Visible to the public Command Injection AttacksConflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Command Injection Attacks


Command or shell injection is one of the most critical vulnerabilities. To the Science of Security community, command injection attacks impact cyber physical systems and are related to composability, resiliency, and metrics. 

Tuan Phan Vuong, G. Loukas, D. Gan and A. Bezemskij, “Decision Tree-Based Detection of Denial of Service and Command Injection Attacks on Robotic Vehicles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, vol., no., pp. 1-6. doi:10.1109/WIFS.2015.7368559
Abstract: Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.
Keywords: control engineering computing; cyber-physical systems; decision trees; mobile robots; security of data; telerobotics; vehicles; attack behaviours; automobiles; command injection attacks; computer systems; cyber attacks; decision tree-based detection; denial of service attacks; detection rules; disk data; drones; false positive rate; intrusion detection systems; mobile cyber-physical systems; network traffic; physical input features; physical jittering; power consumption; security; small remote-controlled robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robot kinematics; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Intrusion detection; Mobile robots; Network security (ID#: 16-10402)


R. Johari and P. Sharma, “A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection,” Communication Systems and Network Technologies (CSNT), 2012 International Conference on, Rajkot, 2012, vol., no., pp. 453-458. doi:10.1109/CSNT.2012.104
Abstract: Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have been continuously targeted by highly motivated malicious users to acquire monetary gain. Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS) is perhaps one of the most common application layer attack technique used by attacker to deface the website, manipulate or delete the content through inputting unwanted command strings. Structured Query Language Injection Attacks (SQLIA) is ranked 1st in the Open Web Application Security Project (OWASP) [1] top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. In this paper, we present a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques. Besides presenting our findings from the survey, we also propose future expectations and possible development of countermeasures against Structured Query Language Injection attacks.
Keywords: SQL; Web sites; security of data; software performance evaluation; OWASP; SQL injection; SQLIA exploitation; Web application vulnerabilities; Web support; XSS exploitation; application layer attack technique; attack prevention techniques; content deletion; content manipulation; cross site scripting attack; information exchange; malicious users; monetary gain; open Web application security project; performance improvement; security engine; structured query language injection attacks; Analytical models; Browsers; Databases; Encryption; Peer to peer computing; Runtime; Servers; Authentication Bypass; Database Mapping etc; Dynamic Analysis; Input Validation; SQL Injection Attack; Static Analysis; Unauthorized Access; Web Vulnerabilities
(ID#: 16-10403)


A. Sadeghian, M. Zamani and A. A. Manaf, “A Taxonomy of SQL Injection Detection and Prevention Techniques,” Informatics and Creative Multimedia (ICICM), 2013 International Conference on, Kuala Lumpur, 2013, vol., no., pp. 53-56. doi:10.1109/ICICM.2013.18
Abstract: While using internet for proposing online services is increasing every day, security threats in the web also increased dramatically. One of the most serious and dangerous web application vulnerabilities is SQL injection. SQL injection attack took place by inserting a portion of malicious SQL query through a non-validated input from the user into the legitimate query statement. Consequently database management system will execute these commands and it leads to SQL injection. A successful SQL injection attack interfere Confidentiality, Integrity and availability of information in the database. Based on the statistical researches this type of attack had a high impact on business. Finding the proper solution to stop or mitigate the SQL injection is necessary. To address this problem security researchers introduce different techniques to develop secure codes, prevent SQL injection attacks and detect them. In this paper we present a comprehensive review of different types of SQL injection detection and prevention techniques. We criticize strengths and weaknesses of each technique. Such a structural classification would further help other researchers to choose the right technique for the further studies.
Keywords: Internet; SQL; query processing; security of data; SQL injection attacks; SQL injection detection technique; SQL injection prevention technique; database management system; legitimate query statement; malicious SQL query; statistical researches; structural classification; Browsers; Conferences; Context; Databases; Runtime; Security; Testing; Information security; SQL injection; Web application vulnerability (ID#: 16-10404)


Wei Gao, T. Morris, B. Reaves and D. Richey, “On SCADA Control System Command and Response Injection and Intrusion Detection,” eCrime Researchers Summit (eCrime), 2010, Dallas, TX, 2010, vol., no., pp. 1-9. doi:10.1109/ecrime.2010.5706699
Abstract: SCADA systems are widely used in critical infrastructure sectors, including electricity generation and distribution, oil and gas production and distribution, and water treatment and distribution. SCADA process control systems are typically isolated from the internet via firewalls. However, they may still be subject to illicit cyber penetrations and may be subject to cyber threats from disgruntled insiders. We have developed a set of command injection, data injection, and denial of service attacks which leverage the lack of authentication in many common control system communication protocols including MODBUS, DNP3, and EtherNET/IP. We used these exploits to aid in development of a neural network based intrusion detection system which monitors control system physical behavior to detect artifacts of command and response injection attacks. Finally, we present intrusion detection accuracy results for our neural network based IDS which includes input features derived from physical properties of the control system.
Keywords: SCADA systems; authorisation; computer crime; critical infrastructures; neural nets; DNP3; EtherNET/IP; Internet; MODBUS; control system communication protocol; critical infrastructure sector; cyber threat; data injection; denial of service attack; electricity generation; firewall; intrusion detection; neural network; oil and gas production; water distribution; water treatment; Chemicals; Ethernet networks; IP networks; Monitoring; Protocols; Registers; Security; SCADA control system; cyber security
(ID#: 16-10405)


