Ontology of input validation attack patterns on web applications

• Authors: Adio Akinwale , Joseph Shonubi , Adebayo Adekoya , Adesina Sodiya , Tosin Mewomo
• Languages of publication: PL EN

Abstracts

Web applications have been the main intrusion target, and input errors from the web users lead to serious security vulnerabilities. Many web applications contain such errors, making them vulnerable to remotely exploitable input validation attacks such as SQL Injection, Command Injection, Meta-Characters, Formatting String, Path Traversal and Cross Site scripting. In this paper, we present ontology to represent patterns of input validation attacks on web applications. More specifically, our ontology is based on individual subclasses, properties and inverse functional properties, domain and range of input validation attack patterns. The ontology is implemented and interpreted with the web application development language OWL (Ontology Web Language).

Keywords

EN

input validation attacks; patterns; ontology; web application

• Publisher: Wydawnictwo Uniwersytetu Ekonomicznego we Wrocławiu
• Journal: Informatyka Ekonomiczna
• Year: 2013
• Issue: 4(30)
• Pages: 11-23

Contributors

author

Adio Akinwale

• Federal University of Agriculture, P. M. B. 2240, Abeokuta

author

Joseph Shonubi

• Federal University of Agriculture, P. M. B. 2240, Abeokuta

author

Adebayo Adekoya

• Federal University of Agriculture, P. M. B. 2240, Abeokuta

author

Adesina Sodiya

• Federal University of Agriculture, P. M. B. 2240, Abeokuta

author

Tosin Mewomo

• Federal University of Agriculture, P. M. B. 2240, Abeokuta

References

• Crosbie M., Price K., Curry D.A., Intrusion Detection Systems, www.cerias.purdue.edu/about/history/coast_resources/idcontent/ids.html [accessed: 9.03.2004].
• Fernandez D., Detección De Intrusos En GNU/Linux, 2007, www.emagister.com [accessed: 19.07.2011].
• Intrusion Detection System (2009), www.cerias.purdue.edu/coast/intrusion-detection/ids.html [accessed:21.06.2011].
• Jordan G.-V., Command Injections, School of Information Tech. and Engineering University of Ottawa, Ottawa 2009.
• Nalluri A., Kar D.C, A Web-Based System for Intrusion Detection, CCSC: South Central Conference, 2005.
• Noy N.F., McGuinnes D.L., Ontology Development 101(2002): A Guide to Creating Your First Ontology, Technical Report, Stanford University, http: //protege.stanford.edu/publications/ontologydevelopment/ontology101-noy-mcguinness.html.
• Scarfone K., Mell P., Guide to Intrusion Detection and Prevention Systems (IDPS), “Computer Security”, February 2007.
• Su Z., Wassermann G., The Essence of Command Injection Attacks in Web Applications, University of California, Davis 2009.
• ˇSv´ab-Zamazal O., Sv´atek V., Pattern-Based Ontology Transformation Service, Online Paper, 2008.
• Category of Web-Based Attacks (2010), www.mediawiki.com [accessed: 17.02.2012].
• Undercoffer J., Joshi A., Pinkston J., Modeling Computer Attacks: An Ontology for Intrusion Detection, 2003.
• Understanding the Cause and Effect of CSS Vulnerabilities (2009),www.technicalinfo.net/papers/CSS.html [accessed: 20.02.2012].
• Varshovi A., Sadeghiyan B., Ontological Classification of Network Denial of Service Attacks: Basis for a United Detection Framework, 2004.