Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

A Taxonomy of Network and Computer Attack Methodologies

Since the invention of computers and networks, people have found various ways to attack them. Attacks over the years have ranged from using a sledge hammer on a computer, to advanced distributed denial of service attacks. This research focuses on computer and network attacks and providing a taxonomy of them. This is to help combat new attacks, improve computer and network security and to provide consistency in language when describing attacks. A wide range of computer and network attacks are examined to provide both a survey of the field and to provide a basis on which to build the proposed taxonomy. The proposed taxonomy consists of four dimensions which provide a holistic taxonomy and to deal with inherent problems in the computer and network attack field. The first dimension covers the attack vector and the main behaviour of the attack. The second dimension allows for classification of the attack targets. Vulnerabilities are classified in the third dimension and payloads in the fourth. The taxonomy is briefly evaluated and is found to work well, with a few areas that could be improved

A Taxonomy of Network and Computer Attack Methodologies

Since the invention of computers and networks, people have found various ways to attack them. Attacks over the years have ranged from using a sledge hammer on a computer, to advanced distributed denial of service attacks. This research focuses on computer and network attacks and providing a taxonomy of them. This is to help combat new attacks, improve computer and network security and to provide consistency in language when describing attacks. A wide range of computer and network attacks are examined to provide both a survey of the field and to provide a basis on which to build the proposed taxonomy. The proposed taxonomy consists of four dimensions which provide a holistic taxonomy and to deal with inherent problems in the computer and network attack field. The first dimension covers the attack vector and the main behaviour of the attack. The second dimension allows for classification of the attack targets. Vulnerabilities are classified in the third dimension and payloads in the fourth. The taxonomy is briefly evaluated and is found to work well, with a few areas that could be improved. Acknowledgements Firstly I would like to thank my supervisor, Associate Professor Ray Hunt. This research project has been interesting and I have appreciated having you as a supervisor. Thank you to Jay Garden, Nick Lavery an

Norovirus genogroup II gastroenteritis in hospitalized children in South India

Contains fulltext : 125722.pdf (publisher's version ) (Open Access)The distribution of norovirus (NoV) genogroup II in children < 5 years of age admitted to a south Indian hospital with diarrhea was investigated. Viral RNA extracted from 282 stool samples were screened for NoV GII and positive amplicons sequenced. Twenty-eight (9.9%) had NoV GII infection with a median age of 6 months, with more severe episodes of diarrhea among infected (median Vesikari score 13, interquartile range [IQR] 10-15) than children without infection (median score 10, IQR 8-13, P = 0.002). The study documents NoV GII infections as an important cause of gastroenteritis and the genetic diversity of circulating strains

Evaluating the diagnosis and treatment of Chlamydia trachomatis and Neisseria gonorrhoeae in pregnant women to prevent adverse neonatal consequences in Gaborone, Botswana: protocol for the Maduo study.

BackgroundChlamydia trachomatis (CT) and Neisseria gonorrhoeae (NG) are extremely common sexually transmitted infections (STIs) that are associated with adverse birth and neonatal outcomes, and the risk of vertical transmission of CT and NG during delivery is high. The majority of CT and NG infections are asymptomatic and missed by the standard of care in most countries (treatment based on symptoms). Thus, it is likely that missed maternal CT and NG infections contribute to preventable adverse health outcomes among women and children globally. This study aims to assess the effectiveness of CT and NG testing for asymptomatic pregnant women to prevent adverse neonatal outcomes, understand the inflammatory response linking CT and NG infections to adverse neonatal outcomes, and conduct an economic analysis of the CT and NG testing intervention.MethodsThe Maduo ("results" in Setswana) is a prospective, cluster-controlled trial in Gaborone, Botswana to compare a near point-of-care CT and NG testing and treatment intervention implemented in "study clinics" with standard antenatal care (World Health Organization-endorsed "syndromic management" strategy based on signs and symptoms without laboratory confirmation) implemented in "standard of care clinics" among asymptomatic pregnant women. The primary outcome is vertical transmission of CT/NG infection. Secondary outcomes include preterm birth (delivery &lt; 37 completed weeks of gestation) and/or low birth weight (&lt; 2500&nbsp;g). The trial will also evaluate immunological and inflammatory markers of adverse neonatal outcomes, as well as the costs and cost-effectiveness of the intervention compared with standard care.DiscussionThe Maduo study will improve our understanding of the effectiveness and cost-effectiveness of CT and NG testing among asymptomatic pregnant women. It will also increase knowledge about the CT/NG-related immune responses that might drive adverse neonatal outcomes. Further, results from this study could encourage expansion of STI testing during antenatal care in low resource settings and improve maternal and neonatal health globally.Trial registrationThis trial is registered with ClinicalTrials.gov (Identifier NCT04955717, First posted: July 9, 2021))