Sujan Chegu, Gautam U Reddy, Bharath S Bhambore, KA Adeab, Prasad B. Honnavalli, Sivaraman Eswaran
{"title":"使用正则表达式和机器学习改进的针对注入攻击的过滤器","authors":"Sujan Chegu, Gautam U Reddy, Bharath S Bhambore, KA Adeab, Prasad B. Honnavalli, Sivaraman Eswaran","doi":"10.12968/s1353-4858(22)70055-4","DOIUrl":null,"url":null,"abstract":"Injection-based attacks have consistently made the Open Web Application Security Project (OWASP)Top 10 vulnerabilities for years. 1 Common types of injection attacks include SQL injection, cross-site scripting (XSS) and code injection. Filter engines are used to detect and sanitise user inputs for these malicious attacks. The user input is assumed to be tainted by default. Thus, the ability of a filter in terms of accuracy and latency is important. There exist various approaches to improve filters, primarily including techniques based on regular expressions (regexes), abstract syntax tree, machine learning and so on. However, the testing of modern solutions has achieved no more than 98.5% accuracy for XSS. This article looks at ways to improve accuracy.","PeriodicalId":100949,"journal":{"name":"Network Security","volume":"67 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An improved filter against injection attacks using regex and machine learning\",\"authors\":\"Sujan Chegu, Gautam U Reddy, Bharath S Bhambore, KA Adeab, Prasad B. Honnavalli, Sivaraman Eswaran\",\"doi\":\"10.12968/s1353-4858(22)70055-4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Injection-based attacks have consistently made the Open Web Application Security Project (OWASP)Top 10 vulnerabilities for years. 1 Common types of injection attacks include SQL injection, cross-site scripting (XSS) and code injection. Filter engines are used to detect and sanitise user inputs for these malicious attacks. The user input is assumed to be tainted by default. Thus, the ability of a filter in terms of accuracy and latency is important. There exist various approaches to improve filters, primarily including techniques based on regular expressions (regexes), abstract syntax tree, machine learning and so on. However, the testing of modern solutions has achieved no more than 98.5% accuracy for XSS. This article looks at ways to improve accuracy.\",\"PeriodicalId\":100949,\"journal\":{\"name\":\"Network Security\",\"volume\":\"67 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12968/s1353-4858(22)70055-4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12968/s1353-4858(22)70055-4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An improved filter against injection attacks using regex and machine learning
Injection-based attacks have consistently made the Open Web Application Security Project (OWASP)Top 10 vulnerabilities for years. 1 Common types of injection attacks include SQL injection, cross-site scripting (XSS) and code injection. Filter engines are used to detect and sanitise user inputs for these malicious attacks. The user input is assumed to be tainted by default. Thus, the ability of a filter in terms of accuracy and latency is important. There exist various approaches to improve filters, primarily including techniques based on regular expressions (regexes), abstract syntax tree, machine learning and so on. However, the testing of modern solutions has achieved no more than 98.5% accuracy for XSS. This article looks at ways to improve accuracy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
