WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Rajat Gupta,Madhu Viswanatham V.,Manikandan K

DOI: https://doi.org/10.48550/arXiv.2105.04773

2021-05-11

Cryptography and Security

Abstract:Nowadays, web applications have become most prevalent in the industry, and the critical data of most organizations stored using web apps. Hence, web applications a much bigger target for diverse cyber-attacks, which varies from database injections-SQL injection, PHP object injection, template injection, XML external entity injection, unsanitized input attacks- Cross-Site Scripting(XSS), and many more. As mitigation for them, among many proposed solutions, web application honeypots are a much sophisticated and powerful protection mechanism. In this paper, we propose a low interaction, adaptive, and dynamic web application honeypot that imitates the vulnerabilities through HTTP events. The honeypot is built with SNARE and TANNER; SNARE creates the attack surface and sends the requests to TANNER, which evaluates them and decides how SNARE should respond to the requests. TANNER is an analysis and classification tool, which analyzes and evaluates HTTP requests served by SNARE and to compose the response, it is powered by emulators, which are engines used for the emulation of vulnerabilities.

Shameng Wen,Qingkun Meng,Chao Feng,Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0186188

IF: 3.7

2017-10-19

PLoS ONE

Abstract:Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Kanika Sharma,Naresh Kumar

DOI: https://doi.org/10.1109/iccccm.2013.6648920

2013-08-01

Abstract:Web applications are increasingly used to provide e-services such as online banking, online shopping, and social networking over the internet. With this advancement, the attacks over the web applications have also increased. According to Cenzic 2013 report 99% of web applications are vulnerable tested in 2012 [1]. The root causes behind these vulnerabilities are lack of security awareness, design flaws & implementation bugs. Writing secure code for web application is a complex task as developer emphasis more on implementation of business logic for web application rather than implementing it with secure logic. These vulnerabilities might be exploited by malicious users which can harm the database & reputation of an organization. In this paper we have proposed an Application Intrusion Detection System tool which can detect & prevent web application attacks at the time of occurrence. We have implemented proposed approach with ASP.NET web application and also perform Chi Square test to validate our assumptions. Once completed SWART has future potential to detect and prevent maximum attacks with less complexity.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan

DOI: https://doi.org/10.1007/s10796-008-9111-6

2008-01-01

Information Systems Frontiers

Abstract:Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter the issues of high false positive rates, long computational time, and requirement of developing attack codes. Moreover, they are only capable of locating individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities on a host or a section of network with the vulnerabilities possibly distributed among different hosts. To address these issues, an active vulnerability assessment system NetScope with C/S architecture is developed for evaluating computer network security based on open vulnerability assessment language instead of simulating attacks. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct potential attack paths with strong operation power of relational database management system. The testing results from a series of experiments show that this system has the advantages of a low false positive rate, short running periods, and little impact on the performance of audited systems and good scalability. The security vulnerabilities, undetectable if assessed individually in a network, are discovered without the need to simulate attacks. It is shown that the NetScope system is well suited for vulnerability assessment of large-scale computer networks such as campus networks and enterprise networks. Moreover, it can also be easily integrated with other security tools based on relational databases.

Yogesh Handge,

DOI: https://doi.org/10.55041/ijsrem30497

2024-04-10

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:The increasing dependence on web applications amplifies the importance of protecting them against cyber threats. Vulnerability scanners are of utmost importance in this process, as they periodically detect vulnerabilities within network infras- tructures. This tool automates vulnerability detection, eliminating the need for manual intervention. This paper introduces a vulnerability scanner tool that determines probable threats to a web application by utilizing technologies such as header analysis, port scanning, and comparison against a database of known vulnerabilities(CVEs),thereby providing a robust solution Index Terms—Vulnerability Scanning, Header Analysis, Port Scanning, CVEs, Web Crawling,Socket Programming, Automation

Jiang Zhen

Abstract:The paper introduces the current severe situation of the Web security, and brings up the necessity to design Web vulnerability scanning software. Then it analyzes Web crawler, construction of website structure tree, and detection methods of SQL injection, XSS, integer overflow and URL redirection, which provides a guarantee for developing the system successfully. The paper also describes the software architecture and the design of modules. The final testing results prove that the software is able to detect the common types of vulnerabilities rapidly and comprehensively. The software has been published.

