Open Access Open Access  Restricted Access Subscription Access

A Survey of Network-Based Security Attacks


Affiliations
1 Department of Computing and Information Technology The University of the West Indies, Trinidad and Tobago
 

Cross Site Scripting, SQL Injection, Denial of Service (DOS), Buffer Overflow and Password Cracking are current network-based security attacks that still looms on the Internet. Though these attacks have been around for decades and there exist protective mechanism for overcoming them they are still relevant today. In this paper we describe the basic workings of these attacks and outline how companies and individuals can mitigate these attacks. By taking the necessary precautions the severity of these attacks can be diminished.

Keywords

Cross Site Scripting, SQL Injection, Denial of Service (DOS), Buffer Overflow, Password Cracking, Security Attacks, Internet.
User
Notifications
Font Size

  • Aggarwal, Sudhir, Shiva Houshmand, and Matt Weir. "New Technologies in Password Cracking Techniques." In Cyber Security: Power and Technology, pp. 179-198. Springer, Cham, 2018.
  • Ambrosin, Moreno, Mauro Conti, Fabio De Gaspari, and Nishanth Devarajan. "Amplified distributed denial of service attack in software defined networking." In New Technologies, Mobility and Security (NTMS), 2016 8th IFIP International Conference on, pp. 1-4. IEEE, 2016.
  • Andoni, Alexandr, and Piotr Indyk. "Near-optimal hashing algorithms for approximate nearest neighbor in high dimensions." In Foundations of Computer Science, 2006. FOCS'06. 47th Annual IEEE Symposium on, pp. 459-468. IEEE, 2006.
  • Barford, Paul, and Vinod Yegneswaran. "An inside look at botnets." In Malware detection, pp. 171-191. Springer, Boston, MA, 2007.
  • Beck, Leland L. System software: an introduction to systems programming. Addison-Wesley, 1997.
  • Bouwman, Peter, and Hans de Bruin. "Talktalk." In Object-oriented and mixed programming paradigms, pp. 125-141. Springer, Berlin, Heidelberg, 1996.
  • Chang, Rocky KC. "Defending against flooding-based distributed denial-of-service attacks: a tutorial." IEEE communications magazine 40, no. 10 (2002): 42-51.
  • Clarke-Salt, Justin. SQL injection attacks and defense. Elsevier, 2009.
  • Cohen, David M., Siddhartha R. Dalal, Jesse Parelius, and Gardner C. Patton. "The combinatorial design approach to automatic test generation." IEEE software 13, no. 5 (1996): 83-88.
  • Crockford, Douglas. The application/json media type for javascript object notation (json). No. RFC 4627. 2006.
  • Date, Chris J., and Hugh Darwen. A Guide To Sql Standard. Vol. 3. Reading, MA: Addison-Wesley, 1997.
  • Dittrich, David. "The ‘stacheldraht’distributed denial of service attack tool." (1999).
  • Flanagan, David. JavaScript: the definitive guide. " O'Reilly Media, Inc.", 2006.
  • Forouzan, Behrouz A., and Sophia Chung Fegan. TCP/IP protocol suite. McGraw-Hill Higher Education, 2002.
  • Frakes, William Bruce, and Ricardo Baeza-Yates, eds. Information retrieval: Data structures & algorithms. Vol. 331. Englewood Cliffs, NJ: prentice Hall, 1992.
  • Goode, Bur. "Voice over internet protocol (VoIP)." Proceedings of the IEEE 90, no. 9 (2002): 1495-1517.
  • Graham, Ian S. The HTML sourcebook. John Wiley & Sons, Inc., 1995.
  • Grembowski, Tim, Roar Lien, Kris Gaj, Nghi Nguyen, Peter Bellows, Jaroslav Flidr, Tom Lehman, and Brian Schott. "Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512." In International Conference on Information Security, pp. 75-89. Springer, Berlin, Heidelberg, 2002.
  • Guidorizzi, Richard P. "Security: active authentication." IT Professional 15, no. 4 (2013): 4-7.
