Skip to main content
SpringerLink
Log in

CSES: Cuckoo Search Based Exploratory Scale to Defend Input-Type Validation Vulnerabilities of HTTP Requests

  • Conference paper
  • First Online:
Proceedings of the Second International Conference on Computational Intelligence and Informatics

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 712))

Abstract

Web application servers are prone to attacks that are more vulnerable and thousands of security breaches that are taking place everyday. Predominantly, the hackers to breach the web application systems security use the method of SQL injections and XSS models. IDS systems play a pivotal role in identifying the intrusions and alerting about the attacks. Despite that, there are numerous models of IDS systems in place; one of the commonly approached systems is the syntax analyzers. However, the limitations in terms of programming language dependency and the related issues drop the performance levels of syntax analyzer based strategies. To ensure the right kind of http request vulnerabilities, detection methods are in place; the Cuckoo Search based Exploratory Scale (CSES) to defend input-type validation vulnerabilities of HTTP requests is proposed here in this paper. The key objective of CSES is to magnify the speed and accuracy of input-type validation of web applications. The programming language dependency and server level process overhead issues do not impact the performance of CSES. In addition, the other key benefit of CSES model is optimal speed in search related to vulnerability scope detection. The experimental studies that are carried out on a dataset that contains the records prone to cross-site scripting, SQL injection alongside the normal records, depict better performance of the model, when compared to the other benchmarking model of DEKANT. CSES model has delivered improved accuracy levels in identifying the attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. D. Balzarotti et al., “Saner: composing static and dynamic analysis to validate sanitization in web applications,” Proc. IEEE Symposium on Security and Privacy, pp. 387–401, 2008

    Google Scholar 

  2. X. Fu and C.-C. Li, “A string constraint solver for detecting web application vulnerability,” Proc. International Conference on Software Engineering and Knowledge Engineering, pp. 535–542, 2010

    Google Scholar 

  3. M. Martin and M.S. Lam, “Automatic generation of XSS and SQL injection attacks with goal-directed model checking,” Proc. USENIX Security Symposium, pp. 31–43, 2008

    Google Scholar 

  4. K.-K. Ma, K. Y. Phang, J.S. Foster, and M. Hicks. “Directed Symbolic Execution,” Proc. International Conference on Static Analysis, pp. 95–111, 2011

    Google Scholar 

  5. Y. Shin, A. Meneely, L. Williams, and J.A. Osborne, “Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities,” IEEE Transactions on Software Engineering, vol. 37, no. 6, pp. 772–787, 2011

    Article  Google Scholar 

  6. Rager, Anton. “XSSProxy’.” (2005); http://xss-proxy.sourceforge.net/

  7. Larouche, Francois. “SQL Power Injector.” (2011); http://www.sqlpowerinjector.com

  8. Powers, David Martin. “Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation.” (2011).

    Google Scholar 

  9. Jovanovic, N., Kruegel, C., Kirda, E.: Precise alias analysis for static detection of web application vulnerabilities. In: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security. pp. 27–36 (Jun 2006)

    Google Scholar 

  10. Nunes, P., Fonseca, J., Vieira, M.: phpSAFE: A security analysis tool for OOP web application plugins. In: Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (Jun 2015)

    Google Scholar 

  11. Son, S., Shmatikov, V.: SAFERPHP: Finding semantic vulnerabilities in PHP applications. In: Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security (2011)

    Google Scholar 

  12. Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy. pp. 590–604 (May 2014)

    Google Scholar 

  13. Medeiros, I., Neves, N.F., Correia, M.: Detecting and removing web application vulnerabilities with static analysis and data mining. IEEE Transactions on Reliability 65(1), 54–69 (March 2016)

    Article  Google Scholar 

  14. Medeiros, I., Neves, N.F., Correia, M.: Equipping WAP with weapons to detect vulnerabilities. In: Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2016)

    Google Scholar 

  15. Arisholm, E., Briand, L.C., Johannessen, E.B.: A systematic and comprehensive investigation of methods to build and evaluate fault prediction models. Journal of Systems and Software 83(1), 2–17 (2010)

    Article  Google Scholar 

  16. Neuhaus, S., Zimmermann, T., Holler, C., Zeller, A.: Predicting vulnerable software components. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. pp. 529–540 (2007)

