Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Jennifer Bellizzi and Mark Vella

Affiliation: University of Malta, Malta

Keyword(s): Web Code-injections, Dynamic Binary Instrumentation, JIT Binary Modification.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention ; Network Security ; Reliability and Dependability ; Security Deployment ; Security in Information Systems ; Wireless Network Security

Abstract: Web applications constitute a prime target for attacks. A subset of these inject code into their targets, posing a threat to the entire hosting infrastructure rather than just to the compromised application. Existing web intrusion detection systems (IDS) are easily evaded when code payloads are obfuscated. Dynamic analysis in the form of instruction set emulation is a well-known answer to this problem, which however is a solution for off-line settings rather than the on-line IDS setting and cannot be used for all types of web attacks payloads. Host-based approaches provide an alternative, yet all of them impose runtime overheads. This work proposes just-in-time (JIT) binary modification complemented with payload-based heuristics for the provision of obfuscation-resistant web IDS at the network level. A number of case studies conducted with WeXpose, a prototype implementation of the technique, shows that JIT binary modification fits the on-line setting due to native instruction execut ion, while also isolating harmful attack side-effects that consequentially become of concern. Avoidance of emulation makes the approach relevant to all types of payloads, while payload-based heuristics provide practicality. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.221.158.39

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Bellizzi, J. and Vella, M. (2015). WeXpose: Towards on-Line Dynamic Analysis of Web Attack Payloads using Just-In-Time Binary Modification. In Proceedings of the 12th International Conference on Security and Cryptography (ICETE 2015) - SECRYPT; ISBN 978-989-758-117-5; ISSN 2184-3236, SciTePress, pages 5-15. DOI: 10.5220/0005502600050015

@conference{secrypt15,
author={Jennifer Bellizzi and Mark Vella},
title={WeXpose: Towards on-Line Dynamic Analysis of Web Attack Payloads using Just-In-Time Binary Modification},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography (ICETE 2015) - SECRYPT},
year={2015},
pages={5-15},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005502600050015},
isbn={978-989-758-117-5},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 12th International Conference on Security and Cryptography (ICETE 2015) - SECRYPT
TI - WeXpose: Towards on-Line Dynamic Analysis of Web Attack Payloads using Just-In-Time Binary Modification
SN - 978-989-758-117-5
IS - 2184-3236
AU - Bellizzi, J.
AU - Vella, M.
PY - 2015
SP - 5
EP - 15
DO - 10.5220/0005502600050015
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic