With the rapid growth of internet all type of services are available online to decrease the user efforts and to make every task easy. A variety of web applications are available for these activities. Web applications contain confidential data of organizations and databases or other information sources. It can be attacked by attackers or hackers, if there are any vulnerabilities present in the web application. So, there is a need to implement security approaches and algorithms to detect the web vulnerabilities. This paper presents a Hybrid algorithm to detect web application vulnerabilities. The proposed hybrid algorithm, KMPS is a combination of Sunday search algorithm and KMP string matching algorithm. KMPS consists of shifting steps and matching steps to detect the attacks and is compared with the existing BM pattern matching algorithm. The results show that the proposed algorithm performs better than BM pattern matching algorithm in context of searching time, accuracy and throughput.

Web application security, SQLi, Cross-site scripting, Cross-site request, forgery, buffer overflow, KMPS hybrid algorithm

[1] Nagpal, B., Chauhan, N., & Singh, N. (2017). “SECSIX: security engine for CSRF, SQL injection and XSS attacks.” International Journal of System Assurance Engineering and Management, 8(2), 631-644.
[2] Saleh, A. Z. M., Rozali, N. A., Buja, A. G., Jalil, K. A., Ali, F. H. M., & Rahman, T. F. A. (2015). “A method for web application vulnerabilities detection by using boyer-moore string matching algorithm.” Procedia Computer Science, 72, 112-121.
[3] Yu, F. (2015). “Malicious url detection algorithm based on bm pattern matching.” International Journal of Security and Its Applications, 9(9), 33-44.
[4] Mahmoud, S. K., Alfonse, M., Roushdy, M. I., & Salem, A. B. M. (2017, December). “A comparative analysis of Cross Site Scripting (XSS) detecting and defensive techniques.” In Intelligent Computing and Information Systems (ICICIS), 2017 Eighth International Conference on (pp. 36-42). IEEE.
[5] Marashdih, A. W., & Zaaba, Z. F. (2017, October). “Detection and Removing Cross Site Scripting Vulnerability in PHP Web Application.” In Promising Electronic Technologies (ICPET), 2017 International Conference on (pp. 26-31). IEEE.
[6] Thomé, J., Shar, L. K., Bianculli, D., & Briand, L. (2017, May). “Search-driven string constraint solving for vulnerability detection.” In Software Engineering (ICSE), 2017 IEEE/ACM 39th International Conference on (pp. 198-208). IEEE.
[7] Gupta, S. (2016, December). “Efficient malicious domain detection using word segmentation and BM pattern matching.” In Recent Advances and Innovations in Engineering (ICRAIE), 2016 International Conference on (pp. 1-6). IEEE.
[8] Prashanth, S. K., Rao, N. S., & Kumar, C. S. (2016, March). “Hybrid Cuckoo search—ABC algorithm based vulnerabilities mapping and security in clouds.” In Electrical, Electronics, and Optimization Techniques (ICEEOT), International Conference on (pp. 2569-2572). IEEE.
[9] Yu, J., Tao, D., & Lin, Z. (2016, August). “A hybrid web log based intrusion detection model.” In Cloud Computing and Intelligence Systems (CCIS), 2016 4th International Conference on (pp. 356-360). IEEE.
[10] MUIRURI, C. K., Ruhiu, S., & Moturi, C. A. (2015). “A HYBRID ALGORITHM FOR DETECTING WEB-BASED APPLICATIONS VULNERABILITIES.”
[11] Patel, N., & Shekokar, N. (2015). “Implementation of pattern matching algorithm to defend SQLIA.” Procedia Computer Science, 45, 453-459.
[12] Hazel, J. J., Valarmathie, P., & Saravanan, R. (2015, February). “Guarding web application with multi-Angled attack detection.” In Soft-Computing and Networks Security (ICSNS), 2015 International Conference on (pp. 1-4). IEEE.
[13] Qiao, J., & Zhang, H. (2015, September). “Improvement of BM algorithm in intrusion detection system.” In Software Engineering and Service Science (ICSESS), 2015 6th IEEE International Conference on (pp. 652-655). IEEE.
[14] Srivastava, M. (2014, March). “Algorithm to prevent back end database against SQL injection attacks.” In Computing for Sustainable Global Development (INDIACom), 2014 International Conference on (pp. 754-757). IEEE.
[15] Trinh, M. T., Chu, D. H., & Jaffar, J. (2014, November). “S3: A symbolic string solver for vulnerability detection in web applications.” In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 1232-1243). ACM.
[16] Kadhim, H. A., & AbdulRashidx, N. (2014, June). “Maximum-shift string matching algorithms.” In Computer and Information Sciences (ICCOINS), 2014 International Conference on (pp. 1-6). IEEE.
[17] Razzaq, A., Anwar, Z., Ahmad, H. F., Latif, K., & Munir, F. (2014). “Ontology for attack detection: An intelligent approach to web application security.” Computers & security, 45, 124-146.
[18] Shar, L. K., Tan, H. B. K., & Briand, L. C. (2013, May). “Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis.” In Proceedings of the 2013 International Conference on Software Engineering (pp. 642-651). IEEE Press.
[19] Ding, S., Tan, H. B. K., Shar, L. K., & Padmanabhuni, B. M. (2013, December). “Towards a Hybrid Framework for Detecting Input Manipulation Vulnerabilities.” In Software Engineering Conference (APSEC), 2013 20th Asia-Pacific (Vol. 1, pp. 363-370). IEEE.
[20] Lu, C. W., Lu, C. L., & Lee, R. C. (2013). “A new filtration method and a hybrid strategy for approximate string matching.” Theoretical Computer Science, 481, 9-17.
[21] Chang, C., & Wang, H. (2012, March). “Comparison of two-dimensional string matching algorithms.” In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 3, pp. 608-611). IEEE.
[22] Xian-feng, H., Yu-bao, Y., & Lu, X. (2010, August). “Hybrid pattern-matching algorithm based on BM-KMP algorithm.” In Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on (Vol. 5, pp. V5-310). IEEE.
[23] Shreekishan Jewliya, "Analysis of Web Application Security", International Journal of Computer Sciences and Engineering, Vol.5, Issue.9, pp.215-220, 2017.
[24] Sandeep D Sukhdeve and Hemlata Channe, "A Survey on Content Injection Attacks", International Journal of Computer Sciences and Engineering, Vol.3, Issue.11, pp.70-74, 2015.