    Google Scholar 

  17. Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Transactions on Software Engineering 37(6), 772–787 (2011)

    Article  Google Scholar 

  18. Perl, H., Dechand, S., Smith, M., Arp, D., Yamaguchi, F., Rieck, K., Fahl, S., Acar, Y.: VCC Finder: Finding potential vulnerabilities in open-source projects to assist code audits. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. pp. 426–437. CCS ‘15 (Oct 2015)

    Google Scholar 

  19. Shar, L.K., Tan, H.B.K.: Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities. In: Proceedings of the 34th International Conference on Software Engineering. pp. 1293–1296 (2012)

    Google Scholar 

  20. Shar, L.K., Tan, H.B.K.: Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering. pp. 310–313 (2012)

    Google Scholar 

  21. Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann, 3rd edn. (2011)

    Chapter  Google Scholar 

  22. Shar, L.K., Tan, H.B.K., Briand, L.C.: Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: Proceedings of the 35th International Conference on Software Engineering. pp. 642–651 (2013)

    Google Scholar 

  23. Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: Exposing missing checks in source code for vulnerability discovery. In: Proceedings of the 20th ACM SIGSAC Conference on Computer Communications Security. pp. 499–510 (Nov 2013)

    Google Scholar 

  24. Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Transactions on Software Engineering 40(10), 993–1006 (2014)

    Article  Google Scholar 

  25. Medeiros, Ibéria, Nuno Neves, and Miguel Correia. “DEKANT: a static analysis tool that learns to detect web application vulnerabilities.” Proceedings of the 25th International Symposium on Software Testing and Analysis. ACM, 2016

    Google Scholar 

  26. Baik, Nam-Kyun, et al. “Analysis and design of an intrusion tolerance node for application in traffic shaping.” Control, Automation and Systems, 2008. ICCAS 2008. International Conference on. IEEE, 2008

    Google Scholar 

  27. Garg, Aman, and AL Narasimha Reddy. “Mitigation of DoS attacks through QoS regulation.” Microprocessors and Microsystems 28.10 (2004): 521–530

    Article  Google Scholar 

  28. Ranjan, Supranamaya, et al. “DDoS-shield: DDoS-resilient scheduling to counter application layer attacks.” IEEE/ACM Transactions on Networking (TON) 17.1 (2009): 26–39

    Article  Google Scholar 

  29. Das, Debasish, Utpal Sharma, and D. K. Bhattacharyya. “Detection of HTTP flooding attacks in multiple scenarios.” Proceedings of the 2011 International Conference on Communication, Computing & Security. ACM, 2011

    Google Scholar 

  30. Jech, Thomas. Set theory. Springer Science & Business Media, 2013

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CSE, K.I.T.S, Warangal, Telangana, India

    S. Venkatramulu

  2. SR Engineering College, Department of CSE, Warangal, Telangana, India

    C. V. Guru Rao

Authors
  1. S. Venkatramulu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. V. Guru Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Venkatramulu .

Editor information

Editors and Affiliations

  1. Department of Electronics and Communication Engineering, Shri Ramswaroop Memorial Group of Professional Colleges, Lucknow, Uttar Pradesh, India

    Vikrant Bhateja

  2. Departamento de Engenharia Mecânica, Universidade do Porto, Porto, Portugal

    João Manuel R.S. Tavares

  3. Department of Computer Science and Engineering, JNTUH College of Engineering Hyderabad (Autonomous), Hyderabad, Telangana, India

    B. Padmaja Rani

  4. Department of Computer Science and Engineering, JNTUH College of Engineering Hyderabad (Autonomous), Hyderabad, Telangana, India

    V. Kamakshi Prasad

  5. CMR Technical Campus, Hyderabad, Telangana, India

    K. Srujan Raju

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Venkatramulu, S., Guru Rao, C.V. (2018). CSES: Cuckoo Search Based Exploratory Scale to Defend Input-Type Validation Vulnerabilities of HTTP Requests. In: Bhateja, V., Tavares, J., Rani, B., Prasad, V., Raju, K. (eds) Proceedings of the Second International Conference on Computational Intelligence and Informatics . Advances in Intelligent Systems and Computing, vol 712. Springer, Singapore. https://doi.org/10.1007/978-981-10-8228-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-8228-3_23

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-8227-6

  • Online ISBN: 978-981-10-8228-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation