Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint r...Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.展开更多
Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. It...Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. Itis widely used in attacks against web applications. In contrast to traditionalfile-based webshells, fileless webshells leave no traces on the hard drive, whichmeans they are invisible to most antivirus software. To make matters worse,although there are some studies on fileless webshells, almost all of themare aimed at web applications developed in the PHP language. The complexmechanism of Java makes researchers face more challenges. To mitigate thisattack, this paper proposes JShellDetector, a fileless webshell detector forJava web applications based on program analysis. JShellDetector uses methodprobes to capture dynamic characteristics of web applications in the JavaVirtual Machine (JVM). When a suspicious class tries to call a specificsensitive method, JShellDetector catches it and converts it from the JVMto a bytecode file. Then, JShellDetector builds a Jimple-based control flowgraph and processes it using taint analysis techniques. A suspicious classis considered malicious if there is a valid path from sources to sinks. Todemonstrate the effectiveness of the proposed approach, we manually collect35 test cases (all open source on GitHub) and test JShellDetector and onlytwo other Java fileless webshell detection tools. The experimental results showthat the detection rate of JShellDetector reaches 77.1%, which is about 11%higher than the other two tools.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data ...This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.展开更多
基金supported in part by the National Science Foundation of China under Grants U22B2027,62172297,62102262,61902276 and 62272311,Tianjin Intelligent Manufacturing Special Fund Project under Grant 20211097the China Guangxi Science and Technology Plan Project(Guangxi Science and Technology Base and Talent Special Project)under Grant AD23026096(Application Number 2022AC20001)+1 种基金Hainan Provincial Natural Science Foundation of China under Grant 622RC616CCF-Nsfocus Kunpeng Fund Project under Grant CCF-NSFOCUS202207.
文摘Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.
基金supported by the National Natural Science Foundation of China under Grant Number 62001055.
文摘Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. Itis widely used in attacks against web applications. In contrast to traditionalfile-based webshells, fileless webshells leave no traces on the hard drive, whichmeans they are invisible to most antivirus software. To make matters worse,although there are some studies on fileless webshells, almost all of themare aimed at web applications developed in the PHP language. The complexmechanism of Java makes researchers face more challenges. To mitigate thisattack, this paper proposes JShellDetector, a fileless webshell detector forJava web applications based on program analysis. JShellDetector uses methodprobes to capture dynamic characteristics of web applications in the JavaVirtual Machine (JVM). When a suspicious class tries to call a specificsensitive method, JShellDetector catches it and converts it from the JVMto a bytecode file. Then, JShellDetector builds a Jimple-based control flowgraph and processes it using taint analysis techniques. A suspicious classis considered malicious if there is a valid path from sources to sinks. Todemonstrate the effectiveness of the proposed approach, we manually collect35 test cases (all open source on GitHub) and test JShellDetector and onlytwo other Java fileless webshell detection tools. The experimental results showthat the detection rate of JShellDetector reaches 77.1%, which is about 11%higher than the other two tools.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.