loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Jennifer Bellizzi and Mark Vella

Affiliation: University of Malta, Malta

ISBN: 978-989-758-117-5

Keyword(s): Web Code-injections, Dynamic Binary Instrumentation, JIT Binary Modification.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention ; Network Security ; Reliability and Dependability ; Security Deployment ; Security in Information Systems ; Wireless Network Security

Abstract: Web applications constitute a prime target for attacks. A subset of these inject code into their targets, posing a threat to the entire hosting infrastructure rather than just to the compromised application. Existing web intrusion detection systems (IDS) are easily evaded when code payloads are obfuscated. Dynamic analysis in the form of instruction set emulation is a well-known answer to this problem, which however is a solution for off-line settings rather than the on-line IDS setting and cannot be used for all types of web attacks payloads. Host-based approaches provide an alternative, yet all of them impose runtime overheads. This work proposes just-in-time (JIT) binary modification complemented with payload-based heuristics for the provision of obfuscation-resistant web IDS at the network level. A number of case studies conducted with WeXpose, a prototype implementation of the technique, shows that JIT binary modification fits the on-line setting due to native instruction executi on, while also isolating harmful attack side-effects that consequentially become of concern. Avoidance of emulation makes the approach relevant to all types of payloads, while payload-based heuristics provide practicality. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.210.22.132

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Bellizzi, J. and Vella, M. (2015). WeXpose: Towards on-Line Dynamic Analysis of Web Attack Payloads using Just-In-Time Binary Modification.In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 5-15. DOI: 10.5220/0005502600050015

@conference{secrypt15,
author={Jennifer Bellizzi. and Mark Vella.},
title={WeXpose: Towards on-Line Dynamic Analysis of Web Attack Payloads using Just-In-Time Binary Modification},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={5-15},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005502600050015},
isbn={978-989-758-117-5},
}

TY - CONF

JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - WeXpose: Towards on-Line Dynamic Analysis of Web Attack Payloads using Just-In-Time Binary Modification
SN - 978-989-758-117-5
AU - Bellizzi, J.
AU - Vella, M.
PY - 2015
SP - 5
EP - 15
DO - 10.5220/0005502600050015

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.