New deep learning method to detect code injection attacks on hybrid applications

Yan, Ruibo; Xiao, Xi; Hu, Guangwu; Peng, Sancheng; Jiang, Yong

doi:10.1016/j.jss.2017.11.001

Cited by 43 publications

(14 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The extracted features include static and dynamic features, and the results show that the method can achieve high accuracy. Yan et al [23] extracted the abstract syntax tree features of the Javascript code in applications and used the deep learning classification model for training. This method detects code injection attacks from Android hybrid applications with an accuracy of 97.55%.…”

Section: Related Workmentioning

confidence: 99%

A novel hybrid method to analyze security vulnerabilities in Android applications

Tang

Wang

et al. 2020

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

We propose a novel hybrid method to analyze the security vulnerabilities in Android applications. Our method combines static analysis, which consists of metadata and data flow analyses with dynamic analysis, which includes dynamic executable scripts and application program interface hooks. Our hybrid method can effectively analyze nine major categories of important security vulnerabilities in Android applications. We design dynamic executable scripts that record and perform manual operations to customize the execution path of the target application. Our dynamic executable scripts can replace most manual operations, simplify the analysis process, and further verify the corresponding security vulnerabilities. We successfully statically analyze 5547 malwares in Drebin and 10 151 real-world applications. The average analysis time of each application in Drebin is 4.52 s, whereas it reaches 92.02 s for real-word applications. Our system can detect all the labeled vulnerabilities among 56 labeled applications. Further dynamic verification shows that our static analysis accuracy approximates 95% for real-world applications. Experiments show that our dynamic analysis can effectively detect the vulnerability named input unverified, which is difficult to be detected by other methods. In addition, our dynamic analysis can be extended to detect more types of vulnerabilities.

show abstract

Section: Related Workmentioning

confidence: 99%

A novel hybrid method to analyze security vulnerabilities in Android applications

Tang

Wang

et al. 2020

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

show abstract

“…Another different concept was planned to catch code injection attacks associated with the JavaScript code in the paper [8], a new combination of Deep Learning named Hybrid Deep Learning Network (HDLN) was created. Performances of this latter were judged according to two levels, at the first, relatively to the number of hidden layers, the number of filters and number of neurons, the results proved that accuracy increases as the number of filters increases, secondly, it was confronted with other traditional classifiers, the marked accuracy was clearly the greatest.…”

Section: Related Workmentioning

confidence: 99%

LSTM deep learning method for network intrusion detection system

Boukhalfa¹,

Abdellaoui²,

Hmina³

et al. 2020

IJECE

View full text Add to dashboard Cite

The security of the network has become a primary concern for organizations. Attackers use different means to disrupt services or steal information, these various attacks push to think of a new way to block them all in one manner. In addition, these intrusions can change and penetrate the devices of security. To solve these issues, we suggest, in this paper, a new idea for Network Intrusion Detection System (NIDS) based on Long Short-TermMemory (LSTM) to recognize menaces and to obtain a long-term memory on them, inorder to stop the new attacks that are like the existing ones, and at the sametime, to have a single mean to block intrusions. According to the results of the experiments of detections that we have carried out, the Accuracy reaches upto 99.98 % and 99.93 % for respectively the classification of two classes and several classes, Also the False Positive Rate (FPR) reaches up to only 0,068 % and 0,023 % for respectively the classification of two classes and several classes, which proves that the proposed model is very effective, it has a great ability to memorize and differentiate between normal traffic and attack traffic and its identification is more accurate than other Machine Learning classifiers.

show abstract

“…Each node of the tree represents a construct in the source code. The resulting syntax tree is beneficial for different purposes, from program transformation to static program analysis [42].…”

Section: ) Html-based Features Sub-modelmentioning

confidence: 99%

MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique

et al. 2019

View full text Add to dashboard Cite

Dynamic web applications play a vital role in providing resources manipulation and interaction between clients and servers. The features presently supported by browsers have raised business opportunities, by supplying high interactivity in web-based services, like web banking, e-commerce, social networking, forums, and at the same time, these features have brought serious risks and increased vulnerabilities in web applications that enable cyber-attacks to be executed. One of the common high-risk cyber-attack of web application vulnerabilities is cross-site scripting (XSS). Nowadays, XSS is still dramatically increasing and considered as one of the most severe threats for organizations, users, and developers. If the ploy is successful, the victim is at the mercy of the cybercriminals. In this research, a robust artificial neural network-based multilayer perceptron (MLP) scheme integrated with the dynamic feature extractor is proposed for XSS attack detection. The detection scheme adopts a large real-world dataset, the dynamic features extraction mechanism, and MLP model, which successfully surpassed several tests on an employed unique dataset under careful experimentation, and achieved promising and state-of-the-art results with accuracy, detection probabilities, false positive rate, and AUC-ROC scores of 99.32%, 98.35 %, 0.3%, and 99.02%, respectively. Therefore, it has the potentials to be applied for XSS-based attack detection in either the client-side or the server-side.INDEX TERMS Artificial neural network, cross-site scripting attack, detection, multilayer perceptrons, web application security.

show abstract

New deep learning method to detect code injection attacks on hybrid applications

Cited by 43 publications

References 14 publications

A novel hybrid method to analyze security vulnerabilities in Android applications

A novel hybrid method to analyze security vulnerabilities in Android applications

LSTM deep learning method for network intrusion detection system

MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique

Contact Info

Product

Resources

About