Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 551

Search results for: SQL injection attacks

551 Searching for Forensic Evidence in a Compromised Virtual Web Server against SQL Injection Attacks and PHP Web Shell

Authors: Gigih Supriyatno

Abstract:

SQL injection is one of the most common types of attacks and has a very critical impact on web servers. In the worst case, an attacker can perform post-exploitation after a successful SQL injection attack. In the case of forensics web servers, web server analysis is closely related to log file analysis. But sometimes large file sizes and different log types make it difficult for investigators to look for traces of attackers on the server. The purpose of this paper is to help investigator take appropriate steps to investigate when the web server gets attacked. We use attack scenarios using SQL injection attacks including PHP backdoor injection as post-exploitation. We perform post-mortem analysis of web server logs based on Hypertext Transfer Protocol (HTTP) POST and HTTP GET method approaches that are characteristic of SQL injection attacks. In addition, we also propose structured analysis method between the web server application log file, database application, and other additional logs that exist on the webserver. This method makes the investigator more structured to analyze the log file so as to produce evidence of attack with acceptable time. There is also the possibility that other attack techniques can be detected with this method. On the other side, it can help web administrators to prepare their systems for the forensic readiness.

Keywords: Web forensic, SQL injection, web shell, investigation.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 862
550 Web Application Security, Attacks and Mitigation

Authors: Ayush Chugh, Gaurav Gupta

Abstract:

Today’s technology is heavily dependent on web applications. Web applications are being accepted by users at a very rapid pace. These have made our work efficient. These include webmail, online retail sale, online gaming, wikis, departure and arrival of trains and flights and list is very long. These are developed in different languages like PHP, Python, C#, ASP.NET and many more by using scripts such as HTML and JavaScript. Attackers develop tools and techniques to exploit web applications and legitimate websites. This has led to rise of web application security; which can be broadly classified into Declarative Security and Program Security. The most common attacks on the applications are by SQL Injection and XSS which give access to unauthorized users who totally damage or destroy the system. This paper presents a detailed literature description and analysis on Web Application Security, examples of attacks and steps to mitigate the vulnerabilities.

Keywords: Attacks, Injection, JavaScript, SQL, Vulnerability, XSS.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4760
549 Artificial Neural Network based Web Application Firewall for SQL Injection

Authors: Asaad Moosa

Abstract:

In recent years with the rapid development of Internet and the Web, more and more web applications have been deployed in many fields and organizations such as finance, military, and government. Together with that, hackers have found more subtle ways to attack web applications. According to international statistics, SQL Injection is one of the most popular vulnerabilities of web applications. The consequences of this type of attacks are quite dangerous, such as sensitive information could be stolen or authentication systems might be by-passed. To mitigate the situation, several techniques have been adopted. In this research, a security solution is proposed using Artificial Neural Network to protect web applications against this type of attacks. The solution has been experimented on sample datasets and has given promising result. The solution has also been developed in a prototypic web application firewall called ANNbWAF.

Keywords: Artificial Neural Networks ANN, SQL Injection, Web Application Firewall WAF, Web Application Scanner WAS.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 5046
548 A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks

Authors: Naghmeh Moradpoor Sheykhkanloo

Abstract:

Thousands of organisations store important and confidential information related to them, their customers, and their business partners in databases all across the world. The stored data ranges from less sensitive (e.g. first name, last name, date of birth) to more sensitive data (e.g. password, pin code, and credit card information). Losing data, disclosing confidential information or even changing the value of data are the severe damages that Structured Query Language injection (SQLi) attack can cause on a given database. It is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. In this paper, we propose an effective pattern recognition neural network model for detection and classification of SQLi attacks. The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to: 1) classify each generated URL to either a benign URL or a malicious URL and 2) classify the malicious URLs into different SQLi attack categories, and a NN model in order to: 1) detect either a given URL is a malicious URL or a benign URL and 2) identify the type of SQLi attack for each malicious URL. The model is first trained and then evaluated by employing thousands of benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.

