CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Attack Detection and Security in Remote Code Execution

by Manish Sharma, Shivkumar Singh Tomar
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 114 - Number 14
Year of Publication: 2015
Authors: Manish Sharma, Shivkumar Singh Tomar
10.5120/20045-1475

Manish Sharma, Shivkumar Singh Tomar . Attack Detection and Security in Remote Code Execution. International Journal of Computer Applications. 114, 14 ( March 2015), 9-15. DOI=10.5120/20045-1475

@article{ 10.5120/20045-1475,
author = { Manish Sharma, Shivkumar Singh Tomar },
title = { Attack Detection and Security in Remote Code Execution },
journal = { International Journal of Computer Applications },
issue_date = { March 2015 },
volume = { 114 },
number = { 14 },
month = { March },
year = { 2015 },
issn = { 0975-8887 },
pages = { 9-15 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume114/number14/20045-1475/ },
doi = { 10.5120/20045-1475 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:52:46.309010+05:30
%A Manish Sharma
%A Shivkumar Singh Tomar
%T Attack Detection and Security in Remote Code Execution
%J International Journal of Computer Applications
%@ 0975-8887
%V 114
%N 14
%P 9-15
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The communication system today mostly relies on the World Wide Web. It is also the most convenient way and easier accessing to both the parties within few seconds. This is the one phase which is the brightest way of remote communication the other phase is the data is on the risk. Because the attackers are waiting for the code execution and by the several means the data might be attacked. So attack detection and considering security is the major concern now days. In this paper we have implemented an advanced security system by using advanced Rivest Cipher (RC) mechanism. A detection mechanism with the help of bengin tag is also implemented to achieve the malicious detection. There is a provision of data existence check also so that the data will be identified timely. The results shown by our methodology have the improving detection approach in terms of security and data existence. For this JSP and HTML based framework are used.

