Defense automatic malicious tools based on navigation behavior

Autor: Tsung-Che Wu, Kai-Yung Lin, Jan-Min Chen, Jin-Cherng Lin
Rok vydání: 2010
Předmět:
Zdroj: Journal of Discrete Mathematical Sciences and Cryptography. 13:17-27
ISSN: 2169-0065
0972-0529
DOI: 10.1080/09720529.2010.10698274
Popis: Nowadays the trend of the Web application attack is using various vulnerability scanners to find flaws before launching attacks. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Most of the web application security problems as use the CAPTCHA defend the system by identification if the traffic source is human or robots. In this paper, we describe our techniques for automatically identifying human-generated web action and separate it from Malicious Crawler action. The technology is similar with CAPTCHA and able to block Malicious Crawler readily, but it can precise identify the parameter to fill in by Malicious Crawler. The user can enter without any distorted images and prevent miscellaneous entering movements. Our experiments to distinguish ability show that 100% of human users and Malicious Crawler are with a maximum false positive rate of 0%. Such identification can help protect individual Web sites, reduce the abuse tools, or help identify compromised computer...
Databáze: OpenAIRE