An improved filter against injection attacks using regex and machine learning

被引:0
|
作者
Chegu S.
Reddy G.U.
Bhambore B.S.
Adeab K.A.
Honnavalli P.
Eswaran S.
机构
来源
Network Security | 2022年 / 2022卷 / 09期
关键词
Machine learning;
D O I
10.12968/S1353-4858(22)70055-4
中图分类号
学科分类号
摘要
Injection-based attacks have consistently made the Open Web Application Security Project (OWASP)Top 10 vulnerabilities for years.1Common types of injection attacks include SQL injection, cross-site scripting (XSS) and code injection. Filter engines are used to detect and sanitise user inputs for these malicious attacks. The user input is assumed to be tainted by default. Thus, the ability of a filter in terms of accuracy and latency is important. There exist various approaches to improve filters, primarily including techniques based on regular expressions (regexes), abstract syntax tree, machine learning and so on. However, the testing of modern solutions has achieved no more than 98.5% accuracy for XSS. This article looks at ways to improve accuracy.. © 2022 MA Healthcare Ltd. All rights reserved.
引用
收藏
相关论文
共 50 条
  • [1] Detecting SQL Injection Attacks in Cloud SaaS using Machine Learning
    Tripathy, Dharitri
    Gohil, Rudrarajsinh
    Halabi, Talal
    2020 IEEE 6TH INT CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / 6TH IEEE INT CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING, (HPSC) / 5TH IEEE INT CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), 2020, : 145 - 150
  • [2] Detecting Data Injection Attacks in ROS Systems using Machine Learning
    Antunes, Rodrigo Abrantes
    Dalmazo, Bruno L.
    Drews-Jr, Paulo L. J.
    2022 LATIN AMERICAN ROBOTICS SYMPOSIUM (LARS), 2022 BRAZILIAN SYMPOSIUM ON ROBOTICS (SBR), AND 2022 WORKSHOP ON ROBOTICS IN EDUCATION (WRE), 2022, : 223 - 228
  • [3] Defending SDN against packet injection attacks using deep learning
    Phu, Anh Tuan
    Li, Bo
    Ullah, Faheem
    Ul Huque, Tanvir
    Naha, Ranesh
    Babar, Muhammad Ali
    Nguyen, Hung
    COMPUTER NETWORKS, 2023, 234
  • [4] Poisoning Attacks Against Machine Learning: Can Machine Learning Be Trustworthy?
    Oprea, Alina
    Singhal, Anoop
    Vassilev, Apostol
    COMPUTER, 2022, 55 (11) : 94 - 99
  • [5] Coin Flipping PUF: A Novel PUF With Improved Resistance Against Machine Learning Attacks
    Tanaka, Yuki
    Bian, Song
    Hiromoto, Masayuki
    Sato, Takashi
    IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II-EXPRESS BRIEFS, 2018, 65 (05) : 602 - 606
  • [6] Development of a Compressive Framework Using Machine Learning Approaches for SQL Injection Attacks
    Deriba, Fitsum Gizachew
    SALAU, Ayodeji Olalekan
    Mohammed, Shaimaa Hadi
    Kassa, Tsegay Mullu
    Demilie, Wubetu Barud
    PRZEGLAD ELEKTROTECHNICZNY, 2022, 98 (07): : 181 - 187
  • [7] Machine Learning Attacks Against the Asirra CAPTCHA
    Golle, Philippe
    CCS'08: PROCEEDINGS OF THE 15TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2008, : 535 - 542
  • [8] Analysis and Mitigation of Bias Injection Attacks Against a Kalman Filter
    Milosevic, Jezdimir
    Tanaka, Takashi
    Sandberg, Henrik
    Johansson, Karl Henrik
    IFAC PAPERSONLINE, 2017, 50 (01): : 8393 - 8398
  • [9] A taxonomy and survey of attacks against machine learning
    Pitropakis, Nikolaos
    Panaousis, Emmanouil
    Giannetsos, Thanassis
    Anastasiadis, Eleftherios
    Loukas, George
    COMPUTER SCIENCE REVIEW, 2019, 34
  • [10] Matrix-Completion-Based False Data Injection Attacks Against Machine Learning Detectors
    Liu, Bo
    Wu, Hongyu
    Yang, Qihui
    Zhang, Hang
    Liu, Yajing
    Zhang, Yingchen
    IEEE TRANSACTIONS ON SMART GRID, 2024, 15 (02) : 2146 - 2163
12345