TY - JOUR
T1 - GMSA
T2 - Gathering Multiple Signatures Approach to defend against code injection attacks
AU - Alnabulsi, Hussein
AU - Islam, Rafiqul
AU - Talukder, Majharul
N1 - Includes bibliographical references.
PY - 2018/11/30
Y1 - 2018/11/30
N2 - Code Injection Attacks (CIAs) exploit security vulnerabilities and computer bugs that are caused by processing invalid codes. CIA is a problem that hackers attempt to introduce to any new method, their objective being to bypass the protection system. In this paper we present a tool called GMSA, developed to detect a variety of code injection attacks, for example: Cross-Site Scripting (XSS) attack, SQL injection attack, Shell injection attack (Command injection attack), and File Inclusion attack. The latter consists of Local File Inclusion (LFI), and Remote File Inclusion (RFI). Our empirical analysis reveals that, compared with existing research, GMSA executes a precision performance (accuracy of the proposed algorithm is 99.45%). The false positive rate of GMSA is 0.59%, which is low compared with what other research has reported. The low false positive rate is the most important factor. Ideally, the defense algorithm should balance between the false positive rate (FPR) and true positive rate (TPR), because with existing methodologies security experts can defend against a broad range of CIAs with uncomplicated security software. Typical protection methods yield a high FPR. Our method results in high TPR while minimizing the resources needed to address the false positive. GMSA can detect four types of CIA. This is more comprehensive than other research techniques which are restricted to only two major types of CIA, namely, SQL injection and XSS attacks.
AB - Code Injection Attacks (CIAs) exploit security vulnerabilities and computer bugs that are caused by processing invalid codes. CIA is a problem that hackers attempt to introduce to any new method, their objective being to bypass the protection system. In this paper we present a tool called GMSA, developed to detect a variety of code injection attacks, for example: Cross-Site Scripting (XSS) attack, SQL injection attack, Shell injection attack (Command injection attack), and File Inclusion attack. The latter consists of Local File Inclusion (LFI), and Remote File Inclusion (RFI). Our empirical analysis reveals that, compared with existing research, GMSA executes a precision performance (accuracy of the proposed algorithm is 99.45%). The false positive rate of GMSA is 0.59%, which is low compared with what other research has reported. The low false positive rate is the most important factor. Ideally, the defense algorithm should balance between the false positive rate (FPR) and true positive rate (TPR), because with existing methodologies security experts can defend against a broad range of CIAs with uncomplicated security software. Typical protection methods yield a high FPR. Our method results in high TPR while minimizing the resources needed to address the false positive. GMSA can detect four types of CIA. This is more comprehensive than other research techniques which are restricted to only two major types of CIA, namely, SQL injection and XSS attacks.
KW - Code Injection Attack (CIA)
KW - Computer hacking
KW - Cross-Site Script (XSS) Attack
KW - Cross-site scripting
KW - Encoding
KW - File Inclusion Attack (RFI,LFI)
KW - Shell Injection Attack
KW - SQL injection
KW - SQL Injection Attack
KW - Uniform resource locators
KW - XML
UR - http://www.scopus.com/inward/record.url?scp=85057887237&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85057887237&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2018.2884201
DO - 10.1109/ACCESS.2018.2884201
M3 - Article
AN - SCOPUS:85057887237
SN - 2169-3536
VL - 6
SP - 77829
EP - 77840
JO - IEEE Access
JF - IEEE Access
ER -