N. Antunes, N. Laranjeiro, M. Vieira and H. Madeira, “Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services,” Services Computing, 2009. SCC ’09. IEEE International Conference on, Bangalore, 2009, vol., no., pp. 260-267. doi:10.1109/SCC.2009.23
Abstract: This paper proposes a new automatic approach for the detection of SQL Injection and XPath Injection vulnerabilities, two of the most common and most critical types of vulnerabilities in Web services. Although there are tools that allow testing Web applications against security vulnerabilities, previous research shows that the effectiveness of those tools in Web services environments is very poor. In our approach a representative workload is used to exercise the Web service and a large set of SQL/XPath injection attacks are applied to disclose vulnerabilities. Vulnerabilities are detected by comparing the structure of the SQL/XPath commands issued in the presence of attacks to the ones previously learned when running the workload in the absence of attacks. Experimental evaluation shows that our approach performs much better than known tools (including commercial ones), achieving extremely high detection coverage while maintaining the false positives rate very low.
Keywords: SQL; Web services; program testing; security of data; SQL injection vulnerabilities; Web services; XPath injection vulnerabilities; security vulnerabilities; Data security; Informatics; Pattern analysis; Performance analysis; Performance evaluation; Relational databases; Runtime; Stress; Testing (ID#: 16-10406)


A. Stasinopoulos, C. Ntantogian and C. Xenakis, “The Weakest Link on the Network: Exploiting ADSL Routers to Perform Cyber-Attacks,” Signal Processing and Information Technology(ISSPIT), 2013 IEEE International Symposium on, Athens, 2013, vol., no., pp. 000135-000139. doi:10.1109/ISSPIT.2013.6781868
Abstract: ADSL routers are an integral part of today’s home and small office networks. Typically, these devices are provided by a user’s ISP and are, usually, managed by people who do not have any special technical knowledge. Often poorly configured and vulnerable, such devices are an easy target for network-based attacks, allowing cyber-criminals to quickly and easily gain control over a network. In this paper, we systematically evaluate the security of ADSL routers and identify the potential of attacks, which attempt to compromise the vulnerabilities of their web interface. More specifically, we present common vulnerabilities and attacks that occur in websites on the Internet, and project them on the special characteristics of the web management interface of ADSL routers. To put this analysis into a practical context, we investigate the security of a popular ADSL router provided by a Greek ISP. In this security assessment, we have discovered two 0-day vulnerabilities in the web management interface of the tested router. In particular, we discovered an operating system (OS) command injection and stored Cross-Site Scripting (XSS) attack. A malicious may exploit these vulnerabilities to perform several large-scale attacks. Specifically, he/she can perform DNS hijacking attack and redirect the users to fake web sites for phishing; mount a Distributed Denial of Service (DDoS) attack using the compromised routers as zombie machines; or even spread a malware. Finally, we discuss some well-known security practices that should be followed from developers and users to enhance the security of ADSL routers.
Keywords: Internet; digital subscriber lines; telecommunication network routing; telecommunication security; ADSL router security; DDoS attack; DNS hijacking attack; Greek ISP; Internet service providers; OS command injection; Web interface; Web management interface; Web sites; XSS attack; asymmetric digital subscriber line; cross-site scripting attack; cyber-attacks; distributed denial-of-service attack; home networks; malware; network-based attacks; operating system; security assessment; security practices; small office networks; zombie machines; Broadband communication; Chaos; Operating systems; Testing; ADSL routers; DNS hijacking; XSS; command injection; phishing; web interface vulnerabilities (ID#: 16-10407)


J. M. Beaver, R. C. Borges-Hink and M. A. Buckner, “An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications,” Machine Learning and Applications (ICMLA), 2013 12th International Conference on, Miami, FL, 2013, vol., no., pp. 54-59. doi:10.1109/ICMLA.2013.105
Abstract: Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems have been designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in a critical infrastructure setting are monitored, and vetted against examples of benign and malicious command traffic, in order to identify potential attack events. Multiple learning methods are evaluated using a dataset of Remote Terminal Unit communications, which included both normal operations and instances of command and data injection attack scenarios.
Keywords: SCADA systems; computer network security; critical infrastructures; industrial control; learning (artificial intelligence); open systems; command and control communication; critical infrastructure monitoring; critical infrastructure systems; cyber security domain; data injection attack; machine learning method; malicious SCADA communication detection; network intrusion detection system; open standards; open systems; potential attack event identification; remote terminal unit communication; security threat potential; supervisory control and data acquisition; Intrusion detection; Learning systems; Machine learning algorithms; Pipelines; Telemetry; SCADA; critical infrastructure protection; intrusion detection; machine learning; network (ID#: 16-10408)


Pang Zhonghua, Hou Fangyuan, Zhou Yuguo and Sun Dehui, “False Data Injection Attacks for Output Tracking Control Systems,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, vol., no., pp. 6747-6752. doi:10.1109/ChiCC.2015.7260704
Abstract: Cyber-physical systems (CPSs) have been gaining popularity with their high potential in widespread applications, and the security of CPSs becomes a rigorous problem. In this paper, an output track control (OTC) method is designed for discrete-time linear time-invariant Gaussian systems. The output tracking error is regarded as an additional state, Kalman filter-based incremental state observer and LQG-based augmented state feedback control strategy are designed, and Euclidean-based detector is used for detecting the false data injection attacks. Stealthy false data attacks which can completely disrupt the normal operation of the OTC systems without being detected are injected into the sensor measurements and control commands, respectively. Three kinds of numerical examples are employed to illustrate the effectiveness of the designed false data injection attacks.
Keywords: Gaussian processes; discrete time systems; linear systems; observers; security of data; sensors; state feedback; CPS security; Euclidean-based detector; Kalman filter-based incremental state observer; LQG-based augmented state feedback control strategy; OTC method; OTC systems; cyber-physical systems; discrete-time linear time-invariant Gaussian systems; false data injection attacks; output track control method; output tracking control systems; output tracking error; sensor measurements; Detectors; Kalman filters; Robot sensing systems; Security; State estimation; State feedback; Cyber-physical systems; Kalman filter; output tracking control (ID#: 16-10409)


