KMPS: A Hybrid Algorithm to Detect Web Application Vulnerabilities
Komal 1 , S. Deswal2
Section:Research Paper, Product Type: Journal Paper
Volume-6 ,
Issue-6 , Page no. 945-949, Jun-2018
CrossRef-DOI: https://doi.org/10.26438/ijcse/v6i6.945949
Online published on Jun 30, 2018
Copyright © Komal, S. Deswal . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
View this paper at Google Scholar | DPI Digital Library
How to Cite this Paper
- IEEE Citation
- MLA Citation
- APA Citation
- BibTex Citation
- RIS Citation
IEEE Style Citation: Komal, S. Deswal, “KMPS: A Hybrid Algorithm to Detect Web Application Vulnerabilities,” International Journal of Computer Sciences and Engineering, Vol.6, Issue.6, pp.945-949, 2018.
MLA Style Citation: Komal, S. Deswal "KMPS: A Hybrid Algorithm to Detect Web Application Vulnerabilities." International Journal of Computer Sciences and Engineering 6.6 (2018): 945-949.
APA Style Citation: Komal, S. Deswal, (2018). KMPS: A Hybrid Algorithm to Detect Web Application Vulnerabilities. International Journal of Computer Sciences and Engineering, 6(6), 945-949.
BibTex Style Citation:
@article{Deswal_2018,
author = {Komal, S. Deswal},
title = {KMPS: A Hybrid Algorithm to Detect Web Application Vulnerabilities},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {6 2018},
volume = {6},
Issue = {6},
month = {6},
year = {2018},
issn = {2347-2693},
pages = {945-949},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=2279},
doi = {https://doi.org/10.26438/ijcse/v6i6.945949}
publisher = {IJCSE, Indore, INDIA},
}
RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v6i6.945949}
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=2279
TI - KMPS: A Hybrid Algorithm to Detect Web Application Vulnerabilities
T2 - International Journal of Computer Sciences and Engineering
AU - Komal, S. Deswal
PY - 2018
DA - 2018/06/30
PB - IJCSE, Indore, INDIA
SP - 945-949
IS - 6
VL - 6
SN - 2347-2693
ER -
VIEWS | XML | |
444 | 341 downloads | 152 downloads |
Abstract
With the rapid growth of internet all type of services are available online to decrease the user efforts and to make every task easy. A variety of web applications are available for these activities. Web applications contain confidential data of organizations and databases or other information sources. It can be attacked by attackers or hackers, if there are any vulnerabilities present in the web application. So, there is a need to implement security approaches and algorithms to detect the web vulnerabilities. This paper presents a Hybrid algorithm to detect web application vulnerabilities. The proposed hybrid algorithm, KMPS is a combination of Sunday search algorithm and KMP string matching algorithm. KMPS consists of shifting steps and matching steps to detect the attacks and is compared with the existing BM pattern matching algorithm. The results show that the proposed algorithm performs better than BM pattern matching algorithm in context of searching time, accuracy and throughput.
Key-Words / Index Term
Web application security, SQLi, Cross-site scripting, Cross-site request, forgery, buffer overflow, KMPS hybrid algorithm
References
[1] Nagpal, B., Chauhan, N., & Singh, N. (2017). “SECSIX: security engine for CSRF, SQL injection and XSS attacks.” International Journal of System Assurance Engineering and Management, 8(2), 631-644.
[2] Saleh, A. Z. M., Rozali, N. A., Buja, A. G., Jalil, K. A., Ali, F. H. M., & Rahman, T. F. A. (2015). “A method for web application vulnerabilities detection by using boyer-moore string matching algorithm.” Procedia Computer Science, 72, 112-121.
[3] Yu, F. (2015). “Malicious url detection algorithm based on bm pattern matching.” International Journal of Security and Its Applications, 9(9), 33-44.
[4] Mahmoud, S. K., Alfonse, M., Roushdy, M. I., & Salem, A. B. M. (2017, December). “A comparative analysis of Cross Site Scripting (XSS) detecting and defensive techniques.” In Intelligent Computing and Information Systems (ICICIS), 2017 Eighth International Conference on (pp. 36-42). IEEE.
[5] Marashdih, A. W., & Zaaba, Z. F. (2017, October). “Detection and Removing Cross Site Scripting Vulnerability in PHP Web Application.” In Promising Electronic Technologies (ICPET), 2017 International Conference on (pp. 26-31). IEEE.
