-day query dataset collected from an academic institute's web server logs. Our system outperforms existing web attack detection methods, with an F-value of 94.79% and FP rate of 0.09%. The total number of malicious queries obtained by SVM HYBRID is 2.78 times that by the popular Support Vector Machine Adaptive Learning (SVM AL) method. The malicious queries obtained can be used to update the Web Application Firewall (WAF) signature library.

show abstract

Section: Constant Detectionmentioning

confidence: 99%

An adaptive system for detecting malicious queries in web attacks

Dong

Zhang

et al. 2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…PSigene es un sistema para la detección de intrusos [IDS] que recopila y genera automáticamente firmas generales de las peticiones benignas y maliciosas (Howard, Gutierrez, Arshad, Bagchi, & Qi, 2014). El estudio se enfocó en los ataques SQLi e inició con la descarga de la información de distintos portales de ciberseguridad -Security Focus, Exploit Database, PacketStorm Security y Open Source Vulnerability Database, entre otros-y obtención de un total de 30.000 ejemplos de ataques SQLi y 240.000 ejemplos de tráfico benigno HTTP.…”

Section: Trabajos Para El Control Del Web Defacementunclassified

Antidefacement

et al. 2016

View full text Add to dashboard Cite

Internet connects around three billions of users worldwide, a number increasing every day. Thanks to this technology, people, companies and devices perform several tasks, such as information broadcasting through websites. Because of the large volumes of sensitive information and the lack of security in the websites, the number of attacks on these applications has been increasing significantly. Attacks on websites have different purposes, one of these is the introduction of unauthorized modifications (defacement). Defacement is an issue which involves impacts on both, system users and company image, thus, the researchers community has been working on solutions to reduce security risks. This paper presents an introduction to the state of the art about techniques, methodologies and solutions proposed by both, the researchers community and the computer security industry.

show abstract

“…Two approaches exist to detect attacks to web applications: signature based detection and anomaly based detection. Signature based detection methods [1]- [3] extract features of attack payloads as signatures, i.e., signatures represent byte sequences of malicious HTTP requests. HTTP requests that match the signatures are detected as attacks.…”

Section: Introductionmentioning

confidence: 99%

Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences

Zhong

Asakura

Takakura

et al. 2015

2015 IEEE 39th Annual Computer Software and Applications Conference

View full text Add to dashboard Cite

Web attacks that exploit vulnerabilities of web applications are still major problems. The number of attacks that maliciously manipulate parameters of web applications such as SQL injections and command injections is increasing nowadays. Anomaly detection is effective for detecting these attacks, particularly in the case of unknown attacks. However, existing anomaly detection methods often raise false alarms with normal requests whose parameters differ slightly from those of learning data because they perform strict feature matching between characters appeared as parameter values and those of normal profiles. We propose a novel anomaly detection method using the abstract structure of parameter values as features of normal profiles in this paper. The results of experiments show that our approach reduced the false positive rate more than existing methods with a comparable detection rate. 2

show abstract

pSigene: Webcrawling to Generalize SQL Injection Signatures

Cited by 12 publications

References 10 publications

An adaptive system for detecting malicious queries in web attacks

An adaptive system for detecting malicious queries in web attacks

Antidefacement

Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences

Contact Info

Product

Resources

About