R. Borgaonkar, “An Analysis of the Asprox Botnet,” Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on, Venice, 2010, vol., no., pp. 148-153. doi:10.1109/SECURWARE.2010.32
Abstract: The presence of large pools of compromised computers, also known as botnets, or zombie armies, represents a very serious threat to Internet security. This paper describes the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines the two threat vectors of forming a botnet and of generating SQL injection attacks. The main features of the Asprox botnet are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service networks, use of SQL injection attacks for recruiting new bots and social engineering tricks to spread malware binaries. The objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern botnet designs in general. This knowledge can be used to develop more effective methods for detecting botnets, and stopping the spreading of botnets on the Internet.
Keywords: Internet; SQL; invasive software; Asprox botnet analysis; HTTP based communication; Internet security threat; SQL injection attack; advanced bot architecture; bot recruitment; botnet detection; double fast-flux service network; malware binary spreading; social engineering; zombie armies; Computer architecture; Computers; IP networks; Malware; Protocols; Servers; Asprox; Bot; Botnet; Fast-flux networks; Malware; SQL injection (ID#: 16-10410)


Y. O. Basciftci and F. Ozguner, “Trust Aware Particle Filters for Autonomous Vehicles,” Vehicular Electronics and Safety (ICVES), 2012 IEEE International Conference on, Istanbul, 2012, vol., no., pp. 50-54. doi:10.1109/ICVES.2012.6294259
Abstract: Cyber-Physical Systems have been widely employed in safety critical applications including intelligent highways, autonomous vehicles and robotic systems. State estimation is crucial for Cyber-Physical Systems because control commands that are sent to physical systems depend on the estimated states. The particle filter is a good candidate for state estimation due to its applicability to nonlinear and/or non-Gaussian dynamic systems. However, classical particle filters are not robust against false data injection from sensors compromised by attackers. In this paper, we propose a novel particle filter algorithm, trust aware particle filter, that is robust to false data injection attacks. We develop a framework in which a state estimator assigns trust values to sensors based on the measurements and we utilize the trust values in the state estimation. Simulation results demonstrate the robustness of the trust aware particle filter in the presence of false data injection attacks.
Keywords: mobile robots; nonlinear dynamical systems; particle filtering (numerical methods); sensors; state estimation; autonomous vehicles; cyber-physical systems; false data injection attacks; intelligent highways; nonGaussian dynamic systems; nonlinear dynamic systems; robotic systems; safety critical applications; trust aware particle filters; trust values; Atmospheric measurements; Noise; Particle measurements; Robustness; Sensor fusion; State estimation (ID#: 16-10411)


V. S. Randhe, A. B. Chougule and D. Mukhopadhyay, “Reverse Proxy Framework Using Sanitization Technique for Intrusion Prevention in Database,” Computational Intelligence and Information Technology, 2013. CIIT 2013. Third International Conference on, Mumbai, 2013, vol., no., pp. 200-208. doi:10.1049/cp.2013.2592
Abstract: With the increasing importance of the internet in our day-to-day life, data security in web application has become very crucial. Ever increasing online and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital details. Hence the real-time transaction requires security against web based attacks. SQL injection and cross site scripting attack are the most common application layer attack. The SQL injection attacker pass SQL statement through a web application’s input fields, URL or hidden parameters and get access to the database or update it. The attacker take a benefit from user provided data in such a way that the user’s input is handled as a SQL code. Using this vulnerability an attacker can execute SQL commands directly on the database. SQL injection attacks are most serious threats which take user’s input and integrate it into SQL query. Reverse Proxy is a technique which is used to sanitize the users’ inputs that may transform into a database attack. In this technique a data redirector program redirects the user’s input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. In this framework we include detection and sanitization of the tainted information being sent to the database and innovate a new prototype.
Keywords: Internet; SQL; database management systems; query processing; security of data; SQL code; SQL injection attacker; SQL query; SQL statement; URL; Web application; Web based attacks; application layer attack; confidential information; cross site scripting attack; data redirector program; data security; database attack; database security; illegal approaches; intrusion prevention; proxy server; real-time transaction; reverse proxy framework; sanitization technique; transaction services; unauthorized approaches; Cross Site Scripting Attack; Data Sanitization; Database Security; SQL Attack; SQL Injection; Security Threats
(ID#: 16-10412)


N. Laranjeiro, M. Vieira and H. Madeira, “A Learning-Based Approach to Secure Web Services from SQL/XPath Injection Attacks,” Dependable Computing (PRDC), 2010 IEEE 16th Pacific Rim International Symposium on, Tokyo, 2010, vol., no., pp. 191-198. doi:10.1109/PRDC.2010.24
Abstract: Business critical applications are increasingly being deployed as web services that access database systems, and must provide secure operations to its clients. Although the open web environment emphasizes the need for security, several studies show that web services are still being deployed with command injection vulnerabilities. This paper proposes a learning-based approach to secure web services against SQL and XPath Injection attacks. Our approach is able to transparently learn valid request patterns (learning phase) and then detect and abort potentially harmful requests (protection phase). When it is not possible to have a complete learning phase, a set of heuristics can be used to accept/discard doubtful cases. Our mechanism was applied to secure TPC-App services and open source services. It showed to be extremely effective in stopping all tested attacks, while introducing a negligible performance impact.
Keywords: SQL; Web services; business data processing; learning (artificial intelligence); relational databases; security of data; SQL/XPath injection attacks; business critical applications; database systems; learning-based approach; secure Web services; SQL/ XPath Injection; code instrumentation; security; vulnerabilities (ID#: 16-10413)