Keywords: Neural Networks, pattern recognition, SQL injection attacks, SQL injection attack classification, SQL injection attack detection.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2506
547 The Journey of a Malicious HTTP Request

Authors: M. Mansouri, P. Jaklitsch, E. Teiniker

Abstract:

SQL injection on web applications is a very popular kind of attack. There are mechanisms such as intrusion detection systems in order to detect this attack. These strategies often rely on techniques implemented at high layers of the application but do not consider the low level of system calls. The problem of only considering the high level perspective is that an attacker can circumvent the detection tools using certain techniques such as URL encoding. One technique currently used for detecting low-level attacks on privileged processes is the tracing of system calls. System calls act as a single gate to the Operating System (OS) kernel; they allow catching the critical data at an appropriate level of detail. Our basic assumption is that any type of application, be it a system service, utility program or Web application, “speaks” the language of system calls when having a conversation with the OS kernel. At this level we can see the actual attack while it is happening. We conduct an experiment in order to demonstrate the suitability of system call analysis for detecting SQL injection. We are able to detect the attack. Therefore we conclude that system calls are not only powerful in detecting low-level attacks but that they also enable us to detect highlevel attacks such as SQL injection.

Keywords: Linux system calls, Web attack detection, Interception.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1831
546 Main Variables Competition in DFB Lasers under Dual Optical Injection

Authors: Najm M. Al-Hosiny

Abstract:

We theoretically investigate the effects of frequency detuning and injection power on the nonlinear dynamics of DFB lasers under dual external optical injection.

Keywords: Optical injection, DFB laser, frequency detuning, injection power.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1196
545 Secure Power Systems Against Malicious Cyber-Physical Data Attacks: Protection and Identification

Authors: Morteza Talebi, Jianan Wang, Zhihua Qu

Abstract:

The security of power systems against malicious cyberphysical data attacks becomes an important issue. The adversary always attempts to manipulate the information structure of the power system and inject malicious data to deviate state variables while evading the existing detection techniques based on residual test. The solutions proposed in the literature are capable of immunizing the power system against false data injection but they might be too costly and physically not practical in the expansive distribution network. To this end, we define an algebraic condition for trustworthy power system to evade malicious data injection. The proposed protection scheme secures the power system by deterministically reconfiguring the information structure and corresponding residual test. More importantly, it does not require any physical effort in either microgrid or network level. The identification scheme of finding meters being attacked is proposed as well. Eventually, a well-known IEEE 30-bus system is adopted to demonstrate the effectiveness of the proposed schemes.

Keywords: Algebraic Criterion, Malicious Cyber-Physical Data Injection, Protection and Identification, Trustworthy Power System.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1822
544 Experimental and Theoretical Study of Melt Viscosity in Injection Process

Authors: Chung-Chih Lin, Wen-Teng Wang, Chin-Chiuan Kuo, Chieh-Liang Wu

Abstract:

The state of melt viscosity in injection process is significantly influenced by the setting parameters due to that the shear rate of injection process is higher than other processes. How to determine plastic melt viscosity during injection process is important to understand the influence of setting parameters on the melt viscosity. An apparatus named as pressure sensor bushing (PSB) module that is used to evaluate the melt viscosity during injection process is developed in this work. The formulations to coupling melt viscosity with fill time and injection pressure are derived and then the melt viscosity is determined. A test mold is prepared to evaluate the accuracy on viscosity calculations between the PSB module and the conventional approaches. The influence of melt viscosity on the tensile strength of molded part is proposed to study the consistency of injection quality.

