This Article 
 Bibliographic References 
 Add to: 
Mitigating XML Injection 0-Day Attacks through Strategy-Based Detection Systems
July-Aug. 2013 (vol. 11 no. 4)
pp. 46-53
Thiago Mattos Rosa, Exxon Mobil Information Technology
Altair Olivo Santin, Pontifical Catholic University of Parana
Andreia Malucelli, Pontifical Catholic University of Parana
The underlying technologies used by Web services bring known vulnerabilities to a new environment as well as increased targeting by attackers. The classical approaches--knowledge and signature based, respectively--for attack detection either produce high false positive detection rates or fails to detect attack variations, leading to 0-day attacks. To counter this trend, an ontology can help build a strategy-based knowledge attack database. A novel hybrid attack detection engine brings together the main advantages of knowledge- and signature-based classical approaches. Moreover, it is capable of mitigating 0-day attacks for XML injection, with no false positive detection rates.
Index Terms:
Ontologies,Databases,XML,Intrusion detection,Web services,Security,Computer security,0-day attack,intrusion detection system,ontology,Web services,XML injection,zero-day
Thiago Mattos Rosa, Altair Olivo Santin, Andreia Malucelli, "Mitigating XML Injection 0-Day Attacks through Strategy-Based Detection Systems," IEEE Security & Privacy, vol. 11, no. 4, pp. 46-53, July-Aug. 2013, doi:10.1109/MSP.2012.83
Usage of this product signifies your acceptance of the Terms of Use.