Conference Papers
Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/28506
Browse
12 results
Search Results
Item Throttling DDoS attacks(2009) Gujjunoori, S.; Ali, T.A.; Babu J, B.J.; Avinash, D.; Mohandas, R.; Pais, A.R.Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client's CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.Item Throttling DDoS attacks(2009) Gujjunoori, S.; Ali, T.A.; Babu J, B.J.; Avinash, D.; Mohandas, R.; Pais, A.R.Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client's CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.Item Throttling DDoS attacks using discrete logarithm problem(2010) Darapureddi, A.; Mohandas, R.; Pais, A.R.Amongst all the security issues that the internet world is facing, Distributed Denial of Service attack (DDoS) receives special mention. In a typical DDoS attack, an attacker runs a malicious code on compromised systems to generate enormous number of requests to a single web server. The flood of incoming requests makes the victim web server resources to wear out completely within a short period of time; thereby causing denial of service to the legitimate users. In this paper we propose a solution to trim down the impact of DDoS attacks by throttling the client's CPU i.e., to make clients pay a stamp fee which is collected in terms of resource usage such as CPU cycles. Our proposed solution makes use of the discrete logarithm problem to generate the CPU stamps.Item Attacks on web services and mitigation schemes(2010) Patel, V.; Mohandas, R.; Pais, A.R.Web Services have become dependable platform for e-commerce and many B2B models. Extensive adaptation of Web Services has resulted in a bunch of standards such as WS-Security, WS-Trast etc. to support business and security requirements for the same. Majority of the web services are offered over Http with Simple Object Access Protocol (SOAP) as an underlying exchange infrastructure. This paper describes attacks targeted at Web Services such as XML injection, XSS injection, HTTP header manipulation, sending stale message and other protocol specific attacks. We have used XML Re-Writing mechanism to perform "timestamp modification attack" and WS-Trast, WS-SecureConversation protocols attack. Schemas stated in WSDL file may not be accurate enough to validate messages effectively; Schemas should reflect structure of all possible genuine requests. Hence, we have proposed a new self-adaptive schema hardening algorithm to obtain fine-tuned schema that can be used to validate SOAP messages more effectively. We have also proposed mitigation techniques to counter attacks using MIME/DIME attachments.Item Safeguarding web services using self-adaptive schema hardening algorithm(2011) Patel, V.; Mohandas, R.; Pais, A.R.Web Services in production often evolve over time due to changes in business and security requirements. Often various Web Service standards such as WS-Security, WS-Trust, WS-Routing etc. are introduced or revoked. Such changes alter the structure of an input message accepted by web services. Message validation mechanism becomes in-effective if schemas in use are not updated in line with aforementioned changes. Also, Web Services become prone to different attack vectors if the schemas are loosely defined. Here, we present algorithms that help fine tune schemas by the process of iterative deduction. Also, our work helps to identify patterns of attack vectors that demarcate themselves from genuine messages. Our adaptive schema refining algorithm classifies logged requests into set of schema classes based on a measure of similarity. This classification of messages in to schema classes enables us to tighten the schemas to prevent bad requests or expand the schemas to accommodate newer requests. © 2011 Springer-Verlag.Item A novel technique for defeating virtual keyboards - Exploiting insecure features of modern browsers(2011) Nadkarni, T.S.; Mohandas, R.; Pais, A.R.Advancement in technology is a necessity of time, but as new techniques are introduced, new security vulnerabilities are discovered and exploited in practice. In this paper we are presenting a new approach to defeat virtual keyboards using a new method for capturing parts of a browser screen. The page rendered in the browser is captured by using the canvas element provided by HTML5. We have specified the technical details of how this functionality is exploited and created a malicious extension for Mozilla Firefox browser. This extension captures screenshots of web pages rendered in the browser and sends them to a remote server. In addition, we have suggested mitigation strategies to prevent misuse of such browser functionalities. © 2011 Springer-Verlag.Item An in-depth analysis of the epitome of online stealth: Keyloggers; and their countermeasures(2011) Vishnani, K.; Pais, A.R.; Mohandas, R.Malware came into existence ever since the inception of the computers itself and its spread has been gaining momentum as a result of persistent success and evolution of the Internet. Cyber world has been noticing a shift in the goals of malware writers, which would only become more insidious with time. Currently the matter of great concern for Internet users is that of online stealth. In this paper we discuss in detail about the epitome of online stealth, the keyloggers; present an analysis of few well known anti-keyloggers; list a set of counter-measures for the users based on our analysis; and also present our approach for client side authentication to reduce the attack surface available to the hackers. © 2011 Springer-Verlag.Item Model based hybrid approach to prevent SQL injection attacks in PHP(2011) Sadalkar, K.; Mohandas, R.; Pais, A.R.SQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. © 2011 Springer-Verlag.Item IFrandbox - Client side protection from malicious injected iframes(2011) Nadkarni, T.S.; Mohandas, R.; Pais, A.R.Drive-by downloads are currently one of the most popular methods of malware distribution. Widely visited legitimate websites are infused with invisible or barely visible Iframes pointing to malicious URLs, causing silent download malware on users system. In this paper, we present a client side solution for protection from such malevolent hidden Iframes. We have implemented our solution as an extension to Mozilla Firefox browser. The extension will check every Iframe loaded in the browser for properties emblematic of malicious Iframes such as hidden visibility styles and 0-pixel dimensions. These Iframes are then blocked by using browser content policy mechanism, hence alleviating the possibility of the malicious download taking place. © 2011 Springer-Verlag.Item Detecting & defeating split personality malware(2011) Vishnani, K.; Pais, A.R.; Mohandas, R.Security analysts extensively use virtual machines to analyse sample programs and study them to determine if they contain any malware. In the process, if the malware destabilizes the guest OS, they simply discard it and load in a fresh image. This approach increases their productivity. Since naive users do not run virtual machines, malware authors have observed that it is a pretty good probability that their malware is being analysed if it is being run in a Virtual Machine (VM). When these analysis aware malware detect the presence of VMs, they behave in a benign manner thus escaping detection. A determined analyst will have to end up running the sample on a native machine that adds to his chase time. In this paper, we briefly discuss the techniques deployed to detect VM by the Analysis Aware Malware also known as the Split Personality Malware. We then introduce our tool that not only detects this category of malware but also fools it into believing that it is running on a native machine even when it is running on a virtualized one, forcing it to exhibit its malicious form. Most security analysts should find this tool really useful.