论文信息 - Lexical Analysis for the Webshell Attacks

Lexical Analysis for the Webshell Attacks

In this paper, we proposed a design considering for web application firewall system. Anyway, the website managing, web technology and hacker technology are vastly different from each other, whilst hacker techs are keep on moving forward, while company and government MIS are difficult of updating their information to the latest state due to working, they are often not updated and followed to the latest stuffs. And moreover, these newest techs are in generally needed to be figured out whether it matches the compatibility of the old versions, such as the recent PHP 7, many MIS are not capable to update their software to handle the variants of WAF bypass methods.

Lawrence Y. Deng | Dong Liang Lee | Yung-Hui Chen | Lim Xiang Yann

[1] Konrad Rieck,et al. TokDoc: a self-healing web application firewall , 2010, SAC '10.

[2] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.

[3] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.

[4] R. Sekar. An Efficient Black-box Technique for Defeating Web Application Attacks , 2009, NDSS.

[5] Azizah Abdul Rahman,et al. Dynamic Multi Layer Signature based Intrusion Detection system Using Mobile Agents , 2010, ArXiv.

[6] Egidijus Kazanavičius,et al. Securing Web Application by Embedded Firewall , 2012 .

[7] Asaad Moosa,et al. Artificial Neural Network based Web Application Firewall for SQL Injection , 2010 .

[8] Ying Chen,et al. Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[9] Wouter Joosen,et al. Bridging the gap between web application firewalls and web applications , 2006, FMSE '06.

[10] V. N. Venkatakrishnan,et al. CANDID: preventing sql injection attacks using dynamic candidate evaluations , 2007, CCS '07.

[11] Marianne Winslett,et al. Proceedings of the fourth ACM workshop on Formal methods in security , 2006, CCS 2006.

[12] Bruce W. Weide,et al. Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.