Login | Register

Employing Opportunistic Diversity for Detecting Injection Attacks in Web Applications


Employing Opportunistic Diversity for Detecting Injection Attacks in Web Applications

Huo, Wei (2014) Employing Opportunistic Diversity for Detecting Injection Attacks in Web Applications. Masters thesis, Concordia University.

This is the latest version of this item.

Text (application/pdf)
Huo_MASc_F2014.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Web-based applications are becoming increasingly popular due to less demand of client-side resources
and easier maintenance than desktop counterparts. On the other hand, larger attack surfaces
and developers’ lack of security proficiency or awareness leave Web applications particularly vulnerable
to security attacks. One existing approach to preventing security attacks is to compose
a redundant system using functionally similar but internally different variants, which will likely
respond to the same attack in different ways. However, most diversity-by-design approaches are
rarely used in practice due to the implied cost in development and maintenance, significant false
alarm rate is also another limitation. In this work, we employ opportunistic diversity inherent
to Web applications and their database backends to prevent injection attacks. We first conduct a
case study of common vulnerabilities to confirm the effectiveness of opportunistic diversity for
preventing potential attacks. We then devise a multi-stage approach to examine database queries,
their effect on the database, query results, and user-end results. Next, we combine the results
obtained from different stages using a learning-based approach to further improve the detection
accuracy. Finally, we evaluate our approach using a real world Web application.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Huo, Wei
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:14 September 2014
Thesis Supervisor(s):Wang, Lingyu
Keywords:diversity,database,attack detection
ID Code:978768
Deposited By: WEI HUO
Deposited On:04 Nov 2014 17:08
Last Modified:18 Jan 2018 17:47

Available Versions of this Item

All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top