References
  1. Anton Barua, Hossain Shahriar, and Mohammad Zulkernine, "Server Side Detection of Content Sniffing Attacks", 2011 22nd IEEE International Symposium on Software Reliability Engineering.
  2. Richard Sharp and David Scott," Abstracting Application Level Web Security," In Proceedings of the 11th ACM International World Wide Web Conference (WWW 2002), May 7-11, 2002.
  3. Peter wurzinger, Christian Platzer, Christian Ludl, and Christopher Kruegel," SWAP: Mitigating XSS Attacks using a Reverse Proxy," In proceedings of the 2009 ICSE Workshop on Software Engineering for secure systems,pp. 33-39,2009.
  4. Syed Imran Ahmed Qadri, Prof. Kiran Pandey, "Tag Based Client Side Detection of Content Sniffing Attacks with File Encryption and File Splitter Technique", International Journal of Advanced Computer Research (IJACR), Volume-2, Number-3, Issue-5, September-2012.
  5. Animesh Dubey, Ravindra Gupta, Gajendra Singh Chandel," An Efficient Partition Technique to reduce the Attack Detection Time with Web based Text and PDF files", International Journal of Advanced Computer Research (IJACR),Volume-3 Number-1 Issue-9 March-2013.
  6. Gupta, Saket. "Secure and Automated Communication in Client and Server Environment. " International Journal of Advanced Computer Research (IJACR), Volume-3, Number-4, Issue-13, December-2013.
  7. Engin Kirda, Nenad Jovanovic, Christopher Kruegel and Giovanni Vigna,"Client-Side Cross-Site Scripting Protection," ScienceDirect Trans. computer and security ,pp. 184-197,2009.
  8. Nao Ikemiya and Noriko Hanakawa, "A New Web Browser Including A Transferable Function to Ajax Codes", In Proceedings of 21st IEEE/ACM International Conference on Automated Software Engineering (ASE '06), Tokyo, Japan, pp. 351-352, September 2006.
  9. Kiezun, Adam, Vijay Ganesh, Philip J. Guo, Pieter Hooimeijer, and Michael D. Ernst. "HAMPI: a solver for string constraints. " In Proceedings of the eighteenth international symposium on Software testing and analysis, pp. 105-116. ACM, 2009.
  10. Savitha Raj. S, Merlin Sharmila. A, Poorinima Beneta. P, " Hybrid Cryptographic Processor for Secure Communication Using FPGA", International Journal of Advanced Computer Research (IJACR), Volume-3, Issue-13, December-2013 ,pp. 319-324. .
  11. Tateishi, Takaaki, Marco Pistoia, and Omer Tripp. "Path-and index-sensitive string analysis based on monadic second-order logic. " ACM Transactions on Software Engineering and Methodology (TOSEM) 22, no. 4 (2013): 33.
  12. Yu, Fang, Muath Alkhalaf, and Tevfik Bultan. "Patching vulnerabilities with sanitization synthesis. " In Proceedings of the 33rd International Conference on Software Engineering, pp. 251-260. ACM, 2011.
  13. Yu, Fang, Tevfik Bultan, and Ben Hardekopf. "String abstractions for string verification. " In Model Checking Software, pp. 20-37. Springer Berlin Heidelberg, 2011.
  14. Zheng, Yunhui, and Xiangyu Zhang. "Static detection of resource contention problems in server-side scripts. " In Proceedings of the 34th International Conference on Software Engineering, pp. 584-594. IEEE Press, 2012.
  15. Prabal Banerjee, Purnendu Mukherjee, Asoke Nath, " Modified Multi Way Feedback Encryption Standard (MWFES) Ver-I ", International Journal of Advanced Computer Research (IJACR), Volume-3, Issue-13, December-2013, pp. 344-351.
  16. Manju Kaushik, Gazal Ojha, "Attack Penetration System for SQL Injection", International Journal of Advanced Computer Research (IJACR), Volume-4, Issue-15, June-2014, pp. 724-732.
  17. Saxena, Prateek, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, and Dawn Song. "A symbolic execution framework for javascript. " In Security and Privacy (SP), 2010 IEEE Symposium on, pp. 513-528. IEEE, 2010.
  18. Urmi Chhajed, Ajay Kumar, "Detecting Cross-Site Scripting Vulnerability and performance comparison using C-Time and E-Time", International Journal of Advanced Computer Research (IJACR), Volume-4, Issue-15, June-2014, pp. 733-740.
  19. Bjørner, Nikolaj, Nikolai Tillmann, and Andrei Voronkov. "Path feasibility analysis for string-manipulating programs. " In Tools and Algorithms for the Construction and Analysis of Systems, pp. 307-321. Springer Berlin Heidelberg, 2009.
  20. Ofuonye, E. ; Miller, J. , "Resolving JavaScript Vulnerabilities in the Browser Runtime," Software Reliability Engineering, 2008. ISSRE 2008. 19th International Symposium on, vol. , no. , pp. 57, 66, 10-14 Nov. 2008.
  21. Fadlullah, Z. M. ; Taleb, T. ; Vasilakos, A. V. ; Guizani, M. ; Kato, N. , "DTRAB: Combating Against Attacks on Encrypted Protocols Through Traffic-Feature Analysis," Networking, IEEE/ACM Transactions on, vol. 18, no. 4, pp. 1234,1247, Aug. 2010.
  22. Mathur, S. ; Trappe, W. , "BIT-TRAPS: Building Information-Theoretic Traffic Privacy into Packet Streams," Information Forensics and Security, IEEE Transactions on, vol. 6, no. 3, pp. 752, 762, Sept. 2011.
  23. Qurashi, U. S. ; Anwar, Z. , "AJAX based attacks: Exploiting Web 2. 0," Emerging Technologies (ICET), 2012 International Conference on , vol. , no. , pp. 1,6, 8-9 Oct. 2012.
  24. Beekhof, F. ; Voloshynovskiy, S. ; Farhadzadeh, F. , "Content authentication and identification under informed attacks," Information Forensics and Security (WIFS), 2012 IEEE International Workshop on , vol. , no. , pp. 133,138, 2-5 Dec. 2012.
  25. Prem, M. V. ; Swamynathan, S. , "Securing mobile agent and its platform from passive attack of malicious mobile agents," Advances in Engineering, Science and Management (ICAESM), 2012 International Conference on , pp. 605,609, 30-31 March 2012.
  26. Jagnere, P. , "Vulnerabilities in social networking sites," Parallel Distributed and Grid Computing (PDGC), 2012 2nd IEEE International Conference on, pp. 463, 468, 6-8 Dec. 2012.
  27. Nagarjun, P. M. D. ; Kumar, V. A. ; Kumar, C. A. ; Ravi, A. , "Simulation and analysis of RTS/CTS DoS attack variants in 802. 11 networks," Pattern Recognition, Informatics and Mobile Engineering (PRIME), 2013 International Conference on , vol. , no. , pp. 258,263, 21-22 Feb. 2013
  28. Seungoh Choi, Kwangsoo Kim, Seongmin Kim, and Byeong-hee Roh," Threat of DoS by Interest Flooding Attack in Content-Centric Networking" IEEE 2013.
  29. Ruse, M. E. ; Basu, S. , "Detecting Cross-Site Scripting Vulnerability Using Concolic Testing," Information Technology: New Generations (ITNG), 2013 Tenth International Conference on , vol. , no. , pp. 633,638, 15-17 April 2013.
  30. Zheng, Yunhui, and Xiangyu Zhang. "Path sensitive static analysis of web applications for remote code execution vulnerability detection. " In Proceedings of the 2013 International Conference on Software Engineering, pp. 652-661. IEEE Press, 2013.
  31. Rivest, R. L. , Robshaw, M. J. B. , Sidney, R. , & Yin, Y. L (1998a). "The RC6 Block Cipher. " URL: ftp://ftp. rsasecurity. com/pub/rsalabs/rc6/rc6v11. pdf
  32. Namrata Shukla, "Data Mining based Result Analysis of Document Fraud Detection", International Journal of Advanced Technology and Engineering Exploration (IJATEE), Volume-1, Issue-1, December-2014, pp. 21-25.
  33. Bhupendra Singh Thakur, Sapna Chaudhary, " Content Sniffing Attack Detection in Client and Server Side: A Survey ", International Journal of Advanced Computer Research (IJACR), Volume-3, Issue-10, June-2013, pp. 7-10.
  34. Subrata Kumar Das, Md. Alam Hossain, Md. Arifuzzaman Sardar, Ramen Kumar Biswas, Prolath Dev Nath, " Performance Analysis of Client Side Encryption Tools " , International Journal of Advanced Computer Research (IJACR), Volume-4, Issue-16, September-2014 ,pp. 888-897.
Index Terms

Computer Science
Information Sciences

Keywords

Remote Code Execution (RCE) Vulnerability JSP HTML RC.

Powered by PhDFocusTM