Opportunistic Diversity-Based Detection of Injection Attacks in Web Applications

Wenyu Qu, Wei Huo, Lingyu Wang
2018 EAI Endorsed Transactions on Security and Safety  
Web-based applications delivered using clouds are becoming increasingly popular due to less demand of client-side resources and easier maintenance than desktop counterparts. At the same time, larger attack surfaces and developers' lack of security proficiency or awareness leave Web applications particularly vulnerable to security attacks. On the other hand, diversity has long been considered as a viable approach to detecting security attacks since functionally similar but internally different
more » ... riants of an application will likely respond to the same attack in different ways. However, most diversity-by-design approaches have met difficulties in practice due to the prohibitive cost in terms of both development and maintenance. In this work, we propose to employ opportunistic diversity inherent to Web applications and their database backends to detect injection attacks. We first conduct a case study of common vulnerabilities to confirm the potential of opportunistic diversity for detecting potential attacks. We then devise a multi-stage approach to examine features extracted from the database queries, their effect on the database, the query results, as well as the user-end results. Next, we combine the partial results obtained from different stages using a learning-based approach to further improve the detection accuracy. Finally, we evaluate our approach using a real world Web application. Bleed vulnerability [1] has clearly demonstrated the importance of improving applications' robustness against novel zero day attacks exploiting undiscovered vulnerabilities. On the other hand, this is clearly a challenging task since signature-based detection mostly only works for known attacks, whereas anomaly detection is well known to suffer from inaccuracy. In a slightly different context, software diversity has traditionally been regarded as a promising mechanism for improving the robustness of a software system against unknown attacks [2] . More recently, diversity has found new applications in cloud computing security [3], Moving Target Defense (MTD) [4], network security [5] , and network routing [6] (a more detailed review of related work will be given in Section 2). By comparing outputs [7] or behaviors [8] of multiple software replicas with diverse implementation details, security attacks may be detected and tolerated as 1
doi:10.4108/eai.11-12-2018.156032 fatcat:4rbyn3sgfnctboeft44ng5f7zu