Posts

Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions

Modern websites include various types of third-party content such as JavaScript, images, stylesheets, and Flash objects in order to create interactive user interfaces. In addition to explicit inclusion of third-party content by website publishers, ISPs and browser extensions are hijacking web browsing sessions with increasing frequency to inject third-party content (e.g., ads). However, third-party content can also introduce security risks to users of these websites, unbeknownst to both website operators and users. Because of the often highly dynamic nature of these inclusions as well as the use of advanced cloaking techniques in contemporary malware, it is exceedingly difficult to preemptively recognize and block inclusions of malicious third-party content before it has the chance to attack the user’s system.

In this paper, we propose a novel approach to achieving the goal of preemptive blocking of malicious third-party content inclusion through an analysis of inclusion sequences on …

Alert Correlation Algorithms: A Survey and Taxonomy

Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. To reach these goals, many algorithms have been introduced in the world with many advantages and disadvantages.

In this paper, we are trying to present a comprehensive survey on already proposed alert correlation algorithms. The approach of this survey is mainly focused on algorithms in correlation engines which can work in enterprise and practical networks. Having this aim in mind, many features related to accuracy, functionality, and computation power are introduced and all algorithm categories are assessed with these features. The result of this survey shows that each category of algorithms has its own strengths and an ideal correlation frameworks should be carried the strength feature of each category.

A Comprehensive Approach to Abusing Locality in Shared Web Hosting Servers

With the growing of network technology along with the need of human for social interaction, using websites nowadays becomes critically important which leads in the increasing number of websites and servers. One popular solution for managing these large numbers of websites is using shared web hosting servers in order to decrease the overall cost of server maintenance. Despite affordability, this solution is insecure and risky according to high amount of reported defaces and attacks during recent years.

In this paper, we introduce top ten most common attacks in shared web hosting servers which can occur because of the nature and bad configuration in these servers. Moreover, we present several simple scenarios that are capable of penetrating these kinds of servers even with the existence of several securing mechanisms. Finally, we provide a comprehensive secure configuration for confronting these attacks.
With the growing of network technology along with the need of human for social inter…

Comparison of Routing Protocols in Mobile Ad-Hoc Wireless Networks

Routing protocols for Mobile Ad-Hoc Wireless Networks are faced with challenges such as sequential topology variation, low transmission power and asymmetric connections. It has been proved that both proactive and reactive protocols are non-functional with these conditions. Zone Routing Protocol (ZRP) blends the proactive and reactive protocols benefits and the zone topology plan for each node is kept in it timely.

In this work, the zone routing protocol is implemented and compared with proactive and reactive protocols which the experiment results are presented.
Routing protocols for Mobile Ad-Hoc Wireless Networks are faced with challenges such as sequential topology variation, low transmission power and asymmetric connections. It has been proved that both proactive and reactive protocols are non-functional with these conditions. Zone Routing Protocol (ZRP) blends the proactive and reactive protocols benefits and the zone topology plan for each node is kept in it timely.

In this work, t…

Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers

Shared Web Hosting service enables hosting multitude of websites on a single powerful server. It is a well-known solution as many people share the overall cost of server maintenance and also, website owners do not need to deal with administration issues is not necessary for website owners.

In this paper, we illustrate how shared web hosting service works and demonstrate the security weaknesses rise due to the lack of proper isolation between different websites, hosted on the same server. We exhibit two new server-side attacks against the log file whose objectives are revealing information of other hosted websites which are considered to be private and arranging other complex attacks. In the absence of isolated log files among websites, an attacker controlling a website can inspect and manipulate contents of the log file. These attacks enable an attacker to disclose file and directory structure of other websites and launch other sorts of attacks. Finally, we propose several countermeas…

Performance Evaluation of Shared Hosting Security Methods

Shared hosting is a kind of web hosting in which multiple websites reside on one webserver. It is cost-effective and makes the administration easier for websites' owners. However, shared hosting has some performance and security issues. In default shared hosting configuration, all websites’ scripts are executed under the webserver’s user account regardless of their owners. Therefore, a website is able to access other websites’ resources. This security problem arises from lack of proper isolation between different websites hosted on the same webserver.

In this survey, we have examined different methods for handling mentioned security issue. Also we evaluated the performance of mentioned methods. Finally, we evaluated performance of these methods with various configurations.
Shared hosting is a kind of web hosting in which multiple websites reside on one webserver. It is cost-effective and makes the administration easier for websites' owners. However, shared hosting has some pe…

An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets

Botnets (networks of compromised computers) are often used for malicious activities such as spam, click fraud, identity theft, phishing, and distributed denial of service (DDoS) attacks. Most of previous researches have introduced fully or partially signature-based botnet detection approaches.

In this paper, we propose a fully anomaly-based approach that requires no a priori knowledge of bot signatures, botnet C&C protocols, and C&C server addresses. We start from inherent characteristics of botnets. Bots connect to the C&C channel and execute the received commands. Bots belonging to the same botnet receive the same commands that causes them having similar netflows characteristics and performing same attacks. Our method clusters bots with similar netflows and attacks in different time windows and perform correlation to identify bot infected hosts. We have developed a prototype system and evaluated it with real-world traces including normal traffic and several real-world b…