CiteSeerX — Search Results — various attack script

Results 11 - 20 of 7,666

ScriptGen: An automated script generation tool for Honeyd

by Corrado Leita, Ken Mermoud, Marc Dacier - In Computer Security Applications Conf , 2005

"... Honeyd [14] is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad-hoc scripts that need to be written by hand. As a res ..."

Abstract - Cited by 53 (7 self) - Add to MetaCart

different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our

Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code

by Marco Cova, Christopher Kruegel, Giovanni Vigna - In WWW 2010 , 2010

"... JavaScript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user’s browser and its extensions. These attacks usually result in the download of additional ..."

Abstract - Cited by 131 (20 self) - Add to MetaCart

JavaScript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user’s browser and its extensions. These attacks usually result in the download of additional

MetaSymploit: Day-One Defense Against Script-based Attacks with Security-Enhanced Symbolic Analysis

by Ruowen Wang, Peng Ning, Tao Xie, Quan Chen

"... A script-based attack framework is a new type of cyberattack tool written in scripting languages. It carries various attack scripts targeting vulnerabilities across different systems. It also supports fast development of new attack scripts that can even exploit zero-day vulnerabilities. Such mechani ..."

Abstract - Cited by 2 (1 self) - Add to MetaCart

A script-based attack framework is a new type of cyberattack tool written in scripting languages. It carries various attack scripts targeting vulnerabilities across different systems. It also supports fast development of new attack scripts that can even exploit zero-day vulnerabilities

Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks

by Wei Xu, Sandeep Bhatkar, R. Sekar - In the Proc. of the 15th USENIX Security Symp , 2006

"... Policy-based confinement, employed in SELinux and specification-based intrusion detection systems, is a popular approach for defending against exploitation of vulnerabilities in benign software. Conventional access control policies employed in these approaches are effective in detecting privilege es ..."

Abstract - Cited by 202 (10 self) - Add to MetaCart

authentication.) Some of the common attack types reported today, such as SQL injection and cross-site scripting, involve such subversion of legitimate access privileges. In this paper, we present a new approach to strengthen policy enforcement by augmenting security policies with information about

Defeating Script Injection Attacks with Browser-Enforced Embedded Policies

by Trevor Jim - In WWW , 2007

"... Web sites that accept and display content such as wiki articles or comments typically filter the content to prevent injected script code from running in browsers that view the site. The diversity of browser rendering algorithms and the desire to allow rich content make filtering quite difficult, how ..."

Abstract - Cited by 117 (4 self) - Add to MetaCart

, however, and attacks such as the Samy and Yamanner worms have exploited filtering weaknesses. This paper proposes a simple alternative mechanism for preventing script injection called Browser-Enforced Embedded Policies (BEEP). The idea is that a web site can embed a policy in its pages that specifies

Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks

by Engin Kirda, Christopher Kruegel, Giovanni Vigna, Nenad Jovanovic , 2006

"... access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is embedded into web pages to support dynamic client-side behavior. This script code is executed in the contex ..."

Abstract - Cited by 113 (11 self) - Add to MetaCart

into downloading malicious JavaScript code from an intermediate, trusted site. In this case, the malicious script is granted full access to all resources (e.g., authentication tokens and cookies) that belong to the trusted site. Such attacks are called cross-site scripting (XSS) attacks.

Scripts

by Identification- Experimentation Gurumukhi, Rajneesh Rani, Renu Dhir, Gurpreet Singh Lehal

"... Script Identification is one of the challenging step in the Optical Character Recognition system for multi-script documents. In Indian and Non-Indian context some results have been reported, but research in this field is still emerging. This paper presents a research work in the identification of Gu ..."

Abstract - Add to MetaCart

into different zones of different sizes and then features from each of these zones are extracted in various directions using gabor filters. Script is then determined by using SVM classifier. The experimental tests carried out in the field of Gurmukhi and English Script recognition show that the proposed

Hunting Cross-Site Scripting Attacks in the Network

by Elias Athanasopoulos, Antonis Krithinakis, Evangelos P. Markatos

"... Cross-site Scripting (XSS) attacks in web applications are considered a major threat. In a yearly basis, large IT security vendors export statistics that highlight the need for designing and implementing more efficient countermeasures for securing modern web applications and web users. So far, all t ..."

Abstract - Cited by 1 (1 self) - Add to MetaCart

Cross-site Scripting (XSS) attacks in web applications are considered a major threat. In a yearly basis, large IT security vendors export statistics that highlight the need for designing and implementing more efficient countermeasures for securing modern web applications and web users. So far, all

SQLrand: Preventing SQL Injection Attacks

by Stephen W. Boyd, Angelos D. Keromytis - In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference , 2004

"... We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web frontend, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomizati ..."

Abstract - Cited by 125 (4 self) - Add to MetaCart

We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web frontend, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction

JavaScript instrumentation in practice

by Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, Igor Serikov , 2008

"... JavaScript has been exploited to launch various browser-based attacks. Our previous work proposed a theoretical framework applying policy-based code instrumentation to JavaScript. This paper further reports our experience carrying out the theory in practice. Specifically, we discuss how the instrum ..."

Abstract - Cited by 12 (0 self) - Add to MetaCart

JavaScript has been exploited to launch various browser-based attacks. Our previous work proposed a theoretical framework applying policy-based code instrumentation to JavaScript. This paper further reports our experience carrying out the theory in practice. Specifically, we discuss how

Results 11 - 20 of 7,666

Tools