CIDT: Detection of Malicious Code Injection Attacks on Web Application

Choudhary, Atul S.; Dhore, M. L.

doi:10.5120/8174-1493

Cited by 15 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By crafting incorrect malicious queries in the input parameter, the attacker can cause the database to return an error message that may contain information about the backend database [3]. This is also referred to as error-based injection.…”

Section: Illegal/logically Incorrect Queriesmentioning

confidence: 98%

Survey of Web Application Vulnerability Attacks

Al-Khurafi

AlAhmad

2015

2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT)

View full text Add to dashboard Cite

Web applications have become an essential part of our daily life. Since web applications contain valuable sensitive information, hackers try to find vulnerabilities and exploit them in order to impersonate the user, steal information, or sabotage the application. This paper illustrates in detail the most prevailing and harmful web application vulnerability attacks: SQL Injection, Broken Authentication and Session Management, and Cross-Site Scripting (XSS).

show abstract

Section: Illegal/logically Incorrect Queriesmentioning

confidence: 98%

Survey of Web Application Vulnerability Attacks

Al-Khurafi

AlAhmad

2015

2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT)

View full text Add to dashboard Cite

show abstract

“…Choudhary and Dhore [7] considered code injection attacks to be very fatal to Internet users and proposed a signature-based model to classify HTTP requests as either query-based or scripted and also detects the type of attack on the request if any. The proposed model consists of two main modules called query detector and script detector, which analyze the request independently.…”

Section: Related Workmentioning

confidence: 99%

Automatic Detection of HTTP Injection Attacks using Convolutional Neural Network and Deep Neural Network

Odumuyiwa

Chibueze

2021

JCSANDM

View full text Add to dashboard Cite

HTTP injection attacks are well known cyber security threats with fatal consequences. These attacks initiated by malicious entities (either human or computer) send dangerous or unsafe malicious contents into the parameters of HTTP requests. Combatting injection attacks demands for the development of Web Intrusion Detection Systems (WIDS). Common WIDS follow a rule-based approach or a signature-based approach which have the common problem of high false-positive rate (wrongly classifying malicious HTTP requests) hence making them restricted to only one type of web application. They are easily bypassed and unable to detect new kinds of malicious attacks as they lack a sufficient model of understanding the representations of HTTP request parameters. In this paper, deep learning techniques are used to develop models that would automatically detect injection attacks in HTTP requests. A special layer called the character embedding layer in the deep learning models is used to allow the learning of the representation of the request parameter of HTTP requests in higher abstract levels and also aid in learning the relationships between the characters of the request parameter. The experimentation results showed that with deep learning, better injection attack detection is possible and given the right dataset, a deep learning detection model would be able to correctly classify HTTP requests for any web application.

show abstract

“…McClure and Krüger [23] pointed that their approach is based on the object oriented programming. Their solution consists of an executable Sqldomgen which is executed against a database [24]. This is referred as a SQL domain object model (SQL).…”

Section: A Set Of Learning-based Approaches Has Been Proposedmentioning

confidence: 99%

“…In this approach every valid SQL statement is constructing using an object data model. Next, they obtain the schema of the database, and then iterate through the tables and columns contained in the schema and output number of files containing a strongly typed instances of the abstract object model [24].…”

Section: A Set Of Learning-based Approaches Has Been Proposedmentioning

confidence: 99%

Neutralizing SQL Injection Attack on Web Application Using Server Side Code Modification

Sarjiyus

El-Yakub

2019

IJSRCSEIT

View full text Add to dashboard Cite

SQL Injection attacks pose a very serious security threat to Web applications and web servers. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive and important information these databases contain. This research, “Neutralizing SQL Injection attack on web application using server side code modification” proposes a method for boosting web security by detecting SQL Injection attacks on web applications by modification on the server code so as to minimize vulnerability and mitigate fraudulent and malicious activities. This method has been implemented on a simple website with a database to register users with an admin that has control privileges. The server used is a local server and the server code was written with PHP as the back end. The front end was designed using MySQL. PHP server side scripting language was used to modify codes. ‘PDO prepare’ a tool to prepare parameters to be executed. The proposed method proved to be efficient in the context of its ability to prevent all types of SQL injection attacks. Acunetix was used to test the vulnerability of the code, and the code was implemented on a simple website with a simple database. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. Unlike most approaches, the proposed method is quite simple to implement yet highly effective. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

show abstract

CIDT: Detection of Malicious Code Injection Attacks on Web Application

Cited by 15 publications

References 11 publications

Survey of Web Application Vulnerability Attacks

Survey of Web Application Vulnerability Attacks

Automatic Detection of HTTP Injection Attacks using Convolutional Neural Network and Deep Neural Network

Neutralizing SQL Injection Attack on Web Application Using Server Side Code Modification

Contact Info

Product

Resources

About