C. C. Kulkarni and S. A. Kulkarni, “Human Agent Knowledge Transfer Applied to Web Security,” Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on, Tiruchengode, 2013, vol., no., pp. 1-4. doi:10.1109/ICCCNT.2013.6726770
Abstract: Web Applications today rely heavily on database for storage of information & processing of the same. In the same time plenty of threats & security attacks are being launched against web - applications that are aimed to inject commands and gain unauthorized access to the sensitive information from the back-end database. Plenty of attacks exploit vulnerabilities of web-based applications, with majority because of input validation flaws. If the input provided by user is not sanitized correctly, then it is easily possible to launch variety of attacks that force web-based applications to compromise the security of back-end databases. In this work we propose a novel approach for detecting the SQL Injection attacks by applying TD machine learning technique. In this approach first the SQL query is compared with KB and if the query matches KB then it is a genuine query and database access is given. But in case of SQLIA queries, they are subjected to tokenization and then SQL query analysis is performed. A model based RL using TD learning is developed to distinguish between genuine & SQLIA queries. In the model, if the query traverses the path & reaches final state with higher rewards then it is termed as a SQLIA query.
Keywords: Internet; SQL; learning (artificial intelligence); security of data; software agents; SQL injection attacks; SQL query analysis; SQLIA queries; TD machine learning; Web applications; Web security; back-end databases; database access; genuine query; human agent knowledge transfer; model based RL; query traverses; security attacks; sensitive information; tokenization; Computer hacking; Databases; Games; Grippers; Intrusion detection; Testing; HAT; Reinforcement Learning; SQLIA; TD Learning (ID#: 16-10414)


Yang Zhong, H. Asakura, H. Takakura and Y. Oshima, “Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, vol., no., pp. 525-532. doi:10.1109/COMPSAC.2015.73
Abstract: Web attacks that exploit vulnerabilities of web applications are still major problems. The number of attacks that maliciously manipulate parameters of web applications such as SQL injections and command injections is increasing nowadays. Anomaly detection is effective for detecting these attacks, particularly in the case of unknown attacks. However, existing anomaly detection methods often raise false alarms with normal requests whose parameters differ slightly from those of learning data because they perform strict feature matching between characters appeared as parameter values and those of normal profiles. We propose a novel anomaly detection method using the abstract structure of parameter values as features of normal profiles in this paper. The results of experiments show that our approach reduced the false positive rate more than existing methods with a comparable detection rate.
Keywords: Internet; security of data; SQL injections; Web application parameters; Web attacks; anomaly detection; character class sequences; command injections; malicious input detection; Accuracy; Electronic mail; Feature extraction; Payloads; Servers; Training; Training data; Anomaly detection; Attack detection; HTTP; Web application (ID#: 16-10415)


Anh Nguyen-Tuong et al., “To B or not to B: Blessing OS Commands with Software DNA Shotgun Sequencing,” Dependable Computing Conference (EDCC), 2014 Tenth European, Newcastle, 2014, vol., no., pp. 238-249. doi:10.1109/EDCC.2014.13
Abstract: We introduce Software DNA Shotgun Sequencing (S3), a novel, biologically-inspired approach to combat OS Injection Attacks, the #2 most dangerous software error as identified by MITRE. To thwart such attacks, researchers have advocated various forms of taint-tracking techniques. Despite promising results, e.g., few missed attacks and few false alarms, taint-tracking has not seen widespread adoption. Impediments to adoption include high overhead and difficulty of deployment. S3 is based on a novel technique: positive taint inference which dynamically reassembles string fragments from a binary to infer blessed, i.e. trusted, parts of an OS command. S3 incurs negligible performance overhead and is easy to deploy as it operates directly on binary programs.
Keywords: DNA; biology computing; operating systems (computers); security of data; binary programs; biologically inspired approach; blessing OS commands; combat OS injection attacks; operating system; software DNA shotgun sequencing; software error; taint tracking techniques; Computer architecture; Operating systems; Security; Sequential analysis; Servers; command injection; injection; security; taint inference; taint tracking (ID#: 16-10416)


Tuan Phan Vuong, G. Loukas and D. Gan, “Performance Evaluation of Cyber-Physical Intrusion Detection on a Robotic Vehicle,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, vol., no., pp. 2106-2113. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.313
Abstract: Intrusion detection systems designed for conventional computer systems and networks are not necessarily suitable for mobile cyber-physical systems, such as robots, drones and automobiles. They tend to be geared towards attacks of different nature and do not take into account mobility, energy consumption and other physical aspects that are vital to a mobile cyber-physical system. We have developed a decision tree-based method for detecting cyber attacks on a small-scale robotic vehicle using both cyber and physical features that can be measured by its on-board systems and processes. We evaluate it experimentally against a variety of scenarios involving denial of service, command injection and two types of malware attacks. We observe that the addition of physical features noticeably improves the detection accuracy for two of the four attack types and reduces the detection latency for all four.
Keywords: decision trees; invasive software; mobile robots; remotely operated vehicles; telecommunication security; account mobility; command injection; computer networks; computer systems; cyber attack detection; cyber features; cyber-physical intrusion detection systems; decision tree-based method; energy consumption; malware attacks; mobile cyber-physical systems; performance evaluation; physical features; small-scale robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robots; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Detection Latency; Intrusion detection; Malware; Mobile robots; Network security (ID#: 16-10417)


