Hunting malicious attacks in social networks

2011 Third International Conference on Advanced Computing Pub Date : 2011-12-01 DOI:10.1109/ICOAC.2011.6165172

D. Arulsuju

{"title":"Hunting malicious attacks in social networks","authors":"D. Arulsuju","doi":"10.1109/ICOAC.2011.6165172","DOIUrl":null,"url":null,"abstract":"The Rapid growth of internet resulted in feature rich and dynamic web applications. This increase in features also introduced completely under estimated attack vectors. Cross site scripting attacks, SQL Injection and malicious file execution are the most dominant classes of web vulnerabilities reported by OWASP 2011. These attacks make use of vulnerabilities in the code of web applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. It is caused by scripts, which do not sanitize user input. Several server-side counter measures for XSS attacks do exist, but such techniques have not been universally applied, because of their deployment overhead. The existing client-side solutions degrade the performance of client's system resulting in a poor web surfing experience. We present automata-based symbolic string analyses (XHunter)for automatic verification of string manipulating programs we compute the pre and post conditions of common string functions using deterministic finite automata (DFAs). Experiment result shows that our approach finds large number of malicious attacks in web application.","PeriodicalId":369712,"journal":{"name":"2011 Third International Conference on Advanced Computing","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Third International Conference on Advanced Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOAC.2011.6165172","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The Rapid growth of internet resulted in feature rich and dynamic web applications. This increase in features also introduced completely under estimated attack vectors. Cross site scripting attacks, SQL Injection and malicious file execution are the most dominant classes of web vulnerabilities reported by OWASP 2011. These attacks make use of vulnerabilities in the code of web applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. It is caused by scripts, which do not sanitize user input. Several server-side counter measures for XSS attacks do exist, but such techniques have not been universally applied, because of their deployment overhead. The existing client-side solutions degrade the performance of client's system resulting in a poor web surfing experience. We present automata-based symbolic string analyses (XHunter)for automatic verification of string manipulating programs we compute the pre and post conditions of common string functions using deterministic finite automata (DFAs). Experiment result shows that our approach finds large number of malicious attacks in web application.

查看原文本刊更多论文

在社交网络中搜寻恶意攻击

internet的快速发展导致了功能丰富和动态的web应用程序。这种特性的增加也引入了完全低于估计的攻击向量。跨站脚本攻击、SQL注入和恶意文件执行是OWASP 2011报告的最主要的web漏洞类别。这些攻击利用web应用程序代码中的漏洞，导致严重后果，例如窃取cookie、密码和其他个人凭据。它是由脚本引起的，脚本没有对用户输入进行消毒。针对XSS攻击的几种服务器端对策确实存在，但由于部署开销的原因，这些技术并没有得到普遍应用。现有的客户端解决方案降低了客户端系统的性能，导致了糟糕的网页浏览体验。我们提出了基于自动机的符号字符串分析(XHunter)，用于字符串操作程序的自动验证。我们使用确定性有限自动机(dfa)计算常见字符串函数的前后条件。实验结果表明，该方法能够在web应用中发现大量的恶意攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Third International Conference on Advanced Computing

自引率

0.00%

发文量