Top

Published in:

2016 | OriginalPaper | Chapter

A Solution for Automatically Malicious Web Shell and Web Application Vulnerability Detection

Authors : Van-Giap Le, Huu-Tung Nguyen, Dang-Nhac Lu, Ngoc-Hoa Nguyen

Published in: Computational Collective Intelligence

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

According to Internet Live Stats, it is evident that organizations and developers are underestimating security issues on their system. In this paper, we propose a protective and extensible solution for automatically detecting both the Web application vulnerabilities and malicious Web shells. Based on the original THAPS, we proposed E-THAPS that has a new detecting mechanism, improved SQLi, XSS and vulnerable functions detecting capabilities. For malicious Web shell detection, taint analysis and pattern matching methods are selected as the main approach. The broad experiment that we performed showed our outstanding results in comparison with other solutions for detecting the Web application vulnerabilities and malicious Web shells.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Data Warehouses Federation as a Single Data Warehouse

next chapter Data Evolution Method in the Procedure of User Authentication Using Keystroke Dynamics

https://bitbucket.org/heinep/thaps/.

https://github.com/Neohapsis/NeoPI.

https://virustotal.com/.

https://wordpress.org/plugins/browse/popular/.

Kals, S., Kirda, E., Kruegel, C., Jovanovich, N.: SecuBat: a web vulnerability scanner. In: 15th International Conference on World Wide Web, pp. 247–256 (2006)

Jensen, T., Pedersen, H., Olesen, M.C., Hansen, R.R.: THAPS: automated vulnerability scanning of PHP applications. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 31–46. Springer, Heidelberg (2012)CrossRef

Dahse, J.: RIPS - a static source code analyser for vulnerabilities in PHP scripts. In: Seminar Work at Chair for Network and Data Security (2010)

Sasi, R.: Web backdoors - attack, evasion and detection. In: C0C0N Sec Conference (2011)

Nguyen, N.-H.: Iris recognition for biometric passport authentication. VNU J. Sci. Nat. Sci. Technol. 26(1), 14–20 (2010)

Le, H.H., Nguyen, N.H., Nguyen, T.T.: Exploiting GPU for large scale fingerprint identification. In: Nguyen, N.T., Trawiński, B., Fujita, H., Hong, T.-P. (eds.) Intelligent Information and Database Systems. LNCS, vol. 9621, pp. 688–697. Springer, Heidelberg (2016)CrossRef

http://www.internetlivestats.com/. Accessed 26 April 2016

Web technology surveys. http://w3techs.com/technologies/overview/programming_language/all/. Accessed 15 April 2016

Dahse, J., Holz, T.: Static detection of second-order vulnerabilities in web applications. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 989–1003 (2014)

10.

Starov, O., Dahse, J., Ahmad, S., Holz, T., Nikiforakis, N.: Thieves, no honor among: a large-scale analysis of malicious web shells. In: 25th International Conference on World Wide Web, pp. 1021–1032 (2016)

11.

Global websecurity whitehat contest. https://ctftime.org/ctf/112

Title: A Solution for Automatically Malicious Web Shell and Web Application Vulnerability Detection
Authors: Van-Giap Le
Huu-Tung Nguyen
Dang-Nhac Lu
Ngoc-Hoa Nguyen
Publisher: Springer International Publishing
Book: Computational Collective Intelligence
Print ISBN: 978-3-319-45242-5

Electronic ISBN: 978-3-319-45243-2

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-45243-2_34

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner