International Journal of Information Security
Volume:16 Issue: 1, Jan 2024

Whatever malware protection is upcoming, still the data are prone to cyber-attacks. The most threatening Structured Query Language Injection Attack (SQLIA) happens at the database layer of web applications leading to unlimited and unauthorized access to confidential information through malicious code injection. Since feature extraction accuracy significantly influences detection results, extracting the features of a query that predominantly contributes to SQL Injection (SQLI) is the most challenging task for the researchers. So, the proposed work primarily focuses on that using modified parse-tree representation. Some existing techniques used graph representation to identify characteristics of the query based on a predefined fixed list of SQL keywords. As the complete graph representation requires high time complexity for traversals due to the unnecessary links, a modified parse tree of tokens is proposed here with restricted links between operators (internal nodes) and operands (leaf nodes) of the WHERE clause. Tree siblings from the leaf nodes comprise the WHERE clause operands, where the attackers try to manipulate the conditions to be true for all the cases. A novelty of this work is identifying patterns of legitimate and injected queries from the proposed modified parse tree and applying a pattern-based neural network (NN) model for detecting attacks. The proposed approach is applied in various machine learning (ML) models and a neural network model, Multi-Layer Perceptron (MLP). With the scrupulously extracted patterns and their importance (weights) in legitimate and injected queries, the MLP model provides better results in terms of accuracy (97.85%), precision (93.8%) and AUC (97.8%)

With the advancement of ICTs, the fifth generation has developed into an emergent communication platform that supports high speed, low latency, and excellent connectivity to numerous devices with modern radio technology, service-oriented design, and cloud infrastructure. The recent developments in the fifth Generation and existing proposed plans are centred on the security model of this study, with authentication, availability, confidentiality, integrity, visibility, and centralized security policy. However, initiating innovative technologies and enhanced aspects in the 5th Generation communication raises new requirements and has given various security challenges. 5G-based applications face security risks because of using modern technology. This paper presents a study of security attacks and the security risks faced by 5G intelligent applications. This research article also investigates the three main 5G usage scenarios (i.e., eMBB, uRLLC, and mMTC). This research recommends the steps to be taken to reduce the security risks of 5G usage scenarios & intelligent applications.

Smart contracts are applications that are deployed on a blockchain and can be executed through transactions. The code and the state of the smart contracts are persisted on the ledger, and their execution is validated by all blockchain nodes. Smart contracts often hold and manage amounts of cryptocurrency. Therefore, their code should be secured against attacks. Smart contracts can be secured either by fixing their source/byte code before deployment (offline) or by inserting some protection code into the runtime (online). On the one hand, the offline methods do not have enough data for effective protection, and on the other hand, the existing online methods are too costly. In this paper, we propose an online method to complement the offline methods with a low overhead. Our protections are categorized into multiple \emph{safety guards}. These guards are implemented in the blockchain nodes (clients), and require some parameters to be set in the constructor to be activated. After deployment, the configured guards protect the contract and revert suspicious transactions. We have implemented our proposed safety guards by small changes to the Hyperledger Besu Ethereum client. Our evaluations show that our implementation is effective in preventing the corresponding attacks, and has low execution overhead.

The widespread use of web applications and running on sensitive data has made them one of the most significant targets of cyber attackers. One of the most crucial security measures that can be taken is the detection and closure of vulnerabilities on web applications before attackers. In this study, a web application vulnerability scanner was developed based on dynamic analysis and artificial intelligence, which could test web applications using GET and POST methods and had test classes for 21 different vulnerability types. The developed vulnerability scanner was tested on a web application test laboratory, which was created within the scope of this study and had 262 different web applications. A data set was created from the results of the tests performed using the developed vulnerability scanner. In this study, as a first stage, web page classification was made using the mentioned data set. The highest success rate in the page classification process was determined by 95.39% using the Random Forest Algorithm. The second operation performed using the dataset was the association analysis between vulnerabilities. The proposed model saved the 21% time than the standard scanning model. The page classification process was also used in the crawling of the web application in this study.

Distributed Denial of Service (DDoS) attacks have become a critical threat to the Web with the increase in web-based transactions and application services offered by the Internet. With the vast resources and techniques easily available to the attackers countering them has become more challenging. They are usually carried out at the network layer. Unlike traditional network-layer attacks, application-layer DDoS attacks can be more effective. It utilizes legitimate HTTP requests to inundate victim resources that are undetectable. Many methods exist in the literature to protect systems from IP and TCP layer DDoS attacks that do not work when encountering application-layer DDoS attacks. Most network-layer DDoS attacks are flooding attacks, but application-layer DDoS attacks can be flooding attacks or protocol-specific vulnerability attacks. Various protocol-specific vulnerability attacks cannot be detected by traditional detection methods as they are designed to detect flooding attacks. One such attack is the slowloris attack. It targets web servers by exploiting an HTTP protocol vulnerability. In this paper, we propose a slowloris attack detection based on an adaptive timeout-based approach that contains two modules: a suspect determination module and an attacker verification module. The determination module determines suspects and sends them to the verification module, which verifies a suspect as an attacker. We have designed a detection algorithm that detects an attacker's IP address before it consumes all the resources. The experimental results substantiate its efficacy with low false alarms and high detection accuracy.

Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area.However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices.Additionally, access policies should be able to be updated efficiently by data owners, and in some circumstances, hidden access policies are necessary to preserve the privacy of clients and data.In this paper, we propose a ciphertext-policy attribute-based access control scheme that, for the first time, simultaneously provides online/offline encryption, hidden access policy, and access policy update.In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly.Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties.Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider.In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key.Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations.The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie–Hellman (DBDH) and Decision Linear (D-Linear) assumptions.Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.