Читать книгу Artificial Intelligence and Data Mining Approaches in Security Frameworks - Группа авторов - Страница 38

Following are the types of code injection attacks:

1 i) SQL Injection

2 ii) HTML Script Injection

3 iii) Object Injection

4 iv) Remote File Injection

5 v) Code Reuse Attacks (CRAs).

1 SQL Injection: It can be defined as a technique by which SQL syntax can be used to input commands for reading, alteration or modification of a database.For example, there is a field on a web page regarding authentication for user password. Generally, we use script code for this. This script code will generate a SQL query so that matching password entered against the list of user names could be verified: SELECT User List. Username FROM User List WHERE User List. Password = ‘Password’

2 HTML Script Injection: Malicious code can be injected by an attacker with the help of tags. Thus, location property of the document would be changed by setting it to an injected script.

3 Object Injection: Hypertext pre-processor (PHP) is used for serialization and deserialization of objects. With the help of object injection, existing classes in the program can be modified and malicious attacks can be executed if an untrustworthy input is allowed into the deserialization function.

4 Remote File Injection: To cause the intended destruction, remote infected file name could be provided by attackers by alter the path command of the script file as the path.

5 Code Reuse Attacks: Code reuse attacks (CRAs) are recent development in security. They occur when an attacker expresses the flow of control through a previously existing code. By using this, attackers are allowed to execute random code on a compromised machine. These are return-oriented and jump-oriented programming approaches. They can reclaim library code fragments. The Return Into Lib C (RILC) is a type of code-reuse attack where the stack is compromised and the control is transferred to the beginning of an existing library function such as mprotect() to create a memory region that allows both write and execution operations on it to bypass W+X (Bhatkar et al., 2005). To overcome such attacks, we use data mining techniques. When the source code is checked to reveal any such fault and for this the instructions are classified as malicious. Some of the classification algorithms that can be used in this Regard are Logistic Regression, Bayesian, Support Vector Machine and Decision Tree.