ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

A Survey On XML-Injection Attack Detection Systems

Journal: International Journal of Science and Research (IJSR) (Vol.3, No. 5)

Publication Date:

Authors : ; ;

Page : 1628-1631

Keywords : Signature-based detection systems; Knowledge-based detection techniques; Web services; Ontology; XML Injection;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

Web services are increasingly used as distributed systems on the Internet; they provide a standard means of interoperation among different software applications running on a variety of platforms and frameworks. However, the underlying technologies used by Web services, such as SOAP, HTTP, and XML, have fostered the deployment of well-known vulnerabilities in this new environment. This system specifically addresses XML injection attacks those that produce some change in the XML’s internal components that aims to compromise the Web service application. This can be achieved by, for instance, injecting malicious content into an XML message, such as invalid XML characters. The classical detection system approach relies on building a signature-based database, cataloging attacks independently from each other. So, the proposed system is an XML injection strategy-based detection system, XHDS, to mitigate the time gap for 0-day attacks resulting from ontology’s attack variations. Because many new and unknown attacks are derived from known strategies?considered signatures?low false-positive detection rates should occur. This project present XHDS as a hybrid approach that supports knowledge-based detection derived from a signature-based approach and then apply an ontology to design the knowledge database for XML injection attacks against Web services.

Last modified: 2014-07-03 17:27:26