A Dynamic Security Model for Addressing Hacking Risk Factors

Communication technologies have a significant influence on the business industry. Exchanging information, storing and retrieving data, and cutting communication costs are prime reasons for relying heavily on these technologies. However, these technologies are significantly affected by hacking. Due to neglecting the behaviour of hackers during the initial design stage of common security solutions, including firewalls, Intrusion Detection Systems, Intrusion Detection and Prevention Systems, Honeypot and Honeynet, successful hacking attempts still exist. This paper aims to investigate pre-hacking steps (footprinting, scanning, and enumeration) and to highlight the risk factors that are not considered during the development of current security solutions. These risk factors are the common causes of the failures of current security solutions against many hacking attempts. Moreover, this paper proposes a dynamic security model to guide security researchers towards proposing security countermeasures that address these risk factors, which eventually lead to minimising hacking risks

ADAPTIVE MODEL FOR PROTECTION OF ELECTRONIC RESOURCES AGAINST INFORMATION SECURITY THREATS

The rapid development of digitalization and the creation of electronic resources, in areas such as e-commerce, government portals and others leads to the actualization of data protection issues. The protection of electronic resources is becoming more and more relevant every day. This article presents the concept of adaptive protection of electronic resources from information security threats. In the course of this research, an adaptive model of protection of electronic resources from threats to information security based on behavioral analysis was developed

Security in web applications: a comparative analysis of key SQL injection detection techniques

Over the years, technological advances have driven massive proliferation of web systems and businesses have harbored a seemingly insatiable need for Internet systems and services. Whilst data is considered as a key asset to businesses and that their security is of extreme importance, there has been growing cybersecurity threats faced by web systems. One of the key attacks that web applications are vulnerable to is SQL injection (SQLi) attacks and successful attacks can reveal sensitive information to attackers or even deface web systems. As part of SQLi defence strategy, effective detection of SQLi attacks is important. Even though different techniques have been devised over the years to detect SQLi attacks, limited work has been undertaken to review and compare the effectiveness of these detection techniques. As such, in order to address this gap in literature, this paper performs a review and comparative analysis of the different SQLi detection techniques, with the aim to detect SQLi attacks in an effective manner and enhance the security of web applications. As part of the investigation, seven SQLi detection techniques including machine learning based detection are reviewed and their effectiveness against different types of SQLi attacks are compared. Results identified positive tainting and adoption of machine learning among the most effective techniques and stored procedures based SQLi as the most challenging attack to detect

DETECTING MALICIOUS HTTP COMMUNICATIONS USING UNSUPERVISED LEARNING

Web Application Firewall (WAF) は，事前に定義された攻撃の通信パターンもしくは正常の通信パターンと，外部からやってくる新しい通信を比較し，サイバー攻撃攻撃を検知する．だが，WAFは導入コストが高く，ゼロデイ攻撃等の未知の攻撃を防げない可能性が高い問題が存在する．そこで我々の先行研究ではCharacter-level Convolutional Neural Network (CLCNN) を用いて，悪意のあるHTTPリクエストの識別システムの構築を行なった．しかし，CLCNNの学習にはあらかじめ不正なHTTPリクエストが必要となり，学習データの準備コストが高い．そこで，本研究では，正常なHTTPリクエストデータのみを学習に用いて不正なHTTPリクエストを検知するシステムを構築する

Improving Web Application Firewalls to detect advanced SQL injection attacks

International audienceInjections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules. Our Web Application Firewall architecture aims to optimize detection performances by using a prediction module that excludes legitimate requests from the inspection process

SQL Injection Attack Classification through the Feature Extraction of SQL Query strings using a Gap-Weighted String Subsequence Kernel

SQL Injection Attacks are one of the most common methods behind data security breaches. Previous research has attempted to produce viable detection solutions in order to filter SQL Injection Attacks from regular queries. Unfortunately it has proven to be a challenging problem with many solutions suffering from disadvantages such as being unable to process in real time as a preventative solution, a lack of adaptability to differing types of attack and the requirement for access to difficult-to-obtain information about the source application. This paper presents a novel solution of classifying SQL queries purely on the features of the initial query string. A Gap-Weighted String Subsequence Kernel algorithm is implemented to identify subsequences of shared characters between query strings for the output of a similarity metric. Finally a Support Vector Machine is trained on the similarity metrics between known query strings which are then used to classify unknown test queries. By gathering all feature data from the query strings, additional information from the source application is not required. The probabilistic nature of the learned models allows the solution to adapt to new threats whilst in operation. The proposed solution is evaluated using a number of test datasets derived from the Amnesia testbed datasets. The demonstration software achieved 97.07% accuracy for Select type queries and 92.48% accuracy for Insert type queries. This limited success rate is due to unsanitised quotation marks within legitimate inputs confusing the feature extraction. Using a test dataset that denies legitimate queries the use of unsanitised quotation marks, the Select and Insert query accuracy rose