8 research outputs found
Structural Learning of Attack Vectors for Generating Mutated XSS Attacks
Web applications suffer from cross-site scripting (XSS) attacks that
resulting from incomplete or incorrect input sanitization. Learning the
structure of attack vectors could enrich the variety of manifestations in
generated XSS attacks. In this study, we focus on generating more threatening
XSS attacks for the state-of-the-art detection approaches that can find
potential XSS vulnerabilities in Web applications, and propose a mechanism for
structural learning of attack vectors with the aim of generating mutated XSS
attacks in a fully automatic way. Mutated XSS attack generation depends on the
analysis of attack vectors and the structural learning mechanism. For the
kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the
structure of the attack vector model to capture the implicit manner of the
attack vector, and this manner is benefited from the syntax meanings that are
labeled by the proposed tokenizing mechanism. Bayes theorem is used to
determine the number of hidden states in the model for generalizing the
structure model. The paper has the contributions as following: (1)
automatically learn the structure of attack vectors from practical data
analysis to modeling a structure model of attack vectors, (2) mimic the manners
and the elements of attack vectors to extend the ability of testing tool for
identifying XSS vulnerabilities, (3) be helpful to verify the flaws of
blacklist sanitization procedures of Web applications. We evaluated the
proposed mechanism by Burp Intruder with a dataset collected from public XSS
archives. The results show that mutated XSS attack generation can identify
potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Recommended from our members
Transforming Access to Government Information
In Transforming Health Care Through Information Technology the PITAC offers six key recommendations that could significantly expand access to health care, improve its quality, reduce its costs, and transform the conduct of biomedical research. The PITAC sees these recommendations as critical steps toward addressing the challenges that exist to improving Americans' health and health care: *Establish pilot projects and Enabling Technology Centers to extend the practical uses of information technology to health care systems and biomedical research; *NIH, in close collaboration with NSF, DARPA, and DOE, should design and deploy a scalable national computing and information infrastructure to support the biomedical research community; *Congress should enhance existing privacy rules by enacting legislation that assures sound practices for managing personally identifiable health information; Establish programs to increase the pool of biomedical research and health care professionals with training at the intersection of health and information technology; *DHHS should outline its vision for using IT to improve health care and subsequently devote the resources to conduct the IT research critical to accomplishing these goals in the long term; and *DHHS should appoint a senior information technology leader to provide strategic leadership across DHHS and focus on the importance of information technology in addressing pressing problems in health car
Recommended from our members
Developing Open Source Software for High End Computing
In the attached report, we focus exclusively on software development for high end computing (sometimes referred to as high-performance computing or supercomputing) because of its critical importance to U. S. national security and science and engineering research. Our 1999 analysis revealed that while there were a number of high end applications ripe for exploration, the field was in need of substantial innovations in application-development software, algorithms, programming methods, component technologies, and architecture. The report makes three recommendations. First, the Federal government should aggressively encourage the development of open source software for high end computing. Adopting this recommendation will require a technical assessment of the software needs for high end computing as well as an innovative management plan and funding model for supporting this development. Second, a "level playing field" must be created within the government procurement process to facilitate open source development. Third, an analysis of open source licensing agreements is needed, with an ultimate goal of agreeing upon a single common licensing agreement for open source software applications
Recommended from our members
Using Information Technology to Transform the Way We Learn
Using Information Technology to Transform the Way We Learn highlights PITACâ s findings and recommendations on how the Federal government can provide the leadership needed to solve key information technology challenges and to improve the quality of, and public access to educational and training experiences. The overarching recommendation in this report calls for the Federal government to make the integration of information technology with education and training a national priority. In addition, the Federal government should: *Establish and coordinate a major research initiative for information technology in education and training *Establish focused government-industry-foundation partnerships to aggressively pursue the information technology research program *Develop programs that enable educators and related professionals to use information technology effectively *Work with industry and academia to develop technical standards for extendable component-based technologies and infrastructures that can be widely used in online education and trainin
Recommended from our members
Transforming Health Care Through Information Technology
In Transforming Health Care Through Information Technology the PITAC offers six key recommendations that could significantly expand access to health care, improve its quality, reduce its costs, and transform the conduct of biomedical research. The PITAC sees these recommendations as critical steps toward addressing the challenges that exist to improving Americans' health and health care: *Establish pilot projects and Enabling Technology Centers to extend the practical uses of information technology to health care systems and biomedical research; *NIH, in close collaboration with NSF, DARPA, and DOE, should design and deploy a scalable national computing and information infrastructure to support the biomedical research community; *Congress should enhance existing privacy rules by enacting legislation that assures sound practices for managing personally identifiable health information; Establish programs to increase the pool of biomedical research and health care professionals with training at the intersection of health and information technology; *DHHS should outline its vision for using IT to improve health care and subsequently devote the resources to conduct the IT research critical to accomplishing these goals in the long term; and *DHHS should appoint a senior information technology leader to provide strategic leadership across DHHS and focus on the importance of information technology in addressing pressing problems in health car