Model of rules for malicious input parameters detection

dc.contributor.authorKorzhenevskyi, Oleksandr
dc.contributor.authorGraivoronskyi, Mykola
dc.date.accessioned2023-05-15T07:53:34Z
dc.date.available2023-05-15T07:53:34Z
dc.date.issued2022
dc.description.abstractThis article is devoted to detection of advanced techniques of malicious input parameter injections and web application firewall (WAF) bypass. The authors have proposed a hierarchical model for detection rules definition, which allows to edit different fragments separately. This model has been implemented with the usage of Backus-Naur form and ANTLR4 (generator of parsers and lexers). The solution has been tested using some popular web application scanners. The testing environment has been created with Python3. The results of research have been compared with the corresponding ones for the existing open source solution – libinjection. The main accent has been made to SQL injcetions and Cross-Site Scripting attacks.uk
dc.format.pagerangePp. 93-99uk
dc.identifier.citationKorzhenevskyi, O. Model of rules for malicious input parameters detection / Oleksandr Korzhenevskyi, Mykola Graivoronskyi // Theoretical and Applied Cybersecurity : scientific journal. – 2022. – Vol. 4, Iss. 1. – Pp. 93–99. – Bibliogr. 12 ref.uk
dc.identifier.doihttps://doi.org/10.20535/tacs.2664-29132022.1.274127
dc.identifier.urihttps://ela.kpi.ua/handle/123456789/55662
dc.language.isoenuk
dc.publisherIgor Sikorsky Kyiv Polytechnic Instituteuk
dc.publisher.placeKyivuk
dc.relation.ispartofTheoretical and Applied Cybersecurity: scientific journal, Vol. 4, No. 1uk
dc.subjectWeb application securityuk
dc.subjectweb application firewalluk
dc.subjectinjectionuk
dc.subjectattack detectionuk
dc.subjectBackus-Naur formuk
dc.subjectANTLR4uk
dc.subject.udc004.492.3uk
dc.titleModel of rules for malicious input parameters detectionuk
dc.typeArticleuk

Файли