Detecting web application attacks with use of Gene Expression Programming

Web applications provide vast category of functionalities and usefulness. As more and more sensitive data is available over the internet hackers are becoming more interested in such data revealing which can cause massive damage. SQL injection is one of such attacks. This attack can be used to infiltrate the database of any web application that may lead to alteration of database or disclosing important information. Cross site scripting is one more attack in which attacker obfuscates the input given to the web application that may lead to changes in view of the web page. Three tier web applications can be categorized statically and dynamically for detecting and preventing these types of attacks. Mapping model in which requests are mapped on queries can be used effectively to detect such kind of attacks and prevention logic can be applied.

show abstract

“…Above the defined 36 tokens can be a potential risk to the system. False positive results are also a possibility [9].…”

Section: Literature Surveymentioning

confidence: 99%

A novel approach for detection of SQL injection and cross site scripting attacks

Sonewar

Mhetre

2015

2015 International Conference on Pervasive Computing (ICPC)

View full text Add to dashboard Cite

show abstract

“…The existing solutions focus on web application attacks in general and are dependent on the applications [8] [9]. All the solutions are not placed as a layered approach and are specific to back-end databases and specific to platforms [10][11] [12]. This paper presents a different methodology to detect and protect SQL Injection in web applications through independent web services in a layered approach.…”

Section: Sql Injectionmentioning

confidence: 99%

Detection of SQL Injection Attack in Web Applications using Web Services

Shanmughaneethi¹

2012

IOSRJCE

View full text Add to dashboard Cite

show abstract

“…For example, the greedy generation scheme is based on the r-continuous bit matching: when generating an initial detector, it searches for any detector that can match the initial one. If there exists the detector, it means that the initial detector is redundant and should be deleted [18]. Meanwhile, the variable-length method that generating variable-length detectors can solve the problem with "holes" caused by the r-continuous bit matching [20], and the detector set is optimized during the detector generation process to avoid the redundant detectors.…”

Section: Related Workmentioning

confidence: 99%

“…As being briefly mentioned earlier, in IIDS, a detector is the rule for recognizing attacks. The constraint-based GEP rule (here in after to be referred as GEP-rule), has been proposed in our previous work and been proved to be feasible and effective [18]. Let L be a logical operator set, R be a relational operator set, and A be an arithmetic operator set.…”

Section: Representation Of Artificial Immune Entities (1) Antigen Rep...mentioning

confidence: 99%

“…Applying a modern metaheuristic GEP, a novel approach to detecting web application attacks was proposed by J. Skaruz [17]. A GEP-based constraint grammar and a constraint-based GEP rule extraction algorithm (CGREA) were proposed in our previous work [18]. Within a few evolution generations, CGREA can generate a small number of bi-attribute detection rules ( i.e., each rule consists of only two attributes) for IDS to achieve a high degree of coverage.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation