Downloads: 103 | Views: 224

Survey Paper | Computer Science & Engineering | India | Volume 3 Issue 5, May 2014

A Survey On XML-Injection Attack Detection Systems

Swati Ramesh Kesharwani | Aarti Deshpande ^[2]

Abstract: Web services are increasingly used as distributed systems on the Internet; they provide a standard means of interoperation among different software applications running on a variety of platforms and frameworks. However; the underlying technologies used by Web services; such as SOAP; HTTP; and XML; have fostered the deployment of well-known vulnerabilities in this new environment. This system specifically addresses XML injection attacks those that produce some change in the XMLs internal components that aims to compromise the Web service application. This can be achieved by; for instance; injecting malicious content into an XML message; such as invalid XML characters. The classical detection system approach relies on building a signature-based database; cataloging attacks independently from each other. So; the proposed system is an XML injection strategy-based detection system; XHDS; to mitigate the time gap for 0-day attacks resulting from ontologys attack variations. Because many new and unknown attacks are derived from known strategiesconsidered signatureslow false-positive detection rates should occur. This project present XHDS as a hybrid approach that supports knowledge-based detection derived from a signature-based approach and then apply an ontology to design the knowledge database for XML injection attacks against Web services.

Keywords: Signature-based detection systems, Knowledge-based detection techniques, Web services, Ontology, XML Injection

Edition: Volume 3 Issue 5, May 2014,

Pages: 1628 - 1631