Keywords: Injection molding, melt viscosity, injection quality, injection speed.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4119
543 Experimental Investigation on the Effect of CO2 and WAG Injection on Permeability Reduction Induced by Asphaltene Precipitation in Light Oil

Authors: Ali F. Alta'ee, Ong S. Hun, Sima Sh. Alian, Ismail M. Saaid

Abstract:

Permeability reduction induced by asphaltene precipitation during gas injection is one of the serious problems in the oil industry. This problem can lead to formation damage and decrease the oil production rate. In this work, Malaysian light oil sample has been used to investigate the effect CO2 injection and Water Alternating Gas (WAG) injection on permeability reduction. In this work, dynamic core flooding experiments were conducted to study the effect of CO2 and WAG injection on the amount of asphaltene precipitated. Core properties after displacement were inspected for any permeability reduction to study the effect of asphaltene precipitation on rock properties. The results showed that WAG injection gave less asphaltene precipitation and formation damage compared to CO2 injection. The study suggested that WAG injection can be one of the important factors of managing asphaltene precipitation.

Keywords: Asphaltene Precipitation, Permeability Reduction, CO2 Injection, WAG Injection.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3227
542 Quick Reference: Cyber Attacks Awareness and Prevention Method for Home Users

Authors: Haydar Teymourlouei

Abstract:

It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such technologies would help. Knowledge of how cyber-attacks operate and protective steps that can be taken to reduce chances of its occurrence are key to increasing these security measures. The purpose of this paper is to inform home users on the importance of identifying and taking preventive steps to avoid cyberattacks. Throughout this paper, many aspects of cyber-attacks will be discuss: what a cyber-attack is, the affects of cyber-attack for home users, different types of cyber-attacks, methodology to prevent such attacks; home users can take to fortify security of their computer.

Keywords: Cyber-attacks, home user, prevention, security, technology.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 7071
541 Mechanized Proof of Resistance of Denial of Service Attacks in Voting Protocol with ProVerif

Authors: Bo Meng, Wei Wang

Abstract:

Resistance of denial of service attacks is a key security requirement in voting protocols. Acquisti protocol plays an important role in development of internet voting protocols and claims its security without strong physical assumptions. In this study firstly Acquisti protocol is modeled in extended applied pi calculus, and then resistance of denial of service attacks is proved with ProVerif. The result is that it is not resistance of denial of service attacks because two denial of service attacks are found. Finally we give the method against the denial of service attacks.

Keywords: Applied pi calculus, protocol state, symbolic model, availability.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1071
540 Modeling of Cross Flow Classifier with Water Injection

Authors: E. Pikushchak, J. Dueck, L. Minkov

Abstract:

In hydrocyclones, the particle separation efficiency is limited by the suspended fine particles, which are discharged with the coarse product in the underflow. It is well known that injecting water in the conical part of the cyclone reduces the fine particle fraction in the underflow. This paper presents a mathematical model that simulates the water injection in the conical component. The model accounts for the fluid flow and the particle motion. Particle interaction, due to hindered settling caused by increased density and viscosity of the suspension, and fine particle entrainment by settling coarse particles are included in the model. Water injection in the conical part of the hydrocyclone is performed to reduce fine particle discharge in the underflow. The model demonstrates the impact of the injection rate, injection velocity, and injection location on the shape of the partition curve. The simulations are compared with experimental data of a 50-mm cyclone.

Keywords: Classification, fine particle processing, hydrocyclone, water injection.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1767
539 Attacks and Counter Measures in BST Overlay Structure of Peer-To-Peer System

Authors: Guruprasad Khataniar, Hitesh Tahbildar, Prakriti Prava Das

Abstract:

There are various overlay structures that provide efficient and scalable solutions for point and range query in a peer-topeer network. Overlay structure based on m-Binary Search Tree (BST) is one such popular technique. It deals with the division of the tree into different key intervals and then assigning the key intervals to a BST. The popularity of the BST makes this overlay structure vulnerable to different kinds of attacks. Here we present four such possible attacks namely index poisoning attack, eclipse attack, pollution attack and syn flooding attack. The functionality of BST is affected by these attacks. We also provide different security techniques that can be applied against these attacks.