  • Halfond, William G., Jeremy Viegas, and Alessandro Orso. "A classification of SQL-injection attacks and countermeasures." In Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1, pp. 13-15. IEEE, 2006.
  • Håstad, Johan, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. "A pseudorandom generator from any one-way function." SIAM Journal on Computing 28, no. 4 (1999): 1364-1396.
  • Jarecki, Stanisław, and Xiaomin Liu. "Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection." In Theory of Cryptography Conference, pp. 577-594. Springer, Berlin, Heidelberg, 2009.
  • Jarke, Matthias, and Jurgen Koch. "Query optimization in database systems." ACM Computing surveys (CsUR) 16, no. 2 (1984): 111-152.
  • Khovratovich, Dmitry, Christian Rechberger, and Alexandra Savelieva. "Bicliques for preimages: attacks on Skein-512 and the SHA-2 family." In Fast Software Encryption, pp. 244-263. Springer, Berlin, Heidelberg, 2012.
  • Liu, Zhi-Ying, and Cheng-Rong Zhu. "Comparison of approaches to data security implementation based on PHP [J]." Computer Engineering and Design 19, no. 011 (2009).
  • Llewellyn-Jones, David, and Graham Rymer. "Cracking PwdHash: A Brute-force Attack on Clientside Password Hashing." In Proceeding of 11th International Conference on Passwords (Passwords16 Bochum). 2016.
  • Love, Robert. Linux Kernel Development (Novell Press). Novell Press, 2005.
  • Luby, Michael, and Charles Rackoff. "How to construct pseudorandom permutations from pseudorandom functions." SIAM Journal on Computing 17, no. 2 (1988): 373-386.
  • Madhura, P. M., Palash Jain, and Harini Shankar. "NFC-Based Secure Mobile Healthcare System." International Journal of Advanced Networking & Applications (IJANA) (2014): 0975-0282.
  • Mereani, Fawaz A., and Jacob M. Howe. "Detecting Cross-Site Scripting Attacks Using Machine Learning." In International Conference on Advanced Machine Learning Technologies and Applications, pp. 200-210. Springer, Cham, 2018.
  • Mills, David L. "Internet time synchronization: the network time protocol." IEEE Transactions on communications 39, no. 10 (1991): 1482-1493.
  • Mills, David. Network Time Protocol (Version 3) specification, implementation and analysis. No. RFC 1305. 1992.
  • Mills, David. Network time protocol. RFC 958, M/A-COM Linkabit, 1985.
  • Özsu, M. Tamer, and Patrick Valduriez. Principles of distributed database systems. Springer Science & Business Media, 2011.
  • Patarin, Jacques. "How to construct pseudorandom and super pseudorandom permutations from one single pseudorandom function." In Workshop on the Theory and Application of of Cryptographic Techniques, pp. 256-266. Springer, Berlin, Heidelberg, 1992.
  • Pollack, Edward. "Protecting Against SQL Injection." In Dynamic SQL, pp. 31-60. Apress, Berkeley, CA, 2019.
  • Postel, Jon. User datagram protocol. No. RFC 768. 1980.
  • Ramsey, Norman, and Mary F. Fernández. "Specifying representations of machine instructions." ACM Transactions on Programming Languages and Systems (TOPLAS) 19, no. 3 (1997): 492-524.
  • Ratna, Anak Agung Putri, Prima Dewi Purnamasari, Ahmad Shaugi, and Muhammad Salman. "Analysis and comparison of MD5 and SHA-1 algorithm implementation in Simple-O authentication based security system." In QiR (Quality in Research), 2013 International Conference on, pp. 99-104. IEEE, 2013.
  • Ritchie, Dennis M., Brian W. Kernighan, and Michael E. Lesk. The C programming language. Englewood Cliffs: Prentice Hall, 1988.
  • Rivest, Ronald. The MD5 message-digest algorithm. No. RFC 1321. 1992.
  • Royappa, Andrew V. "The PHP web application server." Journal of Computing Sciences in Colleges 15, no. 3 (2000): 201-211.
  • Sah, Love Kumar, Sheikh Ariful Islam, and Srinivas Katkoori. "An Efficient Hardware-Oriented Runtime Approach for Stack-based Software Buffer Overflow Attacks." In 2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp. 1-6. IEEE, 2018.
