10,746 Hits in 6.6 sec

Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications

Oswaldo Olivo, Isil Dillig, Calvin Lin
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
The main contribution of this paper is a static analysis for detecting second-order DoS vulnerabilities in web applications.  ...  We have implemented our analysis in a tool called Torpedo, and we show that Torpedo can successfully detect second-order DoS vulnerabilities in widely used web applications written in PHP.  ...  This work was funded in part by AFRL Award FA8750-15-2-0096 and NSF grants CNS-1138506 and DRL-1441009.  ... 
doi:10.1145/2810103.2813680 dblp:conf/ccs/OlivoDL15 fatcat:6ualke5awberlnokteo4bgqvmm

CloudZombie: Launching and Detecting Slow-Read Distributed Denial of Service Attacks from the Cloud

Saeed Shafieian, Mohammad Zulkernine, Anwar Haque
2015 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing  
It is a new type of application-layer denial of service attacks that exploits vulnerabilities in the HTTP protocol in order to make services inaccessible for legitimate users on a target machine.  ...  As the Cloud is becoming more ubiquitous and less expensive to utilize, a new class of denial of service attacks is emerging.  ...  Finally, we would like to thank the anonymous reviewers for their insightful and constructive comments.  ... 
doi:10.1109/cit/iucc/dasc/picom.2015.261 dblp:conf/IEEEcit/ShafieianZH15 fatcat:65n4pxdf7nbn3chquanuhtichm

[Preprint] ObjectMap: Detecting Insecure Object Deserialization

Koutroumpouchos Nikolaos, Lavdanis Georgios, Veroni Eleni, Ntantogian Christoforos, Xenakis Christos
2019 Zenodo  
We aim to fill this gap by proposing ObjectMap, an extendable tool for the detection of deserialization and object injection vulnerabilities in Java and PHP based web applications.  ...  In recent years there is a surge of serialization-based vulnerabilities in web applications which have led to serious incidents, exposing private data of millions of individuals.  ...  and application denial of service, depending on the context  ... 
doi:10.5281/zenodo.3553676 fatcat:xftaoool4rgcdjckkbzlg7ymo4

Detection of Firewall Fingerprinting and Vulnerability Prevention by Denial of Attacks on Web Application

Dilli Babu M, Balamani M, Mukesh G
2019 IJARCCE  
Hackers / intruders exploit the firewall (host based) using malicious scripts and access the server / applications. In this project, we analyse firewall finger printing and denial of firewalling.  ...  Firewalls are most important and critical devices which provides securities against all vulnerabilities. Firewall handles all the traffic in and out of the network.  ...  An intruder however can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits. D.  ... 
doi:10.17148/ijarcce.2019.8254 fatcat:azz4f3wjizf4jlspbrh4lmnmfu

SensorWebIDS: a web mining intrusion detection system

C.I. Ezeife, Jingyu Dong, A.K. Aggarwal
2008 International Journal of Web Information Systems  
Jingyu Dong received his M.Sc. in Computer Science from the University of Windsor, in Fall 2006 in the area of data mining for web intrusion detection, under the supervision of Dr. Christie I.  ...  He has been employed in the industry working in network, database and web related embedded system programming for a number of years now and is currently with  ...  Such an attack can be detected by monitoring the failed login attempts in a period of time. 3. Denial of Service Attack: DoS attacks can be performed on most modern software and operating systems.  ... 
doi:10.1108/17440080810865648 fatcat:gxvkfmm535gbfaxpjaid2idmje

API Vulnerabilities In Cloud Computing Platform: Attack And Detection

Muhammad Azizi Mohd Ariffin, Mohd Faisal Ibrahim, Zolidah Kasiran
2020 International Journal of Engineering Trends and Technoloy  
This paper presents the topic of API Vulnerabilities in Cloud Computing Platform: Attack and Detection. We will discuss the vulnerabilities of the API in cloud management software.  ...  Once exploited, it can cause security issue and disrupt the availability of services running on the cloud infrastructure.  ...  To address the threat due to the vulnerabilities of the API, we need to detect on-going attack which exploits the vulnerabilities.  ... 
doi:10.14445/22315381/cati1p202 fatcat:mvtgzmrdrvgklnipjp73rvbx2m

Intrusion Tolerance of Stealth DoS Attacks to Web Services [chapter]

Massimo Ficco, Massimiliano Rak
2012 IFIP Advances in Information and Communication Technology  
This paper focuses on one of the most harmful categories of Denial of Service attacks, commonly known in the literature as "stealth" attacks.  ...  They are performed avoiding to send significant volumes of data, by injecting into the network a low-rate flow of packets in order to evade rate-controlling detection mechanisms.  ...  Acknowledgment This research is partially supported by FP7-ICT-2009-5-256910 (mOSAIC) project and the MIUR-PRIN 2008 project "Cloud@Home".  ... 
doi:10.1007/978-3-642-30436-1_52 fatcat:7egoaerz7jf7haudnrfuti36qi

