Server-side code injection attack detection based on Kullback-Leibler distance
نویسندگان
چکیده
In this paper, we apply a well-known measure from information theory domain called Kullback-Leibler distance (or divergence) (KLD) to detect the symptoms of code injection attacks early during programme runtime. We take advantage of the observation that during code injection attack, the intended structure deviates from the expected structure. The KLD can be a suitable measure to capture the deviation. Our contribution includes the development of a server-side framework to compute KLD. In particular, we apply a smoothing algorithm to avoid the infinite KLD distance during attack detection stage. We evaluate our approach with three PHP applications having SQLI and XSS vulnerabilities. The initial results show that KLD can be an effective measurement technique to detect the occurrence of code injection attacks. The approach suffers from lower false positive and negative rates, and imposes negligible runtime overhead.
منابع مشابه
An Unsupervised Method for Detection of XSS Attack
Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious script in another user’s browser. Once the attacker gains control over the Website vulnerable to XSS attack, it can perform actions like cookie-stealing, malware-spreading, session-hijacking and malicious redirection. Malicious JavaScripts are the most conventional ways of performing XSS attacks. ...
متن کاملUsing Kullback-Leibler distance for performance evaluation of search designs
This paper considers the search problem, introduced by Srivastava cite{Sr}. This is a model discrimination problem. In the context of search linear models, discrimination ability of search designs has been studied by several researchers. Some criteria have been developed to measure this capability, however, they are restricted in a sense of being able to work for searching only one possibl...
متن کاملModel Confidence Set Based on Kullback-Leibler Divergence Distance
Consider the problem of estimating true density, h(.) based upon a random sample X1,…, Xn. In general, h(.)is approximated using an appropriate in some sense, see below) model fƟ(x). This article using Vuong's (1989) test along with a collection of k(> 2) non-nested models constructs a set of appropriate models, say model confidence set, for unknown model h(.).Application of such confide...
متن کاملSide channel parameter characteristics of code injection attacks
Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. T...
متن کاملDetection Block Model for SQL Injection Attacks
With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in...
متن کامل