Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System

Thiago Mattos; Altair Santin; Andreia Malucelli

doi:10.1109/MSP.2012.83

Security&Privacy
PrePrints
Abstract - Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Thiago Mattos Articles by Altair Santin Articles by Andreia Malucelli

Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System

PrePrint

ISSN: 1540-7993

	ASCII Text	x
	Thiago Mattos, Altair Santin, Andreia Malucelli, "Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System," IEEE Security & Privacy, vol. 99, no. 1, pp. , , 5555.

	BibTex	x
	@article{ 10.1109/MSP.2012.83, author = {Thiago Mattos and Altair Santin and Andreia Malucelli}, title = {Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System}, journal ={IEEE Security & Privacy}, volume = {99}, number = {1}, issn = {1540-7993}, year = {5555}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2012.83}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System IS - 1 SN - 1540-7993 SP EP EPD - A1 - Thiago Mattos, A1 - Altair Santin, A1 - Andreia Malucelli, PY - 5555 VL - 99 JA - IEEE Security & Privacy ER -

Thiago Mattos, Pontifical Catholic University of Paraná , Curitiba

Altair Santin, Pontifical Catholic University of Paraná, Curitiba

Andreia Malucelli, Pontifical Catholic University of Paraná, Curitiba

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.83

WEB services have increasingly been adopted nowadays and therefore been targeted by attackers. The underlying technologies used by them bring known vulnerabilities to this new environment. The classical approach for attack detection either produce high false positive detection rates or cannot detect attack variations − leading to zero-day attacks. This paper applies ontology to build a strategy-based knowledge attack database. It is a novel hybrid attack detection engine, bringing together the main advantages of signature and knowledge-based classical approaches. Moreover, it is capable of mitigating zero-day attacks for XML injection, with no false positive detection rate.

Citation:

Thiago Mattos, Altair Santin, Andreia Malucelli, "Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System," IEEE Security & Privacy, 07 June 2012. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/MSP.2012.83>

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.