Uma Ontologia para Mitigar XML Injection
Abstract
The underlying technologies used by web services bring well-known vulnerabilities from other domains to this new environment. Anomaly-based intrusion detection approaches produce high false positive rates, while signature-based intrusion detection approaches do not detect attack variations. This paper presents a novel hybrid attack detection engine that brings together the main advantages of these classical detection approaches. An ontology is applied as a strategy-based knowledge-base to assist mitigating XML injection attacks, while maintaining low false positive detection rates.References
Bechhofer, S. (2006) “DIG 2.0: The DIG Description Logic Interface”, http://dig.cs.manchester.ac.uk.
Boag, S., Chamberlin, D., Fernández, M. F., Florescu, D., Robie, J. e Siméon, J. (2011) “XQuery 1.0: An XML Query Language (Second Edition)”, http://www.w3.org/TR/xquery.
Booth, D., Haas, H., Mccabe, F., Newcomer, E., Champion, M., Ferris, C. e Orchard, D. (2004) “Web Services Architecture”, http://www.w3.org/TR/ws-arch.
Bravenboer, M., Dolstra, E. e Visser, E. (2010). Preventing injection attacks with syntax embeddings. In Science of Computer Programming archive, pages 473-495.
CAPEC (2011) “Common Attack Pattern Enumeration and Classification”, http://capec.mitre.org/data/graphs/1000.html.
Clarck&Parsia (2011) “Pellet: OWL 2 Reasoner for Java”, http://clarkparsia.com/pellet.
Combs, G. (2011) “Wireshark – Go Deep”, http://www.wireshark.org.
CWE e SANS (2010) “2010 CWE/SANS Top 25 Most Dangerous Software Errors”, http://cwe.mitre.org/top25/index.html.
CWE (2011) “Common Weakness Enumeration”, http://cwe.mitre.org/data/definitions/91.html.
Siddavatam, I. e Gadge, J. (2008). Comprehensive Test Mechanism to Detect Attack on Web Services. In 16th IEEE International Conference on Networks, pages 1-6.
Dou, D., McDermott, D. e Qi, P. (2004). Ontology Translation on the Semantic Web. In Journal on Data Semantics (JoDS) II, pages 35-57.
Gruber, T. R. (1993). Toward Principles for the Design of Ontologies Used for Knowledge Sharing. In International Journal Human-Computer Studies 43, pages 907-928.
Hansen, R. (2008) “XSS (Cross Site Scripting) Cheat Sheet”, http://ha.ckers.org/xss.html.
Konstantinou, N., Spanos, D. e Mitrou, N. (2008). Ontology and Database Mapping: A Survey of Current Implementations and Future Directions. In Journal of Web Engineering, pg. 1-24.
McGuinness, D., e Harmelen, F. (2009) “OWL 2 Web Ontology Language”, http://www.w3.org/TR/owl-features.
Metasploit (2011) “Metasploit Penetration Testing Resources”, http://www.metasploit.com.
Oracle (2011) “For Java Developers”, http://www.oracle.com/technetwork/java/index.html.
OWASP (2009) “The Open Web Application Security Project”, http://www.owasp.org/images/3/3f/2009AnnualReport.pdf.
OWASP (2011) “The Open Web Application Security Project”, http://www.owasp.org.
Prud'hommeaux, E., e Seaborne, A. (2008) “SPARQL Query Language for RDF”, http://www.w3.org/TR/rdf-sparql-query.
Sourcefire (2011) “Sourcefire VRT Certified Rules The Official Snort Ruleset”, http://www.snort.org/snort-rules.
SourceForge (2011) “Jena – A Semantic Web Framework for Java”, http://jena.sourceforge.net.
SourceForge (2011) “Network Packet Capture Facility for Java”, http://sourceforge.net/projects/jpcap.
Stanford (2011) “The Protégé Ontology Editor and Knowledge Acquisition System”, http://protege.stanford.edu.
Undercoffer, J., Pinkston, J., Joshi, A. e Finin, T. (2004). A Target-Centric ontology for intrusion detection. In Proceedings of the IJCAI W. on Ontologies and Dist. Sys., pg. 47-58.
Vorobiev, A. e Han, J. (2006). Security Attack Ontology for Web Services. In Proceedings of the Second International Conference on Semantics, Knowledge, and Grid, paper 42 (6pp).
Yee, C. G., Shin, W. H. e Rao, G. S. V. R. K. (2007). An Adaptive Intrusion Detection and Prevention (ID/IP) Framework for Web Services. In Proceedings of IEEE International Conference on Convergence Information Technology, pages 528-534.