Computer Science

Muhammad Saidu Aliero,Kashif Naseer Qureshi,Muhammad Fermi Pasha,Awais Ahmad,Gwanggil Jeon

DOI: https://doi.org/10.1002/cpe.5936

2020-07-22

Concurrency and Computation: Practice and Experience

Abstract:<p>Structure Query Language Injection Attack is among the top 10‐security threats that can be used on the web application to cause severe damage or gain unauthorized data access to the application server. Many reports have indicated an average of 64% of global websites are at risk of being attack by SQL injection, and many of the top companies have experienced thousands of attacks attempts through SQL injection. The current trend shows the increasing number of attacks factor as a result of the daily deployment of these applications without security detection and prevention mechanism is placed. To overcome this challenge, researches in academia and industry presented a proposal that automates SQL injection vulnerabilities assessment on the tested application. Current studies show the need to enhance techniques of these proposals to reduce the false alarms. In this study, we propose a component‐based technique to minimize the incidence of inaccurate results, as well as enable the ease of improving the proposed solution. The study uses three costumed applications as tested to evaluate the accuracy of the proposed solution. Each of these testbed consists of several vulnerabilities where the experimental evaluation performs to test the proposed tool. An empirical evaluation is carried out on three vulnerable custom websites to evaluate the effectiveness of the proposed study. The experiment results indicated significant results in terms of high accuracy. On the other hand, the proposed solution also has better capabilities to analyze page response based on four different techniques. Moreover, the proposed solution is the only solution that performs stored procedure attacks SQL and bypass login authentication even if the returned records are limited restriction is applied.</p>

Kaled Alshmrany,Lucas Cordeiro

DOI: https://doi.org/10.48550/arXiv.2001.09592

2020-01-27

Cryptography and Security

Abstract:Implementations of network protocols are often prone to vulnerabilities caused by developers' mistakes when accessing memory regions and dealing with arithmetic operations. Finding practical approaches for checking the security of network protocol implementations has proven to be a challenging problem. The main reason is that the protocol software state-space is too large to be explored. Here we propose a novel verification approach that combines fuzzing with symbolic execution to verify intricate properties in network protocol implementations. We use fuzzing for an initial exploration of the network protocol, while symbolic execution explores both the program paths and protocol states, which were uncovered by fuzzing. From this combination, we automatically generate high-coverage test input packets for a network protocol implementation. We surveyed various approaches based on fuzzing and symbolic execution to understand how these techniques can be effectively combined and then choose a suitable tool to develop further our model on top of it. In our preliminary evaluation, we used ESBMC, Map2Check, and KLEE as software verifiers and SPIKE as fuzzer to check their suitability to verify our network protocol implementations. Our experimental results show that ESBMC can be further developed within our verification framework called \textit{FuSeBMC}, to efficiently and effectively detect intricate security vulnerabilities in network protocol implementations.

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

Yash Sharma,Jyoti Chaudhary,Vimmi Malhotra

DOI: https://doi.org/10.48175/ijarsct-9492

2023-04-26

Abstract:Personal computers and computer networks have become increasingly vulnerable to numerous types of attacks since the introduction of the Internet. Information has evolved into a valuable asset that must be pro- tected from cyber-attacks. Privacy may be violated, and vital data may be destroyed as a result of the attack. Typically, the attacks are brought on by a failure to put security rules in place and to use easily available security tools Firewall, Intrusion Detection System, and Intrusion Prevention Systems are some of the security solutions that are accessible. Each tool comes with its own set of features. its characteristics, benefits, and drawbacks

Zhengxiong Luo,Zhe Liu,Yu Jiang,Junze Yu,Feilong Zuo

DOI: https://doi.org/10.1109/DAC18074.2021.9586321

2021-12-05

Abstract:The rapid development of in-vehicle networks and protocols brings efficient communication service but also increases the risk of attack. Any vulnerability may be leveraged to cause serious consequences. It is of vital importance to guarantee their security. However, the vulnerability detection efficiency of traditional techniques such as fuzzing is challenged by the complex relations among protocol states.In this paper, we propose PAVFuzz, a state-sensitive fuzz testing framework to secure those protocols used in autonomous vehicles. It automatically learns relations between two data elements in different protocol states. The relations will then be used to calculate and update the mutation weight of each data element continuously. Accordingly, PAVFuzz is able to select the target data elements and perform state-sensitive mutation to boost the efficiency. Experiments show that, compared with state-of-the-art fuzzers Peach and AFL, PAVFuzz increases branch coverage by averagely 22.51% and 369.19% within 24 hours. It has successfully exposed 12 serious previously unknown vulnerabilities among several protocols that are widely used in autonomous vehicles, such as RTPS and SOME/IP. We have reported them to the developers and corresponding patches have been released.

