• DocumentCode
    18009
  • Title

    Mitigating XML Injection 0-Day Attacks through Strategy-Based Detection Systems

  • Author

    Rosa, T.M. ; Santin, A.O. ; Malucelli, A.

  • Volume
    11
  • Issue
    4
  • fYear
    2013
  • fDate
    July-Aug. 2013
  • Firstpage
    46
  • Lastpage
    53
  • Abstract
    The underlying technologies used by Web services bring known vulnerabilities to a new environment as well as increased targeting by attackers. The classical approaches--knowledge and signature based, respectively--for attack detection either produce high false positive detection rates or fails to detect attack variations, leading to 0-day attacks. To counter this trend, an ontology can help build a strategy-based knowledge attack database. A novel hybrid attack detection engine brings together the main advantages of knowledge- and signature-based classical approaches. Moreover, it is capable of mitigating 0-day attacks for XML injection, with no false positive detection rates.
  • Keywords
    Web services; XML; database management systems; digital signatures; ontologies (artificial intelligence); Web services; XML injection 0-day attack mitigation; attack detection; hybrid attack detection engine; knowledge classical approach; ontology; signature based classical approach; strategy-based detection system; strategy-based knowledge attack database; Computer security; Databases; Intrusion detection; Ontologies; Security; Web services; XML; 0-day attack; Web services; XML injection; intrusion detection system; ontology; zero-day;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2012.83
  • Filename
    6216348
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=18009