B. Zekan, M. Shtern and V. Tzerpos, “Protecting Web Applications via Unicode Extension,” Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on, Montreal, QC, 2015, vol., no., pp. 419-428. doi:10.1109/SANER.2015.7081852
Abstract: Protecting web applications against security attacks, such as command injection, is an issue that has been attracting increasing attention as such attacks are becoming more prevalent. Taint tracking is an approach that achieves protection while offering significant maintenance benefits when implemented at the language library level. This allows the transparent re-engineering of legacy web applications without the need to modify their source code. Such an approach can be implemented at either the string or the character level.
Keywords: program debugging; security of data; software maintenance; command injection; language library level; legacy Web application; maintenance benefit; security attack; taint tracking; unicode extension; Databases; Java; Operating systems; Prototypes; Security; Servers (ID#: 16-10418)


Y. Kosuga, K. Kono, M. Hanaoka, M. Hishiyama and Y. Takahama, “Sania: Syntactic and Semantic Analysis for Automated Testing Against SQL Injection,” Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, Miami Beach, FL, 2007, vol., no., pp. 107-117. doi:10.1109/ACSAC.2007.20
Abstract: With the recent rapid increase in interactive Web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML Web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in Web applications during the development and debugging phases. Sania intercepts the SQL queries between a Web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world Web applications and found that our solution is efficient in comparison with a popular Web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.
Keywords: Internet; SQL; program debugging; program diagnostics; program testing; query processing; security of data; trees (mathematics); HTML Web pages; SQL injection attack; SQL queries; Sania; automated testing; back-end database services; interactive Web applications; parse trees; security threat; semantic analysis; syntactic analysis; system debugging; system development; Application software; Authentication; Automatic testing; Computer science; Computer security; Data security; Debugging; HTML; Information analysis; Relational databases (ID#: 16-10419)


M. Knysz, X. Hu, Y. Zeng and K. G. Shin, “Open WiFi networks: Lethal Weapons for Botnets?,” INFOCOM, 2012 Proceedings IEEE, Orlando, FL, 2012, vol., no., pp. 2631-2635. doi:10.1109/INFCOM.2012.6195668
Abstract: This paper assesses the potential for highly mobile botnets to communicate and perform nefarious actions using only open WiFi networks, which we term mobile WiFi botnets. We design and evaluate a proof-of-concept mobile WiFi botnet using real-world mobility traces and actual open WiFi network locations for the urban environment of San Francisco. Our extensive simulation results demonstrate that mobile WiFi botnets can support rapid command propagation, with commands typically reaching over 75% of the botnet only 2 hours after injection-sometimes, within as little as 30 minutes. Moreover, those bots able to receive commands usually have ≈40-50% probability of being able to do so within a minute of the command being issued. Our evaluation results also indicate that even a small mobile WiFi botnet of only 536 bots can launch an effective DDoS attack against poorly protected systems. Furthermore, mobile WiFi botnet traffic is sufficiently distributed across multiple open WiFi networks—with no single network being over-utilized at any given moment—to make detection difficult.
Keywords: computer network security; mobile computing; telecommunication traffic; wireless LAN; actual open WiFi network locations; effective DDoS attack; lethal weapons; mobile WiFi botnet traffic; proof-of-concept mobile WiFi botnet; rapid command propagation; real-world mobility traces; Computer crime; IEEE 802.11 Standards; Mobile communication; Mobile computing; Mobile handsets; Protocols; Servers (ID#: 16-10420)


D. Arora, A. Verigin, T. Godkin and S. W. Neville, “Statistical Assessment of Sybil-Placement Strategies within DHT-Structured Peer-to-Peer Botnets,” Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on, Victoria, BC, 2014, vol., no., pp. 821-828. doi:10.1109/AINA.2014.100
Abstract: Botnets are a well recognized global cyber-security threat as they enable attack communities to command large collections of compromised computers (bots) on-demand. Peer to-peer (P2P) distributed hash tables (DHT) have become particularly attractive botnet command and control (C & C) solutions due to the high level resiliency gained via the diffused random graph overlays they produce. The injection of Sybils, computers pretending to be valid bots, remains a key defensive strategy against DHT-structured P2P botnets. This research uses packet level network simulations to explore the relative merits of random, informed, and partially informed Sybil placement strategies. It is shown that random placements perform nearly as effectively as the tested more informed strategies, which require higher levels of inter-defender co-ordination. Moreover, it is shown that aspects of the DHT-structured P2P botnets behave as statistically nonergodic processes, when viewed from the perspective of stochastic processes. This suggests that although optimal Sybil placement strategies appear to exist they would need carefully tuning to each specific P2P botnet instance.
Keywords: command and control systems; computer network security; invasive software; peer-to-peer computing; statistical analysis; stochastic processes; C&C solutions; DHT-structured P2P botnets; DHT-structured peer-to-peer botnets; Sybil placement strategy statistical assessment; botnet command and control solution; compromised computer on-demand collections; cyber security threat; diffused random graph; interdefender coordination; packet level network simulation; peer-to-peer distributed hash tables; stochastic process; Computational modeling; Computers; Internet; Network topology; Peer-to-peer computing; Routing; Topology (ID#: 16-10421)


