Protecting Code Injection Attacks in Intelligent Transportation System

TMC (traffic management system) is the vital unit of Intelligent Transport System (ITS) as it provides complex services by interacting with other smart devices, objects and infrastructure wirelessly. However, there is growing concern about the threat of cyber attacks against connected cars, autonomous vehicles, and Smart Roads, as attacks on these will be more highly visible, have a more immediate effect, and potentially have a disastrous impact on public safety. Code injection attacks pose a serious security threat among the Internet community. In this paper, we provide a security model on ITS against network attacks. We undertake a comprehensive requirement analysis of access control mechanisms for ITS in particular malicious code injections. We propose an innovative solution to filter the SQL and XSS injection attacks by using Snort IDS. The proposed detection technique uses Snort tool by augmenting a number of additional Snort rules. Experimental results from simulations based on Snort rules show that our techniques outperform similar existing techniques.

[1]  Sainath Patil Assi Honeyweb : a web-based high interaction client honeypot , 2012 .

[2]  Izzat Alsmadi,et al.  Efficient Assessment and Evaluation for Websites Vulnerabilities Using SNORT , 2013 .

[3]  P. Kumar,et al.  A survey on SQL injection attacks, detection and prevention techniques , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[4]  Zhi-jian Wang,et al.  Notice of RetractionA Static Analysis Tool for Detecting Web Application Injection Vulnerabilities for ASP Program , 2010, 2010 2nd International Conference on E-business and Information System Security.

[5]  Janez Demsar,et al.  Statistical Comparisons of Classifiers over Multiple Data Sets , 2006, J. Mach. Learn. Res..

[6]  Sevil Sen,et al.  A survey of attacks and detection mechanisms on intelligent transportation systems: VANETs and IoV , 2017, Ad Hoc Networks.

[7]  -. THesketh,et al.  Rule generalisation in intrusion detection systems using SNORT , 2008, Int. J. Electron. Secur. Digit. Forensics.

[8]  J. Koenderink Q… , 2014, Les noms officiels des communes de Wallonie, de Bruxelles-Capitale et de la communaute germanophone.

[9]  Nalini A. Mhetre,et al.  A novel approach for detection of SQL injection and cross site scripting attacks , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[10]  Steven T. Eckmann Translating Snort rules to STATL scenarios , 2001 .

[11]  Hussein Alnabulsi,et al.  GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks , 2018, IEEE Access.

[12]  Md Rafiqul Islam,et al.  Detecting SQL injection attacks using SNORT IDS , 2014, Asia-Pacific World Congress on Computer Science and Engineering.

[13]  Hussein Alnabulsi,et al.  A novel algorithm to protect code injection attacks , 2017 .

[14]  Zhoujun Li,et al.  SQL Injection Detection with Composite Kernel in Support Vector Machine , 2012 .

[15]  Izzat Alsmadi,et al.  Textual Manipulation for SQL Injection Attacks , 2013 .

[16]  M. E. Kabay,et al.  Writing Secure Code , 2015 .