A Case Study of the Impact of Denial of Service Attacks in Cloud Applications

Hosam F. El-Sofany, King Khalid University, Abha, Kingdom of Saudi Arabia, Samir A. El-Seoud, Islam A. T. F. Taj-Eddin
2019 Journal of Communications  
the impact of DoS attacks in cloud applications.  ...  Among the numerous cloud attacks that can target the cloud computing systems, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks can cause a major problem in cloud security.  ...  He is interested also in the subject of quality assurance in research and education. Currently he is a Lecturer at the IT dept., FCI, Assiut Univ. E-mail:;  ... 
doi:10.12720/jcm.14.2.153-158 fatcat:rnk2hl6td5gdrhqejytzbnqsue

The solution of denial of service attack on ordered broadcast Intent

Ji-Soo Oh, Min-Woo Park, Tai-Myoung Chung
2014 16th International Conference on Advanced Communication Technology  
Denial of service (DoS) attack on ordered broadcasts is a typical attack that exploits vulnerabilities of message passing.  ...  In this paper, we propose a security framework for detecting DoS attacks on ordered broadcasts.  ...  There is a typical attack that exploits vulnerabilities of ordered broadcast Intents, called denial of service (DoS) attack on ordered broadcasts.  ... 
doi:10.1109/icact.2014.6778989 fatcat:atuqsezpbbgzbenjau5jsyfmii

XSD DDoS Trace Handler in Web Service Environment

A. Murugan, K. Vivekanandan
2015 Journal of Software  
Web services became a crucial tool for most of the Internet and Intranet applications and distributed systems due to its interoperability.  ...  Currently he is pursing research in SOA and web service security. K.  ...  proposing an effective methodology of utilizing the physical address to detect the unsolicited user and examining the XML with schema and by encoding strategies.  ... 
doi:10.17706//jsw.10.9.1086-1095 fatcat:e6dhzxgzcvdevosakcb6kc67v4

XSD DDoS Trace Handler in Web Service Environment

A. Murugan, K. Vivekanandan
2015 Journal of Software  
Web services became a crucial tool for most of the Internet and Intranet applications and distributed systems due to its interoperability.  ...  Currently he is pursing research in SOA and web service security. K.  ...  proposing an effective methodology of utilizing the physical address to detect the unsolicited user and examining the XML with schema and by encoding strategies.  ... 
doi:10.17706/jsw.10.9.1086-1095 fatcat:zwzurtohj5ajzjf7bry3bjvudu

Method of analyzing computer traffic based on recurrent neural networks

V A Chastikova, V V Sotnikov
2019 Journal of Physics, Conference Series  
There overview of perspective approaches for analyzing network traffic in order to detect attacks is provided. The authors investigated the largest and currently the most relevant CICIDS2018 dataset.  ...  The methods of dealing with the class imbalance in a dataset by adapting the Focal Loss function to the problem of traffic analysis are considered.  ...  , botnet attack, denial of service attack, distributed denial of service attack, attack on web applications, as well as inside network attack via backdoor in one of the client hosts.  ... 
doi:10.1088/1742-6596/1353/1/012133 fatcat:rzuydtyo7bf4nbmqo3kkle6b3m

Attacks on Web Services Need to Secure XML on Web

Abhinav Nath Gupta, Santhi Thilagam P
2013 Computer Science & Engineering An International Journal  
Several attacks use XML and most of them lies in the category of XML injection.XML based attacks discussed in this study covered a variety of attacks for example Denial of Services and Data Theft, escalation  ...  Web Services are the newest mechanism of communication among applications. Web Services are independent of both hardware and software infrastructure, they are very flexible and scalable.  ...  A lot of attacks which are discussed in this study exploits vulnerabilities related to xml processing and since web service highly depends on xml those attacks can easily be mounted on web services.  ... 
doi:10.5121/cseij.2013.3501 fatcat:yxiiwzvfabeubia273f6ttlm4e

A new taxonomy of Web attacks suitable for efficient encoding

Gonzalo Álvarez, Slobodan Petrović
2003 Computers & security  
Applications of the taxonomy and the encoding scheme are described, such as intrusion detection systems and application firewalls.  ...  As an effort in this direction, a new taxonomy of web attacks is proposed in this paper, with the objective of obtaining a useful reference framework for security applications.  ...  In the second case, the attack will exploit vulnerabilities in the web server or the web application to stop normal service.  ... 
doi:10.1016/s0167-4048(03)00512-1 fatcat:oxlgtlanfbgthmuqsp3eqgh27e

Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities

Richard Chang, Guofei Jiang, Franjo Ivancic, Sriram Sankaranarayanan, Vitaly Shmatikov
2009 2009 22nd IEEE Computer Security Foundations Symposium  
As networked systems grow in complexity, they are increasingly vulnerable to denial-of-service (DoS) attacks involving resource exhaustion.  ...  These DoS attacks exploit the semantics of the target application, are rarely associated with network traffic anomalies, and are thus extremely difficult to detect using conventional methods.  ...  Detecting software defects that can be exploited to cause denial of service is a challenging task.  ... 
doi:10.1109/csf.2009.13 dblp:conf/csfw/ChangJISS09 fatcat:xyjzghrecna5jjryuhdgphrq4y
« Previous Showing results 1 — 15 out of 10,746 results