An Auto-tuning Sanitizing System for Mitigating Injection Flaws
نویسنده
چکیده
Injection attacks are dangerous and ubiquitous, contributing enormously to some of the most elaborate Web hacks. Enforcing proper input validation is an effective countermeasure to improve injection flaws. Unless a web application has a strong, centralized mechanism for validating all input from HTTP requests, injection flaws are very likely to exist. However, improper constraining rules may induce some detection error. False negatives may render security risks and false positives will cause improper limits of input characters. In this paper, we design an auto-tuning system to help validating input for each vulnerable injection point. A proper validation rule can be automatically generated through an auto-tuning mechanism. The experimental results show that the system can effectively protect against injection attacks and lower false positives while compared with traditional methods.
منابع مشابه
An Automated Mechanism for Secure Input Handling
Numbers of the programs are poorly written, lacking even the most basic security procedures for handling input data from users. The input validation vulnerability can be detected by many tools but few tools can fix the flaws automatically. The security gateway can used to protect vulnerable Web sites immediately but it may induce false recognition through impersonal rule. By means of hybrid ana...
متن کاملApplication of an Additive Self-tuning Controller for Static Synchronous Series Compensator for Damping of Sub-synchronous Resonance Oscillations
In this paper, an additive self-tuning (ST) control scheme is presented for a static synchronous series compensator (SSSC) to improve performance of conventional PI control system for damping sub-synchronous resonance (SSR) oscillations. The active and reactve series compensation are provided by a three-level 24-pulse SSSC and fixed capacitor. The proposed ST controller consists of a pole shift...
متن کاملOffline Auto-Tuning of a PID Controller Using Extended Classifier System (XCS) Algorithm
Proportional + Integral + Derivative (PID) controllers are widely used in engineering applications such that more than half of the industrial controllers are PID controllers. There are many methods for tuning the PID parameters in the literature. In this paper an intelligent technique based on eXtended Classifier System (XCS) is presented to tune the PID controller parameters. The PID controlle...
متن کاملAuto-tuning PID Controller for Robotic Manipulators
This paper suggests an auto-tuning method of PID trajectory tracking controller for robotic manipulators. In general, the PID trajectory tracking controller for mechanical systems shows the performance limitation. Since the control system including performance limitation can not have equilibrium points, we define newly the quasi-equilibrium region as an alternative for equilibrium point. Also, ...
متن کاملBasic Issues in Identification Scheme of a Self-Tuning Power System Stabilizer
Power system stabilizers have been widely used and successfully implemented for the improvement of power system damping. However, a fixed parameter power system stabilizer tends to be sensitive to variations in generator dynamics so that, for operating conditions away from those used for design, the effectiveness of the stabilizer can be greatly impaired. With the advent of microprocessor techn...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 17 شماره
صفحات -
تاریخ انتشار 2015