  • Silva, Sérgio SC, Rodrigo MP Silva, Raquel CG Pinto, and Ronaldo M. Salles. "Botnets: A survey." Computer Networks 57, no. 2 (2013): 378-403.
  • Skeels, Meredith M., and Jonathan Grudin. "When social networks cross boundaries: a case study of workplace use of facebook and linkedin." In Proceedings of the ACM 2009 international conference on Supporting group work, pp. 95-104. ACM, 2009.
  • Sterne, Dan, Kelly Djahandari, Ravindra Balupari, William La Cholter, Bill Babson, Brett Wilson, Priya Narasimhan, Andrew Purtell, Dan Schnackenberg, and Scott Linden. "Active network based DDoS defense." In DARPA Active NEtworks Conference and Exposition, 2002. Proceedings, pp. 193-203. IEEE, 2002.
  • Swildens, Eric Sven-Johan, and Richard David Day. "Domain name resolution using a distributed DNS network." U.S. Patent 7,725,602, issued May 25, 2010.
  • Thirunavukkarasu, E. S., and E. Karthikeyan. "A Security Analysis in VoIP Using Hierarchical Threshold Secret Sharing." In Proceedings of the UGC Sponsored National Conference on Advanced Networking and Applications. 2015.
  • Wang, Xiaoyun, and Hongbo Yu. "How to break MD5 and other hash functions." In Annual international conference on the theory and applications of cryptographic techniques, pp. 19-35. Springer, Berlin, Heidelberg, 2005.
  • Wang, Xiaoyun, Yiqun Lisa Yin, and Hongbo Yu. "Finding collisions in the full SHA-1." In Annual international cryptology conference, pp. 17-36. Springer, Berlin, Heidelberg, 2005.
  • Wankhede, Sonali B. "Study of Network-Based DoS Attacks." In Nanoelectronics, Circuits and Communication Systems, pp. 611-616. Springer, Singapore, 2019.
  • Weir, Matt, Sudhir Aggarwal, Michael Collins, and Henry Stern. "Testing metrics for password creation policies by attacking large sets of revealed passwords." In Proceedings of the 17th ACM conference on Computer and communications security, pp. 162-175. ACM, 2010.
  • Yuan, Yuan, Huanhuan Yuan, Daniel WC Ho, and Lei Guo. "Resilient control of wireless networked control system under denial-of-service attacks: a cross-layer design approach." IEEE transactions on cybernetics (2018).
  • Zaheer, Zainab, Aysha Khan, M. Sarosh Umar, and Muneeb Hasan Khan. "One-Tip Secure: Next-Gen of Text-Based Password." In Information and Communication Technology for Competitive Strategies, pp. 235-243. Springer, Singapore, 2019.
  • Zargar, Saman Taghavi, James Joshi, and David Tipper. "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks." IEEE communications surveys & tutorials 15, no. 4 (2013): 2046-2069.

Abstract Views: 236

PDF Views: 0




  • A Survey of Network-Based Security Attacks

Abstract Views: 236  |  PDF Views: 0

Authors

Koffka Khan
Department of Computing and Information Technology The University of the West Indies, Trinidad and Tobago
Wayne Goodridge
Department of Computing and Information Technology The University of the West Indies, Trinidad and Tobago

Abstract


Cross Site Scripting, SQL Injection, Denial of Service (DOS), Buffer Overflow and Password Cracking are current network-based security attacks that still looms on the Internet. Though these attacks have been around for decades and there exist protective mechanism for overcoming them they are still relevant today. In this paper we describe the basic workings of these attacks and outline how companies and individuals can mitigate these attacks. By taking the necessary precautions the severity of these attacks can be diminished.

Keywords


Cross Site Scripting, SQL Injection, Denial of Service (DOS), Buffer Overflow, Password Cracking, Security Attacks, Internet.

References