Zero Day Initiative (2011) “Zero Day Initiative”, http://www.zerodayinitiative.com/advisories/upcoming/.
Boag, S., Chamberlin, D., Fernández, M. F., Florescu, D., Robie, J. e Siméon, J. (2011) “XQuery 1.0: An XML Query Language (Second Edition)”, http://www.w3.org/TR/xquery.
Booth, D., Haas, H., Mccabe, F., Newcomer, E., Champion, M., Ferris, C. e Orchard, D. (2004) “Web Services Architecture”, http://www.w3.org/TR/ws-arch.
Bravenboer, M., Dolstra, E. e Visser, E. (2010). Preventing injection attacks with syntax embeddings. In Science of Computer Programming archive, pages 473-495.
CAPEC (2011) “Common Attack Pattern Enumeration and Classification”, http://capec.mitre.org/data/graphs/1000.html.
Clarck&Parsia (2011) “Pellet: OWL 2 Reasoner for Java”, http://clarkparsia.com/pellet.
Combs, G. (2011) “Wireshark – Go Deep”, http://www.wireshark.org.
CWE e SANS (2010) “2010 CWE/SANS Top 25 Most Dangerous Software Errors”, http://cwe.mitre.org/top25/index.html.
CWE (2011) “Common Weakness Enumeration”, http://cwe.mitre.org/data/definitions/91.html.
Siddavatam, I. e Gadge, J. (2008). Comprehensive Test Mechanism to Detect Attack on Web Services. In 16th IEEE International Conference on Networks, pages 1-6.
Dou, D., McDermott, D. e Qi, P. (2004). Ontology Translation on the Semantic Web. In Journal on Data Semantics (JoDS) II, pages 35-57.
Gruber, T. R. (1993). Toward Principles for the Design of Ontologies Used for Knowledge Sharing. In International Journal Human-Computer Studies 43, pages 907-928.
Hansen, R. (2008) “XSS (Cross Site Scripting) Cheat Sheet”, http://ha.ckers.org/xss.html.
Konstantinou, N., Spanos, D. e Mitrou, N. (2008). Ontology and Database Mapping: A Survey of Current Implementations and Future Directions. In Journal of Web Engineering, pg. 1-24.
McGuinness, D., e Harmelen, F. (2009) “OWL 2 Web Ontology Language”, http://www.w3.org/TR/owl-features.
Metasploit (2011) “Metasploit Penetration Testing Resources”, http://www.metasploit.com.
Oracle (2011) “For Java Developers”, http://www.oracle.com/technetwork/java/index.html.
OWASP (2009) “The Open Web Application Security Project”, http://www.owasp.org/images/3/3f/2009AnnualReport.pdf.
OWASP (2011) “The Open Web Application Security Project”, http://www.owasp.org.
Prud'hommeaux, E., e Seaborne, A. (2008) “SPARQL Query Language for RDF”, http://www.w3.org/TR/rdf-sparql-query.
Sourcefire (2011) “Sourcefire VRT Certified Rules The Official Snort Ruleset”, http://www.snort.org/snort-rules.
SourceForge (2011) “Jena – A Semantic Web Framework for Java”, http://jena.sourceforge.net.
SourceForge (2011) “Network Packet Capture Facility for Java”, http://sourceforge.net/projects/jpcap.
Stanford (2011) “The Protégé Ontology Editor and Knowledge Acquisition System”, http://protege.stanford.edu.
Undercoffer, J., Pinkston, J., Joshi, A. e Finin, T. (2004). A Target-Centric ontology for intrusion detection. In Proceedings of the IJCAI W. on Ontologies and Dist. Sys., pg. 47-58.
Vorobiev, A. e Han, J. (2006). Security Attack Ontology for Web Services. In Proceedings of the Second International Conference on Semantics, Knowledge, and Grid, paper 42 (6pp).
Yee, C. G., Shin, W. H. e Rao, G. S. V. R. K. (2007). An Adaptive Intrusion Detection and Prevention (ID/IP) Framework for Web Services. In Proceedings of IEEE International Conference on Convergence Information Technology, pages 528-534.
Zero Day Initiative (2011) “Zero Day Initiative”, http://www.zerodayinitiative.com/advisories/upcoming/.
Published
2011-11-06
How to Cite
ROSA, Thiago M.; SANTIN, Altair O.; MALUCELLI, Andreia.
Uma Ontologia para Mitigar XML Injection . In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 11. , 2011, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2011
.
p. 43-56.
DOI: https://doi.org/10.5753/sbseg.2011.20562.
