Advertisement

Modeling and Mitigation of XPath Injection Attacks for Web Services Using Modular Neural Networks

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 707)

Abstract

Injection attacks are considered to impact the most widespread vulnerabilities in web applications by Open Web Application Security Project (OWASP). XML is used as an alternative technology to database systems to store data in XML format, which can be queried to produce the desired results. XPath is a query language for XML which has injection issues similar to SQL. XPath can be used by the attacker to exploit the vulnerabilities in web applications by injecting malicious XPath query. If the web service is injected with malicious XML code, then it affects all the applications which integrate the infected web service. In this paper, we propose a solution, which uses count-based validation technique and Long Short-Term Memory (LSTM) modular neural networks to identify and classify atypical behavior in user input. Once the atypical user input is identified, the attacker is redirected to sham resources to protect the critical data. Our experiment results in over 90% accuracy in classification of input vectors. Our results also show that use of modular neural network results in improved response time of the web application compared to single neural network.

Keywords

XPath injection Web services modular neural networks Long Short-term memory neural networks 

References

  1. 1.
    Kamlesh, B.: Cyberspace—global commons or a national asset. http://www.dsci.in/sites/default/files/Cyberspace%20as%20Global%20Common_DATAQUEST_0.pdf. Accessed 08 July 2016
  2. 2.
    Top 10 2010-A1-Injection, https://www.owasp.org/index.php/Top_10_2010-A1. Accessed 02 Dec 2015
  3. 3.
    Thiago, M.R., Altair, O.S., Andreia, M.: Mitigating XML injection attack through strategy-based detection system. IEEE Security and Privacy (2011)Google Scholar
  4. 4.
    Nuno, A., Nuno, L., Marco. V., Henrique, M.: Effective detection of SQL/XPath injection vulnerabilities in web services. In: International Conference on Services Computing. IEEE (2009)Google Scholar
  5. 5.
    Nuno, L., Marco, V., Henrique, M.: A learning based approach to secure web services from SQL/XPath injection attacks. In: Pacific Rim International Symposium on Dependable Computing (2010)Google Scholar
  6. 6.
    Shanmughaneethi, V., Ravichandran, R., Swamynathan, S.: PXpathV: preventing XPath injection vulnerabilities in web applications. Int. J. Web Serv. Comput. 2(3) (2011)CrossRefGoogle Scholar
  7. 7.
    Mike, W.S., Matthew, C.C.: A theoretical framework for multiple neural network systems. J. Neurocomput. 71(7–9), 1462–1476 (2008)Google Scholar
  8. 8.
    Hanh, H.N., Christine, W.C.: Multiple neural networks for a long term time series forecast. Springer, Neural Comput. Appl. 13, 90–98 (2004)CrossRefGoogle Scholar
  9. 9.
    Anand, R., Mehrotra, K., Mohan C.K., Ranka S.: Efficient classification for multiclass problems using modular neural networks. IEEE Trans. Neural Netw. 6(1) (1995)CrossRefGoogle Scholar
  10. 10.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  11. 11.
    Tom, S., Justin B., Daan, W., Sun, Y., Martin, F., Frank, S., Thomas, R., Jürgen, S.: PyBrain. J. Mach. Learn. Res. (2010)Google Scholar
  12. 12.
    Bottle: python web framework. http://bottlepy.org/docs/dev/. Accessed 05 Apr 2016
  13. 13.
    matplotlib, http://matplotlib.org/contents.html. Accessed 06 July 2016

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringKLS Gogte Institute of TechnologyBelagaviIndia
  2. 2.Vellore Institute of TechnologyVelloreIndia

Personalised recommendations