Leveraging Parallel Hardware to Detect, Quarantine, and Repair Malicious Code Injection (#36)

VirISA: Recruiting Virtualization and Reconfigurable Processor ISA for Malicious Code Injection Protection

Components and Services for IoT Platforms ◽

10.1007/978-3-319-42304-3_7 ◽

2016 ◽

pp. 117-130

Author(s):

Apostolos P. Fournaris ◽

Georgios Keramidas ◽

Kyriakos Ispoglou ◽

Nikolaos Voros

Keyword(s):

Malicious Code ◽

Reconfigurable Processor ◽

Code Injection

Download Full-text

Fatal injection: a survey of modern code injection attack countermeasures

PeerJ Computer Science ◽

10.7717/peerj-cs.136 ◽

2017 ◽

Vol 3 ◽

pp. e136 ◽

Cited By ~ 2

Author(s):

Dimitris Mitropoulos ◽

Diomidis Spinellis

Keyword(s):

Computer Program ◽

Program Analysis ◽

False Positives ◽

Malicious Code ◽

False Negatives ◽

Static Program Analysis ◽

Production Mode ◽

Injection Attacks ◽

Code Injection ◽

Novel Approaches

With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

Download Full-text

Web Sanitization from Malicious Code Injection Attacks

Advances in Intelligent Systems and Computing - International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018 ◽

10.1007/978-3-319-98776-7_27 ◽

2018 ◽

pp. 251-261

Author(s):

Hussein Alnabulsi ◽

Rafiqul Islam

Keyword(s):

Malicious Code ◽

Injection Attacks ◽

Code Injection

Download Full-text

Enlisting Hardware Architecture to Thwart Malicious Code Injection

Security in Pervasive Computing - Lecture Notes in Computer Science ◽

10.1007/978-3-540-39881-3_21 ◽

2004 ◽

pp. 237-252 ◽

Cited By ~ 14

Author(s):

Ruby B. Lee ◽

David K. Karig ◽

John P. McGregor ◽

Zhijie Shi

Keyword(s):

Malicious Code ◽

Hardware Architecture ◽

Code Injection

Download Full-text

CIDT: Detection of Malicious Code Injection Attacks on Web Application

International Journal of Computer Applications ◽

10.5120/8174-1493 ◽

2012 ◽

Vol 52 (2) ◽

pp. 19-26 ◽

Cited By ~ 7

Author(s):

Atul S.Choudhary ◽

M. L. Dhore

Keyword(s):

Web Application ◽

Malicious Code ◽

Injection Attacks ◽

Code Injection

Download Full-text

Deep Dive into Directory Traversal and File Inclusion Attacks leads to Privilege Escalation

International Journal of Scientific Research in Science Engineering and Technology ◽

10.32628/ijsrset218384 ◽

2021 ◽

pp. 115-120

Author(s):

Mrunalsinh Chawda ◽

Dr. Priyanka Sharma ◽

Mr. Jatin Patel

Keyword(s):

Web Application ◽

Web Server ◽

Malicious Code ◽

Web Servers ◽

Deep Dive ◽

User Input ◽

Code Injection ◽

Attack Path ◽

Local File ◽

The Web

In Modern Web application directory traversal vulnerability that can potentially allow an attacker to view arbitrary files and some sensitive files. They can exploit identified vulnerabilities or misconfigurations to obtain root privileges. When building the web application, ensure that some arbitrary file is not publicly available via the production server. when an attacker can include. Traversal vulnerabilities this vulnerability exploits the dynamic file include a mechanism that exists in programming frameworks a local file inclusion happens when uncontrolled user input such as form values or headers for example are used to construct a file include paths. By exploiting directory traversal attacks in web servers, they can do anything and with chaining with code injection they can upload a shell into a web server and perform a website defacement attack. Path-traversal attacks take advantage of vulnerable Website parameters by including a URL reference to remotely hosted malicious code, allowing remote code execution and leads to privilege escalation attack.

Download Full-text

The Analysis of HTTPS Privacy Protection Based on Malicious Code Injection

2020 IEEE 20th International Conference on Communication Technology (ICCT) ◽

10.1109/icct50939.2020.9295688 ◽

2020 ◽

Author(s):

Zeyan Liu ◽

Jianshan Pen

Keyword(s):

Privacy Protection ◽

Malicious Code ◽

Code Injection

Download Full-text

A Study on Detection of Small Size Malicious Code using Data Mining Method

Jouranl of Information and Security ◽

10.33778/kcsa.2019.19.1.011 ◽

2019 ◽

Vol 19 (1) ◽

pp. 11-17

Author(s):

Taek-Hyun Lee ◽

◽

Ho Kook Kwang

Keyword(s):

Data Mining ◽

Malicious Code ◽

Mining Method ◽

Data Mining Method ◽

Using Data

Download Full-text

Preventing SQL Code Injection by Combining Static and Runtime Analysis

10.21236/ada482932 ◽

2008 ◽

Author(s):

Alessandro Orso ◽

Wenke Lee ◽

Adam Shostack

Keyword(s):

Runtime Analysis ◽

Code Injection

Download Full-text

A Study of Malware Propagation Dynamics in Wireless Sensor Network using Spatially Correlated Security Model

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813999200613230323 ◽

2020 ◽

Vol 13 ◽

Author(s):

Satya Ranjan Biswal ◽

Santosh Kumar Swain

Keyword(s):

Wireless Sensor Network ◽

Sensor Network ◽

Wireless Network ◽

Spatial Correlation ◽

Malicious Code ◽

Wireless Sensor ◽

Epidemic Theory ◽

Malware Propagation ◽

Proposed Model ◽

Propagation Dynamics

: Security is one of the important concern in both types of the network. The network may be wired or wireless. In case of wireless network security provisioning is more difficult in comparison to wired network. Wireless Sensor Network (WSN) is also a type of wireless network. And due to resource constraints WSN is vulnerable against malware attacks. Initially, the malware (virus, worm, malicious code, etc.) targets a single node of WSN for attack. When a node of WSN gets infected then automatically start to spread in the network. If nodes are strongly correlated the malware spreads quickly in the network. On the other hand, if nodes are weakly correlated the speed of malware spread is slow. A mathematical model is proposed for the study of malware propagation dynamics in WSN with combination of spatial correlation and epidemic theory. This model is based on epidemic theory with spatial correlation. The proposed model is Susceptible-Exposed-Infectious-Recover-Dead (SEIRD) with spatial correlation. We deduced the expression of basic reproduction number. It helps in the study of malware propagation dynamics in WSN. The stability analysis of the network has been investigated through proposed model. This model also helps in reduction of redundant information and saving of sensor nodes’ energy in WSN. The theoretical investigation verified by simulation results. A spatial correlation based epidemic model has been formulated for the study of dynamic behaviour of malware attacks in WSN.

Download Full-text