Classification features for detecting Server-side and Client-side Web attacks
نویسندگان
چکیده
During last years, the number and cleverness of attacks against Web related applications are steadily growing as Web services become more popular. In this paper, we propose relevant classification features for detecting Web attacks targeting either server-side or client-side applications. Four kinds of features are provided: Request general features, Request content features, Response features and Request history features. Experimental studies carried on real1 and simulated htt p traffic including normal data and several attacks show the efficiency of our feature set in detecting Web related attacks.
منابع مشابه
ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Modern web applications are increasingly moving program code to the client in the form of JavaScript. With the growing adoption of HTML5APIs such as postMessage, client-side validation (CSV) vulnerabilities are consequently becoming increasingly important to address as well. However, while detecting and preventing attacks against web applications is a well-studied topic on the server, considera...
متن کاملEfficient Detection of Malicious Web Pages Using High-Interaction Client Honeypots
Drive-by-download attacks are client-side attacks that originate from web servers clients visit. High-interaction client honeypots identify malicious web pages by directly visiting the web pages and are very useful. However, they still have shortcomings that must be addressed: long inspection time and possibility of not detecting certain attacks such as time bombs. To address these problems, we...
متن کاملAn Architecture for Enforcing JavaScript Randomization in Web2.0 Applications
Instruction Set Randomization (ISR) is a promising technique for preventing code-injection attacks. In this paper we present a complete randomization framework for JavaScript aiming at detecting and preventing Cross-Site Scripting (XSS) attacks. RaJa randomizes JavaScript source without changing the code structure. Only JavaScript identifiers are carefully modified and the randomized code can b...
متن کاملMulticlass Classification of XSS Web Page Attack using Machine Learning Techniques
Web applications are most widely used technique for providing an access to online services. At the same time web applications are easiest way for vulnerable acts. When a security mechanism is failed then the user may download malicious code from a trusted web site. In this case, the malicious script is contracted to full access with all assets belonging to that legitimate web site. These types ...
متن کاملAn Execution-flow Based Method for Detecting Cross-Site Scripting of Ajax Applications
We present an execution-flow analysis for JavaScript programs running in a web browser to prevent Cross-site Scripting (XSS) attacks. We construct finite-state automata (FSA) to model the client-side behavior of Ajax applications under normal execution. Our system is deployed in proxy mode. The proxy analyzes the execution flow of client-side JavaScript before the requested web pages arrive at ...
متن کامل