Detection of Parameter Manipulation Using Global Sequence Alignment

Web application parameter contains identical structure and value. As a result, parameter features repetition of identical variable name and keyword. The characteristic of the keywords can be represented by being extracted from parameter. In order to measure the identity between two sequences, genome alignment which has been much studied in bioinformatics can be applied. We extract keyword sequences from the parameter of the Web application considering the structural aspects of the application and apply the genome alignment method to measuring the identity between two parameter sequences in order to detect the parameter manipulation. An experiment shows that our method detects parameter manipulation and, moreover, previously unknown attacks as well as variations of known attacks

[1]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[2]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[3]  W. A. Beyer,et al.  Some Biological Sequence Metrics , 1976 .

[4]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[5]  Min Wu,et al.  Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[6]  Giuseppe A. Di Lucca,et al.  Identifying cross site scripting vulnerabilities in Web applications , 2004, Proceedings. Sixth IEEE International Workshop on Web Site Evolution.

[7]  Jacques Cohen,et al.  Bioinformatics—an introduction for computer scientists , 2004, CSUR.

[8]  Christus,et al.  A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins , 2022 .

[9]  David Barkan A parallel implementation of the Needleman-Wunsch algorithm for global gapped pair-wise alignment , 2002 .

[10]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[11]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[12]  David Wong,et al.  Hacking Exposed Web Applications: Web Application Security Secrets & Solutions , 2002 .

[13]  Shawn Ostermann,et al.  Detecting network intrusions via a statistical analysis of network packet characteristics , 2001, Proceedings of the 33rd Southeastern Symposium on System Theory (Cat. No.01EX460).