[6] Thomé, J., Shar, L. K., Bianculli, D., & Briand, L. (2017, May). “Search-driven string constraint solving for vulnerability detection.” In Software Engineering (ICSE), 2017 IEEE/ACM 39th International Conference on (pp. 198-208). IEEE.
[7] Gupta, S. (2016, December). “Efficient malicious domain detection using word segmentation and BM pattern matching.” In Recent Advances and Innovations in Engineering (ICRAIE), 2016 International Conference on (pp. 1-6). IEEE.
[8] Prashanth, S. K., Rao, N. S., & Kumar, C. S. (2016, March). “Hybrid Cuckoo search—ABC algorithm based vulnerabilities mapping and security in clouds.” In Electrical, Electronics, and Optimization Techniques (ICEEOT), International Conference on (pp. 2569-2572). IEEE.
[9] Yu, J., Tao, D., & Lin, Z. (2016, August). “A hybrid web log based intrusion detection model.” In Cloud Computing and Intelligence Systems (CCIS), 2016 4th International Conference on (pp. 356-360). IEEE.
[10] MUIRURI, C. K., Ruhiu, S., & Moturi, C. A. (2015). “A HYBRID ALGORITHM FOR DETECTING WEB-BASED APPLICATIONS VULNERABILITIES.”
[11] Patel, N., & Shekokar, N. (2015). “Implementation of pattern matching algorithm to defend SQLIA.” Procedia Computer Science, 45, 453-459.
[12] Hazel, J. J., Valarmathie, P., & Saravanan, R. (2015, February). “Guarding web application with multi-Angled attack detection.” In Soft-Computing and Networks Security (ICSNS), 2015 International Conference on (pp. 1-4). IEEE.
[13] Qiao, J., & Zhang, H. (2015, September). “Improvement of BM algorithm in intrusion detection system.” In Software Engineering and Service Science (ICSESS), 2015 6th IEEE International Conference on (pp. 652-655). IEEE.
[14] Srivastava, M. (2014, March). “Algorithm to prevent back end database against SQL injection attacks.” In Computing for Sustainable Global Development (INDIACom), 2014 International Conference on (pp. 754-757). IEEE.
[15] Trinh, M. T., Chu, D. H., & Jaffar, J. (2014, November). “S3: A symbolic string solver for vulnerability detection in web applications.” In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 1232-1243). ACM.
[16] Kadhim, H. A., & AbdulRashidx, N. (2014, June). “Maximum-shift string matching algorithms.” In Computer and Information Sciences (ICCOINS), 2014 International Conference on (pp. 1-6). IEEE.
[17] Razzaq, A., Anwar, Z., Ahmad, H. F., Latif, K., & Munir, F. (2014). “Ontology for attack detection: An intelligent approach to web application security.” Computers & security, 45, 124-146.
[18] Shar, L. K., Tan, H. B. K., & Briand, L. C. (2013, May). “Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis.” In Proceedings of the 2013 International Conference on Software Engineering (pp. 642-651). IEEE Press.
[19] Ding, S., Tan, H. B. K., Shar, L. K., & Padmanabhuni, B. M. (2013, December). “Towards a Hybrid Framework for Detecting Input Manipulation Vulnerabilities.” In Software Engineering Conference (APSEC), 2013 20th Asia-Pacific (Vol. 1, pp. 363-370). IEEE.
[20] Lu, C. W., Lu, C. L., & Lee, R. C. (2013). “A new filtration method and a hybrid strategy for approximate string matching.” Theoretical Computer Science, 481, 9-17.
[21] Chang, C., & Wang, H. (2012, March). “Comparison of two-dimensional string matching algorithms.” In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 3, pp. 608-611). IEEE.
[22] Xian-feng, H., Yu-bao, Y., & Lu, X. (2010, August). “Hybrid pattern-matching algorithm based on BM-KMP algorithm.” In Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on (Vol. 5, pp. V5-310). IEEE.
[23] Shreekishan Jewliya, "Analysis of Web Application Security", International Journal of Computer Sciences and Engineering, Vol.5, Issue.9, pp.215-220, 2017.
[24] Sandeep D Sukhdeve and Hemlata Channe, "A Survey on Content Injection Attacks", International Journal of Computer Sciences and Engineering, Vol.3, Issue.11, pp.70-74, 2015.