Engineering,Computer Science

Muhammad Saidu Aliero,Imran Ghani,Kashif Naseer Qureshi,Mohd Fo’ad Rohani

DOI: https://doi.org/10.1007/s12652-019-01235-z

IF: 3.662

2019-02-07

Journal of Ambient Intelligence and Humanized Computing

Abstract:SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain unauthorized access and perform unauthorized data modifications due to initial improper input validation by the web application developer. Various studies have shown that, on average, 64% of web applications worldwide are vulnerable to SQLIA due to improper input. To mitigate the devastating problem of SQLIA, this research proposes an automatic black box testing for SQL Injection Vulnerability (SQLIV). This acts to automate an SQLIV assessment in SQLIA. In addition, recent studies have shown that there is a need for improving the effectiveness of existing SQLIVS in order to reduce the cost of manual inspection of vulnerabilities and the risk of being attacked due to inaccurate false negative and false positive results. This research focuses on improving the effectiveness of SQLIVS by proposing an object-oriented approach in its development in order to help and minimize the incidence of false positive and false negative results, as well as to provide room for improving a proposed scanner by potential researchers. To test and validate the accuracy of research work, three vulnerable web applications were developed. Each possesses a different type of vulnerabilities and an experimental evaluation was used to validate the proposed scanner. In addition, an analytical evaluation is used to compare the proposed scanner with the existing academic scanners. The result of the experimental analysis shows significant improvement by achieving high accuracy compared to existing studies. Similarly, the analytical evaluations showed that the proposed scanner is capable of analyzing attacked page response using four different techniques.

computer science, information systems,telecommunications, artificial intelligence

Josephine Lamp,Carlos E. Rubio-Medrano,Ziming Zhao,Gail-Joon Ahn

DOI: https://doi.org/10.1109/MSCPES.2017.8064532

2017-01-01

Abstract:Recently, energy delivery systems (EDS) have undergone an intensive modernization process that includes the introduction of dedicated cyber-infrastructures for the purposes of monitoring, control, and optimization of resources. While extremely convenient, the introduction of software-based control over computer networks has also opened the door for the exploitation of non-trivial security vulnerabilities by malicious third-parties. As demonstrated by recent incidents, EDS systems worldwide are vulnerable to sophisticated attacks that include a well-thought out combination of strategies at various levels of abstraction. In such a context, a comprehensive solution supporting automated monitoring and assessment, that can assist security officials in effectively preventing and mitigating such attacks, is highly desired. With this in mind, this paper presents an ongoing effort that takes security requirements obtained from existing documents on guidelines and best practices on EDS, and implements a proof-of-concept framework based on adaptive and customizable software modules that collect and process security-relevant data for assuring the security of EDS.

Enze Wang,Jianjun Chen,Wei Xie,Chuhan Wang,Yifei Gao,Zhenhua Wang,Haixin Duan,Yang Liu,Baosheng Wang

DOI: https://doi.org/10.1109/sp54263.2024.00198

2024-01-01

Abstract:Server-Side Request Forgery (SSRF) vulnerability poses significant security risks to web applications, enabling adversaries to exploit web applications as stepping stones for unauthorized access of internal-only services or even performing arbitrary commands. Despite its recent emergence as a distinct category in the 2021 OWASP Top 10 web security risks and its increasing prevalence in modern web applications, there remains a lack of effective approaches to detect SSRF vulnerabilities systematically.We present a novel methodology, SSRFuzz, to effectively identify SSRF vulnerability in PHP web applications. Our methodology consists of three phases. In the initial phase, we designed an SSRF oracle to examine functions in PHP manuals and identify sinks that provide server-side request capabilities. This process yielded a total of 86 sensitive PHP sinks out of 2101 PHP functions. The second stage involves dynamic taint inference and the utilization of the identified sinks to examine the source code of target web applications, pinpointing all feasible input points that could trigger these sinks. The final phase employs fuzzing techniques. We generate testing HTTP requests with SSRF payloads, send them to the previously identified input points within the target web applications, and detect if an SSRF vulnerability is triggered. We implemented a prototype of SSRFuzz and evaluated it on 27 real-world applications, including Joomla and WordPress. In total, we discovered 28 SSRF vulnerabilities, 25 of which were previously unreported. We reported all the vulnerabilities to the affected vendors, and 16 new CVE IDs were assigned.

Matthew Tassava,Cameron Kolodjski,Jeremy Straub

2023-06-07

Abstract:A system vulnerability analysis technique (SVAT) for complex mission critical systems (CMCS) was developed in response to the need to be able to conduct penetration testing on large industrial systems which cannot be taken offline or risk disablement or impairment for conventional penetration testing. SVAT-CMCS facilitates the use of known vulnerability and exploit information, incremental testing of system components and data analysis techniques to identify attack pathways in CMCSs. This data can be utilized for corrective activities or to target controlled manual follow-up testing. This paper presents the SVAT-CMCS paradigm and describes its implementation in a software tool, which was built using the Blackboard Architecture, that can be utilized for attack pathway identification. The performance of this tool is characterized using three example models. In particular, it explores the path generation speed and the impact of link cap restrictions on system operations, under different levels of network size and complexity. Accurate fact-rule processing is also tested using these models. The results show significant decreases in path generation efficiency as the link cap and network complexity increase; however, rule processing accuracy is not impacted.

