The Community for Technology Leaders
Green Image
Issue No. 04 - July-Aug. (2013 vol. 11)
ISSN: 1540-7993
pp: 46-53
Thiago Mattos Rosa , Exxon Mobil Information Technology
Altair Olivo Santin , Pontifical Catholic University of Parana
Andreia Malucelli , Pontifical Catholic University of Parana
The underlying technologies used by Web services bring known vulnerabilities to a new environment as well as increased targeting by attackers. The classical approaches--knowledge and signature based, respectively--for attack detection either produce high false positive detection rates or fails to detect attack variations, leading to 0-day attacks. To counter this trend, an ontology can help build a strategy-based knowledge attack database. A novel hybrid attack detection engine brings together the main advantages of knowledge- and signature-based classical approaches. Moreover, it is capable of mitigating 0-day attacks for XML injection, with no false positive detection rates.
Ontologies, Databases, XML, Intrusion detection, Web services, Security, Computer security, 0-day attack, intrusion detection system, ontology, Web services, XML injection, zero-day

A. O. Santin, A. Malucelli and T. M. Rosa, "Mitigating XML Injection 0-Day Attacks through Strategy-Based Detection Systems," in IEEE Security & Privacy, vol. 11, no. , pp. 46-53, 2013.
169 ms
(Ver 3.3 (11022016))