P. Sripairojthikoon and T. Senivongse, “Concept-Based Readability of Web Services Descriptions,” Advanced Communication Technology (ICACT), 2013 15th International Conference on, PyeongChang, 2013, vol., no., pp. 853-858.  doi: (not provided)
Abstract: Web Services is a technology for building distributed software applications that are built upon a set of information and communication standards. Among those standards is the Web Services Description Language (WSDL) which is an XML-based language for describing service descriptions. Service providers will publish WSDL documents of their Web services so that service consumers can learn about service capability and how to interface with the services. Since WSDL documents are the primary source of service information, readability of WSDL documents is of concern to service providers, i.e. service descriptions should be understood with ease by service consumers. Providing highly readable service descriptions can then be used as a strategy to attract service consumers. However, given highly readable information in the WSDL documents, competitors are able to learn know-how and can copy the design to offer competing services. Security attacks such as information espionage, client impersonation, command injection, and denial of service are also possible since attackers can learn about exchanged data and invocation patterns from WSDL documents. While readability of service descriptions makes Web services discoverable, it contributes to service vulnerability too. Service designers therefore should consider this trade-off when designing service descriptions. Currently there is no readability measurement for WSDL documents. We propose an approach to such measurement so that service designers can determine if readability is too low or too high with regard to service discoverability, service imitation, and service attack issues, and then can consider increasing or lowering service description readability accordingly. Our readability measurement is based on the concepts or terms in service domain knowledge. Given a WSDL document as a service description, readability is defined in terms of the use of difficult words in the description and the use of words that are key concepts in the service domain. As an example, we measure readability of the WSDL document of public Web services, and outline a method to lower or increase readability.
Keywords: Web services; XML; security of data; WSDL documents; Web services description language; XML-based language; client impersonation; command injection; concept-based readability; denial of service; distributed software applications; information espionage; readability measurement; security attacks; service capability; service domain knowledge; Mobile communication; Ontologies; Concept Hierarchy; Ontology; Readability; WSDL; Web Services (ID#: 16-10422)


P. Sripairojthikoon and T. Senivongse, “Concept-Based Readability Measurement and Adjustment for Web Services Descriptions,” Advanced Communication Technology (ICACT), 2014 16th International Conference on, Pyeongchang, 2014, vol., no., pp. 378-388. doi:10.1109/ICACT.2014.6779196
Abstract: Web Services is a technology for building distributed software applications that are built upon a set of information and communication standards. Among those standards is the Web Services Description Language (WSDL) which is an XML-based language for describing service descriptions. Service providers will publish WSDL documents of their Web services so that service consumers can learn about service capability and how to interface with the services. Since WSDL documents are the primary source of service information, readability of WSDL documents is of concern to service providers, i.e., service descriptions should be understood with ease by service consumers. Providing highly readable service descriptions can then be used as a strategy to attract service consumers. However, given highly readable information in the WSDL documents, competitors are able to learn know-how and can copy the design to offer competing services. Security attacks such as information espionage, client impersonation, command injection, and denial of service are also possible since attackers can learn about exchanged data and invocation patterns from WSDL documents. While readability of service descriptions makes Web services discoverable, it contributes to service vulnerability too. Service designers therefore should consider this trade-off when designing service descriptions. Currently there is no readability measurement for WSDL documents. We propose an approach to such measurement so that service designers can determine if readability is too low or too high with regard to service discoverability, service imitation, and service attack issues, and then can consider increasing or lowering service description readability accordingly. Our readability measurement is based on the concepts or terms in service domain knowledge. Given a WSDL document as a service description, readability is defined in terms of the use of difficult words in the description and the use of words that are key concepts in the service domain. As an example, we measure readability of the WSDL document of E-commerce Web services, and experiment on redesigning of WSDL terms to adjust readability.
Keywords: Web services; XML; electronic data interchange; security of data; specification languages; WSDL documents; Web Services Description Language; Web services descriptions; XML-based language; client impersonation; command injection; communication standards; concept-based readability measurement; denial of service; distributed software applications; exchanged data; information espionage; information standards; invocation patterns; security attacks; service attack; service capability; service consumers; service description readability; service discoverability; service domain knowledge; service imitation; service information; service providers; service vulnerability; Current measurement; Indexes; Materials; Ontologies; Web pages; Web services; Concept Hierarchy; Ontology; Readability; Web Services (ID#: 16-10423)


A. Kumar and K. Reddy, “Constructing Secure Web Applications with Proper Data Validations,” Recent Advances and Innovations in Engineering (ICRAIE), 2014, Jaipur, 2014, vol., no., pp. 1-5. doi:10.1109/ICRAIE.2014.6909304
Abstract: With the advent of World Wide Web, information sharing through internet increased drastically. So web applications security is today’s most significant battlefield between attackers and resources of web service. It is likely to remain so for the foreseeable future. By considering recent attacks it has been found that major attacks in Web Applications have been carried out even when system having most significant network level security. Poor input validation mechanisms that using in Web Applications shall causes to launching vulnerable web applications, which easy to exploit easy in future stages. Critical Web Application Vulnerabilities like Cross Site Scripting (XSS) and Injections (SQL, PHP, LDAP, SSL, XML, Command, and Code) are happen because of base level Validations, and it is enough to update system in unauthorized way or may be causes to exploit the system. In this paper we present those issues in data validations strategies, to avoid deployment of vulnerable web applications.
Keywords: Internet; computer network security; critical web application vulnerabilities; cross site scripting; data validations; injections; secure Web applications; Computational modeling; HTML; XML; injection; security; validation; vulnerability; xss
(ID#: 16-10424)


