GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks

Hussein Alnabulsi, Rafiqul Islam, Majharul Talukder

Research output: Contribution to journalArticle

Abstract

Code injection attacks (CIAs) exploit security vulnerabilities and computer bugs that are caused by processing invalid codes. CIA is a problem which hackers attempt to introduce to any new method, their objective being to bypass the protection system. In this paper, we present a tool called GMSA, developed to detect a variety of CIAs, for example, cross-site scripting (XSS) attack, SQL injection attack, shell injection attack (command injection attack), and file inclusion attack. The latter consists of local file inclusion and remote file inclusion. Our empirical analysis reveals that compared with existing research, gathering multiple signatures approach (GMSA) executes a precision performance (accuracy of the proposed algorithm is 99.45%). The false positive rate (FPR) of GMSA is 0.59%, which is low compared with what other research has reported. The low FPR is the most important factor. Ideally, the defense algorithm should balance between the FPR and true positive rate (TPR) because with existing methodologies, security experts can defend against a broad range of CIAs with uncomplicated security software. Typical protection methods yield a high FPR. Our method results in high TPR while minimizing the resources needed to address the false positive. GMSA can detect four types of CIA. This is more comprehensive than other research techniques that are restricted to only two major types of CIA, namely, SQL injection and XSS attacks.

Original languageEnglish
Article number8554270
Pages (from-to)77829-77840
Number of pages12
JournalIEEE Access
Volume6
DOIs
Publication statusPublished - 30 Nov 2018

Fingerprint

Processing

Cite this

Alnabulsi, Hussein ; Islam, Rafiqul ; Talukder, Majharul. / GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks. In: IEEE Access. 2018 ; Vol. 6. pp. 77829-77840.
@article{1cd829e3d8574df79e5aa9d9dd60ef79,
title = "GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks",
abstract = "Code injection attacks (CIAs) exploit security vulnerabilities and computer bugs that are caused by processing invalid codes. CIA is a problem which hackers attempt to introduce to any new method, their objective being to bypass the protection system. In this paper, we present a tool called GMSA, developed to detect a variety of CIAs, for example, cross-site scripting (XSS) attack, SQL injection attack, shell injection attack (command injection attack), and file inclusion attack. The latter consists of local file inclusion and remote file inclusion. Our empirical analysis reveals that compared with existing research, gathering multiple signatures approach (GMSA) executes a precision performance (accuracy of the proposed algorithm is 99.45{\%}). The false positive rate (FPR) of GMSA is 0.59{\%}, which is low compared with what other research has reported. The low FPR is the most important factor. Ideally, the defense algorithm should balance between the FPR and true positive rate (TPR) because with existing methodologies, security experts can defend against a broad range of CIAs with uncomplicated security software. Typical protection methods yield a high FPR. Our method results in high TPR while minimizing the resources needed to address the false positive. GMSA can detect four types of CIA. This is more comprehensive than other research techniques that are restricted to only two major types of CIA, namely, SQL injection and XSS attacks.",
keywords = "Code injection attack (CIA), SQL injection attack, cross-site script (XSS) attack, shell injection attack, file inclusion attack (RFI, LFI)",
author = "Hussein Alnabulsi and Rafiqul Islam and Majharul Talukder",
year = "2018",
month = "11",
day = "30",
doi = "10.1109/ACCESS.2018.2884201",
language = "English",
volume = "6",
pages = "77829--77840",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",

}

GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks. / Alnabulsi, Hussein; Islam, Rafiqul; Talukder, Majharul.

In: IEEE Access, Vol. 6, 8554270, 30.11.2018, p. 77829-77840.

Research output: Contribution to journalArticle

TY - JOUR

T1 - GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks

AU - Alnabulsi, Hussein

AU - Islam, Rafiqul

AU - Talukder, Majharul

PY - 2018/11/30

Y1 - 2018/11/30

N2 - Code injection attacks (CIAs) exploit security vulnerabilities and computer bugs that are caused by processing invalid codes. CIA is a problem which hackers attempt to introduce to any new method, their objective being to bypass the protection system. In this paper, we present a tool called GMSA, developed to detect a variety of CIAs, for example, cross-site scripting (XSS) attack, SQL injection attack, shell injection attack (command injection attack), and file inclusion attack. The latter consists of local file inclusion and remote file inclusion. Our empirical analysis reveals that compared with existing research, gathering multiple signatures approach (GMSA) executes a precision performance (accuracy of the proposed algorithm is 99.45%). The false positive rate (FPR) of GMSA is 0.59%, which is low compared with what other research has reported. The low FPR is the most important factor. Ideally, the defense algorithm should balance between the FPR and true positive rate (TPR) because with existing methodologies, security experts can defend against a broad range of CIAs with uncomplicated security software. Typical protection methods yield a high FPR. Our method results in high TPR while minimizing the resources needed to address the false positive. GMSA can detect four types of CIA. This is more comprehensive than other research techniques that are restricted to only two major types of CIA, namely, SQL injection and XSS attacks.

AB - Code injection attacks (CIAs) exploit security vulnerabilities and computer bugs that are caused by processing invalid codes. CIA is a problem which hackers attempt to introduce to any new method, their objective being to bypass the protection system. In this paper, we present a tool called GMSA, developed to detect a variety of CIAs, for example, cross-site scripting (XSS) attack, SQL injection attack, shell injection attack (command injection attack), and file inclusion attack. The latter consists of local file inclusion and remote file inclusion. Our empirical analysis reveals that compared with existing research, gathering multiple signatures approach (GMSA) executes a precision performance (accuracy of the proposed algorithm is 99.45%). The false positive rate (FPR) of GMSA is 0.59%, which is low compared with what other research has reported. The low FPR is the most important factor. Ideally, the defense algorithm should balance between the FPR and true positive rate (TPR) because with existing methodologies, security experts can defend against a broad range of CIAs with uncomplicated security software. Typical protection methods yield a high FPR. Our method results in high TPR while minimizing the resources needed to address the false positive. GMSA can detect four types of CIA. This is more comprehensive than other research techniques that are restricted to only two major types of CIA, namely, SQL injection and XSS attacks.

KW - Code injection attack (CIA)

KW - SQL injection attack

KW - cross-site script (XSS) attack

KW - shell injection attack

KW - file inclusion attack (RFI, LFI)

UR - http://www.scopus.com/inward/record.url?scp=85057887237&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2884201

DO - 10.1109/ACCESS.2018.2884201

M3 - Article

VL - 6

SP - 77829

EP - 77840

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 8554270

ER -