Finding forensic evidence for several web attacks

Suteva, Natasa; Mileva, Aleksandra; Loleski, Mario

doi:10.1504/ijitst.2015.073938

Cited by 5 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In web application forensics, log files provide detailed events and a trace of security attacks [14]. For this reason, investigators always search for malicious entries in the log files [15,16]. Logs as digital evidence provide extremely useful information that can help in the detection of various kinds of attacks.…”

Section: Digital Evidencementioning

confidence: 99%

A hybrid feature-selection approach for finding the digital evidence of webapplication attacks

Babiker¹,

Karaarslan²,

Hoşcan³

2019

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

The most critical challenge of web attack forensic investigations is the sheer amount of data and level of complexity. Machine learning technology might be an efficient solution for web attack analysis and investigation.Consequently, machine learning applications have been applied in various areas of information security and digital forensics, and have improved over time. Moreover, feature selection is a crucial step in machine learning; in fact, selecting an optimal feature subset could enhance the accuracy and performance of the predictive model. To date, there has not been an adequate approach to select optimal features for the evidence of web attack. In this study, a hybrid approach that selects the relevant web attack features by combining the filter and wrapper methods is proposed.This approach has been validated by experimental measurements on 3 web attack datasets. The results show that our proposed approach can find the evidence with high recall, high accuracy, and low error rates. We believe that the results presented herein may help us to improve accuracy and recall of machine learning techniques; particularly, in the field of web attack investigation. The tools that use this approach may help digital forensic professionals and law enforcement in finding the evidence much more efficiently and faster.

show abstract

Section: Digital Evidencementioning

confidence: 99%

A hybrid feature-selection approach for finding the digital evidence of webapplication attacks

Babiker¹,

Karaarslan²,

Hoşcan³

2019

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

show abstract

“…Web applications typically interact with backend underlying database. Hence, if an unauthorised user gained information by sending a malicious code, then the attacker could obtain illegal access, steal sensitive data of trusted users, and destroy or damage the system (Kindy and Pathan, 2012;Šuteva et al, 2015). This attack can break the trust existing between the users and the server, as well as remove the feature of the absence of input/output validation on the server to reject malicious codes (Baranwal, 2012).…”

Section: Introductionmentioning

confidence: 99%

A four-phase methodology for protecting web applications using an effective real-time technique

Ali

2016

IJITST

View full text Add to dashboard Cite

Web applications have become widely pervasive in all types of Internet-based services. Thus, security is one of the major concerns as most web applications suffer from vulnerabilities, making them attractive targets for security attacks. Structured Query Language Injection Attack (SQLIA) on stored procedures poses serious threats in the underlying database of any application. This article presents the methodological issues of developing a web application SQLI protector tool to detect stored procedures of SQLIAs. Our technique uses real-time settings based on positive tainting approach, accurate and efficient taint propagation and syntax-aware evaluation of the query strings at the application level are used to detect illegal queries before they reach the database. Then, the proposed tool is evaluated based on its efficiency and effectiveness in practices. In addition, detection techniques used are also analysed. The developed tool is effective given its capability to detect and stop all SQLIAs in a real-time environment.

show abstract