M. D. Penta, L. Cerulo and L. Aversano, “The Evolution and Decay of Statically Detected Source Code Vulnerabilities,” Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on, Beijing, 2008, vol., no.,
pp. 101-110. doi:10.1109/SCAM.2008.20
Abstract: The presence of vulnerable statements in the source code is a crucial problem for maintainers: properly monitoring and, if necessary, removing them is highly desirable to ensure high security and reliability. To this aim, a number of static analysis tools have been developed to detect the presence of instructions that can be subject to vulnerability attacks, ranging from buffer overflow exploitations to command injection and cross-site scripting. Based on the availability of existing tools and of data extracted from software repositories, this paper reports an empirical study on the evolution of vulnerable statements detected in three software systems with different static analysis tools. Specifically, the study investigates on vulnerability evolution trends and on the decay time exhibited by different kinds of vulnerabilities.
Keywords: buffer storage; program diagnostics; security of data; software reliability; software tools; buffer overflow exploitations; command injection; cross-site scripting; software repository; software systems; static analysis tools; statically detected source code vulnerability; vulnerability attacks; vulnerable statements; Application software; Availability; Buffer overflow; Data analysis; Maintenance engineering; Pattern analysis; Performance analysis; Protection; Security; Software tools; empirical study; mining software repositories; software vulnerabilities (ID#: 16-10425)


C. Kasmi and J. Lopes Esteves, “IEMI Threats for Information Security: Remote Command Injection on Modern Smartphones,” in IEEE Transactions on Electromagnetic Compatibility, vol. 57, no. 6, pp. 1752-1755, Dec. 2015. doi:10.1109/TEMC.2015.2463089
Abstract: Numerous papers dealing with the analysis of electromagnetic attacks against critical electronic devices have been made publicly available. In this paper, we exploit the principle of front-door coupling on smartphones headphone cables with specific electromagnetic waveforms. We present a smart use of intentional electromagnetic interference, resulting in finer impacts on an information system than a classical denial of service effect. As an outcome, we introduce a new silent remote voice command injection technique on modern smartphones.
Keywords: radiofrequency interference; security of data; smart phones; IEMI threats; critical electronic device; electromagnetic attack; electromagnetic waveforms; front door coupling; information security; intentional electromagnetic interference; remote command injection; smart phones headphone cables; Computers; Frequency modulation; Hardware; Headphones; Microphones; Security; Smart phones; Electronic warfare; information security (ID#: 16-10426)


J. J. Farris and D. M. Nicol, “Evaluation of Secure Peer-to-Peer Overlay Routing for Survivable SCADA Systems,” Simulation Conference, 2004. Proceedings of the 2004 Winter, 2004, vol., no., pp. 308. doi:10.1109/WSC.2004.1371330
Abstract: Supervisory control and data acquisition (SCADA) systems gather and analyze data for real-time control. SCADA systems are used extensively, in applications such as electrical power distribution, telecommunications, and energy refining. SCADA systems are obvious targets for cyber-attacks that would seek to disrupt the physical complexities governed by a SCADA system. This paper uses a discrete-event simulation to begin to investigate the characteristics of one potential means of hardening SCADA systems against a cyber-attack. When it appears that real-time message delivery constraints are not being met (due, for example, to a denial of service attack), a peer-to-peer overlay network is used to route message floods in an effort to ensure delivery. The SCADA system and peer-to-peer nodes all use strong hardware-based authentication techniques to prevent injection of false data or commands, and to harden the routing overlay. Our simulations help to quantify the anticipated tradeoffs of message survivability and latency minimization.
Keywords: SCADA systems; discrete event simulation; message authentication; peer-to-peer computing; real-time systems; telecommunication control; telecommunication network routing; telecommunication security; cyber-attack; data acquisition; discrete-event simulation; electrical power distribution; energy refining; hardware-based authentication technique; latency minimization; message survivability; real-time control; real-time message delivery constraint; secure peer-to-peer overlay routing; supervisory control; survivable SCADA system; telecommunication; Computer crime; Control systems; Data analysis; Discrete event simulation; Peer to peer computing; Power distribution; Real time systems; Routing; Telecommunication control (ID#: 16-10427)


K. Yoshioka, Y. Hosobuchi, T. Orii and T. Matsumoto, “Vulnerability in Public Malware Sandbox Analysis Systems,” Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on, Seoul, 2010, vol., no., pp. 265-268. doi:10.1109/SAINT.2010.16
Abstract: The use of Public Malware Sandbox Analysis Systems (public MSASs) which receives online submissions of possibly malicious executables from an arbitrary user, analyzes their behavior by executing them in a testing environment (i.e., a sandbox), and sends analysis reports back to the user, have increased in popularity. In such systems, the sandbox for analysis is often connected to the Internet as modern malware communicate with remote hosts for various reasons, such as receiving command and control (C&C) messages and files for updates. However, connecting the sandbox to these hosts involves a risk that the analysis activities may be detected and disturbed by the attackers who control them. In this paper, we discuss the issue of sandbox detection in the case of public MSASs. Namely, we point out that the IP address of an Internet-connected sandbox can be easily disclosed by an attacker who submits a decoy sample dedicated to this purpose. The disclosed address can then be shared among attackers, blacklisted, and used against the analysis system, for example, to conceal potential malicious behavior of malware. We have termed such an attack Decoy Sample Injection (DSI). We conducted a case study with nine existing public MSASs and found that six utilized Internet-connected sandboxes with very few IP addresses and were therefore vulnerable to DSI. In addition, it was revealed that certain background analysis activities of these systems can be revealed by the attack. Finally, we discuss the mitigation of DSI by dynamic IP address acquisition.
Keywords: Internet; invasive software; Internet-connected sandbox; decoy sample; decoy sample injection attack; public malware sandbox analysis systems; sandbox detection; Conferences; IP networks; Malware; Servers; Surveillance; Web sites; Malware sandbox analysis; Sandbox detection (ID#: 16-10428)


