A survey of attacks on web services

Jensen, Meiko; Gruschka, Nils; Herkenhöner, Ralph

doi:10.1007/s00450-009-0092-6

Cited by 100 publications

(81 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Even if proactive recovery can eliminate some unknown attacks like zero-day attacks periodically [28], stealth resource exhaustion attacks like an application-layer DDoS directly causes the performance degradation, and they cannot be tolerated easily by existing proactive recovery or reactive recovery which use the signature based intrusion detection. However, since such attacks could interrupt services seriously or damage the performance of the system by exhausting system resources [29], they can be noticed easily by the resource monitoring.…”

Section: Reactive Recovery With Cpu Utilizationmentioning

confidence: 99%

Hybrid Recovery-Based Intrusion Tolerant System for Practical Cyber-Defense

Jang

Doo

Lee

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYDue to the periodic recovery of virtual machines regardless of whether malicious intrusions exist, proactive recovery-based Intrusion Tolerant Systems (ITSs) are being considered for mission-critical applications. However, the virtual replicas can easily be exposed to attacks during their working period, and additionally, proactive recoverybased ITSs are ineffective in eliminating the vulnerability of exposure time, which is closely related to service availability. To address these problems, we propose a novel hybrid recovery-based ITS in this paper. The proposed method utilizes availability-driven recovery and dynamic cluster resizing. The availability-driven recovery method operates the recovery process by both proactive and reactive ways for the system to gain shorter exposure times and higher success rates. The dynamic cluster resizing method reduces the overhead of the system that occurs from dynamic workload fluctuations. The performance of the proposed ITS with various synthetic and real workloads using CloudSim showed that it guarantees higher availability and reliability of the system, even under malicious intrusions such as DDoS attacks. key words: intrusion tolerant system (ITS), hybrid recovery, availabilitydriven recovery, dynamic cluster resizing, mission-critical application

show abstract

Section: Reactive Recovery With Cpu Utilizationmentioning

confidence: 99%

Hybrid Recovery-Based Intrusion Tolerant System for Practical Cyber-Defense

Jang

Doo

Lee

et al. 2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…Furthermore, several vulnerabilities in Web Services (WS) technologies [24], [25], [35] that exploit the XML verbosity and the complex parsing process of the SOAP message body are available. For example, the processing of a large number of name-space declarations, oversize prefix names or name-space URIs, and very deeply nested XML structures/tags), can exhaust most of the computational resources of the target systems (mainly CPU and memory) according to a technique known as coercive parsing.…”

Section: Processing Power Exhaustion Dosesmentioning

confidence: 99%

Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

Palmieri

Ricciardi

Fiore³

et al. 2014

J Supercomput

View full text Add to dashboard Cite

This work analyzes a new and very subtle kind of security threat that can affect large scale cloudbased IT service infrastructures, by exploiting the computational resources of their component data center in order to waste as much energy as possible. The consequence of these threats range from increased costs in the energy bill, to penalization for exceeding the agreed quantity of green house gases (GHG) emissions, up to complete denial of service caused by electrical outages due to power budget exhaustion.We analyzed the different types of such attacks with their potential impacts on the energy consumption, modeled their behavior and quantified how current energyproportional technologies may provide attackers with great opportunities for raising the target facility emissions and costs. These efforts resulted in a simple model with some parametric reference values that can be used to estimate the impact of such attacks also in presence of very large infrastructures containing thousands or

show abstract

“…We have not identified any particular area of web security research that would be unique or more important in EM, and would not be covered in a generalist web security review paper. An excellent effort to formalise and categorise web security has been recently presented in [45] and a survey of current threats can be found in [46].…”

Section: World Wide Web (Www)mentioning

confidence: 99%

“…Malware infection of on board computers [113] Hijacked control of locks, brakes and engine Malware detection [113] GPS Spoofing [50,117] Artificial traffic jam caused Signal analysis [51][52][53] Web-based immobilisation hijacked [114] Cars immobilised remotely and simultaneously Web security literature [46] GPS Spoofing [50,117] Unmanned vehicle redirected [117,118] Signal analysis [51][52][53] Gain-scheduling attack [117] Control stability affected [117] No known solutions…”

Section: Manned Vehiclesmentioning

confidence: 99%

A Review of Cyber Threats and Defence Approaches in Emergency Management

2013

View full text Add to dashboard Cite

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency management. Accidental failures have been extensively documented in the past and significant effort has been put into the development and introduction of more resilient technologies. At the same time researchers have been raising concerns about the potential of cyber attacks to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. Here, we provide a review of current research on the cyber threats to communication, sensing, information management and vehicular technologies used in emergency management. We emphasise on open issues for research, which are the cyber threats that have the potential to affect emergency management severely and for which solutions have not yet been proposed in the literature.

show abstract

A survey of attacks on web services

Cited by 100 publications

References 9 publications

Hybrid Recovery-Based Intrusion Tolerant System for Practical Cyber-Defense

Hybrid Recovery-Based Intrusion Tolerant System for Practical Cyber-Defense

Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

A Review of Cyber Threats and Defence Approaches in Emergency Management

Contact Info

Product

Resources

About