Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL Injection Attacks in Stored Procedures
ASWEC '06 Proceedings of the Australian Software Engineering Conference
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Embedded Malware Detection Using Markov n-Grams
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Using mobile devices to support online collaborative learning
Mobile Information Systems - Mobile and Wireless Networks
Recovery of flash memories for reliable mobile storages
Mobile Information Systems
LIBSVM: A library for support vector machines
ACM Transactions on Intelligent Systems and Technology (TIST)
Efficient Malicious Code Detection Using N-Gram Analysis and SVM
NBIS '11 Proceedings of the 2011 14th International Conference on Network-Based Information Systems
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Intelligent detection computer viruses based on multiple classifiers
UIC'07 Proceedings of the 4th international conference on Ubiquitous Intelligence and Computing
Design of a secure RFID authentication scheme preceding market transactions
Mobile Information Systems - Emerging Wireless and Mobile Technologies
Automatic security assessment for next generation wireless mobile networks
Mobile Information Systems - Emerging Wireless and Mobile Technologies
Advances in Network-based Information Systems
Mobile Information Systems - Advances in Network-Based Information Systems
Hi-index | 0.00 |
Large parts of attacks targeting the web are aiming at the weak point of web application. Even though SQL injection, which is the form of XSS Cross Site Scripting attacks, is not a threat to the system to operate the web site, it is very critical to the places that deal with the important information because sensitive information can be obtained and falsified. In this paper, the method to detect themalicious SQL injection script code which is the typical XSS attack using n-Gram indexing and SVM Support Vector Machine is proposed. In order to test the proposed method, the test was conducted after classifying each data set as normal code and malicious code, and the malicious script code was detected by applying index term generated by n-Gram and data set generated by code dictionary to SVM classifier. As a result, when the malicious script code detection was conducted using n-Gram index term and SVM, the superior performance could be identified in detecting malicious script and the more improved results than existing methods could be seen in the malicious script code detection recall.