Lei Yang and Fengjun Li, “Detecting False Data Injection in Smart Grid In-Network Aggregation,” Smart Grid Communications (SmartGridComm), 2013 IEEE International Conference on, Vancouver, BC, 2013, vol., no., pp. 408-413. doi:10.1109/SmartGridComm.2013.6687992
Abstract: The core of the smart grid relies on the ability of transmitting realtime metering data and control commands efficiently and reliably. Secure in-network data aggregation approaches have been introduced to fulfill the goal in smart grid neighborhood area networks (NANs) by aggregating the data on-the-fly via intermediate meters. To protect users’ privacy from being learnt from the fine-grained consumption data by the utilities or other third-party services, homomorphic encryption schemes have been adopted. Hence, intermediate smart meters participate in the aggregation without seeing any individual reading, nor intermediate or final aggregation results. However, the malleable property of homomorphic encryption operations makes it difficult to identify misbehaving meters from which false data can be injected through accidental errors or malicious attacks. In this paper, we propose an efficient anomaly detection scheme based on dynamic grouping and data re-encryption, which is compatible with existing secure in-network aggregation schemes, to detect falsified data injected by malfunctioning and malicious meters.
Keywords: computer network security; computerised instrumentation; cryptography; power engineering computing; smart meters; smart power grids; NAN; anomaly detection; control command; data reencryption; dynamic grouping; false data injection; homomorphic encryption; real-time metering data; secure in-network aggregation; secure in-network data aggregation; smart grid in-network aggregation; smart grid neighborhood area network; smart meter; third party service; Data privacy; Detectors; Encryption; Kernel; Smart grids; Wireless sensor networks (ID#: 16-10429)


Jun Guo, Liji Wu, Xiangming Zhang and XiangYu Li, “Design and Implementation of a Fault Attack Platform for Smart IC Card,” Computational Intelligence and Security (CIS), 2012 Eighth International Conference on, Guangzhou, 2012, vol., no.,
pp. 653-656. doi:10.1109/CIS.2012.150
Abstract: Fault attack is a kind of attack that the attacker injects faults into the hardware and the secret key is likely to be revealed. The paper will describe a fault attack platform for smart card. This platform includes PC terminal serial console software, smart card interface circuits, and smart card reader fault attack circuits. Then the fault platform could communicate with the contact smart card or the smart card reader by complying with the protocol of ISO/IEC 7816. Using this fault platform, we can inject any glitches on power and clock when the smart card is running the encryption command. And then the fault attack platform can send wrong cipher text to the PC terminal console software through by serial port. We can analyze the fault data by MATLAB or software programming to crack the key of the smart card. So, the security of smart card could be verified. The glitch of voltage range could be from 0v to 5v. And the scope of clock frequency can be from 1HZ to 50 MHZ.
Keywords: cryptographic protocols; data analysis; peripheral interfaces; smart cards; software fault tolerance; ISO/IEC 7816 protocol; MATLAB; PC terminal serial console software; ciphertext; encryption command; fault attack platform design; fault data analysis; fault injection; secret key; serial port; smart IC card; smart card interface circuits; smart card reader fault attack circuits; smart card security verification; software programming; voltage range; Circuit faults; Clocks; Encryption; Field programmable gate arrays; Smart cards; Software; ISO/IEC 7816; fault attack platform; smart card (ID#: 16-10430)


L. Lu, S. Huang and Z. Ren, “A Weakness-Based Attack Pattern Modeling and Relational Analysis Method,” Computational Science and Engineering (CSE), 2014 IEEE 17th International Conference on, Chengdu, 2014, vol., no., pp. 1024-1028. doi:10.1109/CSE.2014.203
Abstract: With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness’s specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.
Keywords: Internet; Petri nets; data analysis; pattern classification; security of data; Web application security; Web information; colored Petri net; combination analysis method; relational analysis method; security testing; software security weakness study pattern; weakness-based attack pattern modeling; Analytical models; Educational institutions; Finite element analysis; Image color analysis; ecurity; Software; Testing; Attack Pattern; Colored Petri Net; attack injection; attack net; software security testing
(ID#: 16-10431)


N. Antunes and M. Vieira, “Penetration Testing for Web Services,” in Computer, vol. 47, no. 2, pp. 30-36, Feb. 2014. doi:10.1109/MC.2013.409
Abstract: Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance. The Web extra at is an audio interview in which authors Nuno Antunes and Marco Vieira describe how their analysis of popular testing tools revealed significant performance failures and provided important insights for future improvement.
Keywords: Web services; program testing; safety-critical software; security of data; commercially available automated tools; critical software security faults; malicious attack; penetration testing; Computer security; Computer viruses; Runtime; Simple object access protocol; Software testing; Web and internet services; SQL injection; Web security scanners; Web services; code vulnerabilities; command injection; vulnerability detection (ID#: 16-10432)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.