PL EN


2013 | 4(30) | 11-23
Article title

Ontology of input validation attack patterns on web applications

Content
Title variants
Languages of publication
PL EN
Abstracts
Web applications have been the main intrusion target, and input errors from the web users lead to serious security vulnerabilities. Many web applications contain such errors, making them vulnerable to remotely exploitable input validation attacks such as SQL Injection, Command Injection, Meta-Characters, Formatting String, Path Traversal and Cross Site scripting. In this paper, we present ontology to represent patterns of input validation attacks on web applications. More specifically, our ontology is based on individual subclasses, properties and inverse functional properties, domain and range of input validation attack patterns. The ontology is implemented and interpreted with the web application development language OWL (Ontology Web Language).
Year
Issue
Pages
11-23
Physical description
Contributors
author
  • Federal University of Agriculture, P. M. B. 2240, Abeokuta
  • Federal University of Agriculture, P. M. B. 2240, Abeokuta
  • Federal University of Agriculture, P. M. B. 2240, Abeokuta
  • Federal University of Agriculture, P. M. B. 2240, Abeokuta
author
  • Federal University of Agriculture, P. M. B. 2240, Abeokuta
References
  • Crosbie M., Price K., Curry D.A., Intrusion Detection Systems, www.cerias.purdue.edu/about/history/coast_resources/idcontent/ids.html [accessed: 9.03.2004].
  • Fernandez D., Detección De Intrusos En GNU/Linux, 2007, www.emagister.com [accessed: 19.07.2011].
  • Intrusion Detection System (2009), www.cerias.purdue.edu/coast/intrusion-detection/ids.html [accessed:21.06.2011].
  • Jordan G.-V., Command Injections, School of Information Tech. and Engineering University of Ottawa, Ottawa 2009.
  • Nalluri A., Kar D.C, A Web-Based System for Intrusion Detection, CCSC: South Central Conference, 2005.
  • Noy N.F., McGuinnes D.L., Ontology Development 101(2002): A Guide to Creating Your First Ontology, Technical Report, Stanford University, http: //protege.stanford.edu/publications/ontologydevelopment/ontology101-noy-mcguinness.html.
  • Scarfone K., Mell P., Guide to Intrusion Detection and Prevention Systems (IDPS), “Computer Security”, February 2007.
  • Su Z., Wassermann G., The Essence of Command Injection Attacks in Web Applications, University of California, Davis 2009.
  • ˇSv´ab-Zamazal O., Sv´atek V., Pattern-Based Ontology Transformation Service, Online Paper, 2008.
  • Category of Web-Based Attacks (2010), www.mediawiki.com [accessed: 17.02.2012].
  • Undercoffer J., Joshi A., Pinkston J., Modeling Computer Attacks: An Ontology for Intrusion Detection, 2003.
  • Understanding the Cause and Effect of CSS Vulnerabilities (2009),www.technicalinfo.net/papers/CSS.html [accessed: 20.02.2012].
  • Varshovi A., Sadeghiyan B., Ontological Classification of Network Denial of Service Attacks: Basis for a United Detection Framework, 2004.
Document Type
Publication order reference
Identifiers
YADDA identifier
bwmeta1.element.desklight-6102cb04-2b3b-499a-9644-eda021ecfaf3
JavaScript is turned off in your web browser. Turn it on to take full advantage of this site, then refresh the page.