Cryptography and Security

Qi Wang,Jianjun Chen,Zheyu Jiang,Run Guo,Ximeng Liu,Chao Zhang,Haixin Duan

DOI: https://doi.org/10.1109/sp54263.2024.00129

2024-01-01

Abstract:Web Application Firewalls (WAFs) are a crucial line of defense against web-based attacks. However, an emerging threat comes from protocol-level evasion vulnerabilities, in which adversaries exploit parsing discrepancies between the WAF HTTP parser and those of web applications to circumvent WAFs. Currently, uncovering these vulnerabilities still depends on manual, ad hoc methods. In this paper, we propose WAF Manis, a novel testing methodology to automatically discover protocol-level evasion vulnerabilities in WAFs. We evaluated WAF Manis against 14 popular WAFs including Cloudflare and ModSecurity and 20 popular web frameworks including Laravel and Spring. In total, we discovered 311 protocol-level evasion cases affecting all tested WAFs and applications. Due to the generic nature of protocol-level evasions, these evasion vulnerabilities do not hinge on specific payload patterns and can transmit any malicious payloads - for instance, SQL injection, XSS, or Log4jShell - to the target websites. We further analyzed these vulnerabilities and identified three primary reasons contributing to WAF evasions. We have reported those identified vulnerabilities to the affected providers and received acknowledgments and bug bounty rewards from Cloudflare WAF, Fortinet WAF, Alibaba Cloud WAF, Huawei Cloud WAF, ModSecurity, Go security Team, and the PHP security team.

Zhaoyan Xu,Antonio Nappa,Robert Baykov,Guangliang Yang,Juan Caballero,Guofei Gu

DOI: https://doi.org/10.1145/2660267.2660352

2014-01-01

Abstract:Malware continues to be one of the major threats to Internet security. In the battle against cybercriminals, accurately identifying the underlying malicious server infrastructure (e.g., C&C servers for botnet command and control) is of vital importance. Most existing passive monitoring approaches cannot keep up with the highly dynamic, ever-evolving malware server infrastructure. As an effective complementary technique, active probing has recently attracted attention due to its high accuracy, efficiency, and scalability (even to the Internet level).In this paper, we propose AUTOPROBE, a novel system to automatically generate effective and efficient fingerprints of remote malicious servers. AUTOPROBE addresses two fundamental limitations of existing active probing approaches: it supports pull-based C&C protocols, used by the majority of malware, and it generates fingerprints even in the common case when C&C servers are not alive during fingerprint generation.Using real-world malware samples we show that AUTOPROBE can successfully generate accurate C&C server fingerprints through novel applications of dynamic binary analysis techniques. By conducting Internet-scale active probing, we show that AUTOPROBE can successfully uncover hundreds of malicious servers on the Internet, many of them unknown to existing blacklists. We believe AUTOPROBE is a great complement to existing defenses, and can play a unique role in the battle against cybercriminals.

Soumyajit Dey,Sunandan Adhikary,Ipsita Koley,R. Rohit

DOI: https://doi.org/10.1109/DSD57027.2022.00128

2022-05-02

Abstract:Recent developments in the smart mobility domain have transformed automobiles into networked transportation agents helping realize new age, large-scale intelligent transportation systems (ITS). The motivation behind such networked transportation is to improve road safety as well as traffic efficiency. In this setup, vehicles can share information about their speed and/or acceleration values among themselves and infrastructures can share traffic signal data with them. This enables the connected vehicles (CVs) to stay informed about their surroundings while moving. However, the inter-vehicle communication channels significantly broaden the attack surface. The inter-vehicle network enables an attacker to remotely launch attacks. An attacker can create collision as well as hamper performance by reducing the traffic efficiency. Thus, security vulnerabilities must be taken into consideration in the early phase of CVs' development cycle. To the best of our knowledge, there exists no such automated simulation tool using which engineers can verify the performance of CV prototypes in the presence of an attacker. In this work, we present an automated tool flow that facilitates false data injection attack synthesis and simulation on customizable platoon structure and vehicle dynamics. This tool can be used to simulate as well as design and verify control- theoretic light-weight attack detection and mitigation algorithms for CVs.

Computer Science,Engineering

Yuan-da CAO,Xian-Feng LI,Jing-feng XUE

DOI: https://doi.org/10.3969/j.issn.1673-629X.2005.09.025

2005-01-01

Abstract:With the development of computer network and Internet, new system vulnerability and network vulnerability continue to come forth. To apply plug-in technology to vulnerability scanner is in favor of software upgrading and function extension. The plug-in is implemented using technology of dynamic link library (DLL) under Windows platform, while it is implemented using technology of shared object (SO) under Linux or Unix platform.