Keywords: BST, eclipse attack, index poisoning attack, pollution attack, syn flooding attack.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1449
538 Thermodynamic Performance Assessment of Steam-Injection Gas-Turbine Systems

Authors: Kyoung Hoon Kim, Giman Kim

Abstract:

The cycles of the steam-injection gas-turbine systems are studied. The analyses of the parametric effects and the optimal operating conditions for the steam-injection gas-turbine (STIG) system and the regenerative steam-injection gas-turbine (RSTIG) system are investigated to ensure the maximum performance. Using the analytic model, the performance parameters of the system such as thermal efficiency, fuel consumption and specific power, and also the optimal operating conditions are evaluated in terms of pressure ratio, steam injection ratio, ambient temperature and turbine inlet temperature (TIT). It is shown that the computational results are presented to have a notable enhancement of thermal efficiency and specific power.

Keywords: gas turbine, RSTIG, steam injection, STIG, thermal efficiency.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2330
537 Gas Lift Optimization to Improve Well Performance

Authors: Mohamed A. G. H. Abdalsadig, Amir Nourian, G. G. Nasr, Meisam Babaie

Abstract:

Gas lift optimization is becoming more important now a day in petroleum industry. A proper lift optimization can reduce the operating cost, increase the net present value (NPV) and maximize the recovery from the asset. A widely accepted definition of gas lift optimization is to obtain the maximum output under specified operating conditions. In addition, gas lift, a costly and indispensable means to recover oil from high depth reservoir entails solving the gas lift optimization problems. Gas lift optimization is a continuous process; there are two levels of production optimization. The total field optimization involves optimizing the surface facilities and the injection rate that can be achieved by standard tools softwares. Well level optimization can be achieved by optimizing the well parameters such as point of injection, injection rate, and injection pressure. All these aspects have been investigated and presented in this study by using experimental data and PROSPER simulation program. The results show that the well head pressure has a large influence on the gas lift performance and also proved that smart gas lift valve can be used to improve gas lift performance by controlling gas injection from down hole. Obtaining the optimum gas injection rate is important because excessive gas injection reduces production rate and consequently increases the operation cost.

Keywords: Optimization, production rate, reservoir pressure effect, gas injection rate effect, gas injection pressure.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 6228
536 Investigation of the Effectiveness of Siloxane Hydrophobic Injection for Renovation of Damp Brick Masonry

Authors: Z. Pavlík, M. Keppert, M. Pavlíková, R. Černý

Abstract:

Experimental investigation of the effect of hydrophobic injection on siloxane basis on the properties of oldfashioned type of ceramic brick is presented in the paper. At the experimental testing, the matrix density, total open porosity, pore size distribution, sorptivity, water absorption coefficient, sorption and desorption isotherms are measured for the original, as well as the hydrophobic-injection treated brick. On the basis of measured data, the functionality of the hydrophobic injection for the moisture ingress prevention into the studied ceramic brick is assessed.

Keywords: Brick masonry, siloxane hydrophobic injection, moisture ingress, functionality testing.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1648
535 A Systematic Approach for Analyzing Multiple Cyber-Physical Attacks on the Smart Grid

Authors: Yatin Wadhawan, Clifford Neuman, Anas Al Majali

Abstract:

In this paper, we evaluate the resilience of the smart grid system in the presence of multiple cyber-physical attacks on its distinct functional components. We discuss attack-defense scenarios and their effect on smart grid resilience. Through contingency simulations in the Network and PowerWorld Simulator, we analyze multiple cyber-physical attacks that propagate from the cyber domain to power systems and discuss how such attacks destabilize the underlying power grid. The analysis of such simulations helps system administrators develop more resilient systems and improves the response of the system in the presence of cyber-physical attacks.

Keywords: Smart grid, resilience, gas pipeline, cyber-physical attack, security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 780
534 Taxonomy of Threats and Vulnerabilities in Smart Grid Networks

Authors: Faisal Al Yahmadi, Muhammad R. Ahmed

Abstract:

Electric power is a fundamental necessity in the 21st century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions.

Keywords: Smart grid network, security, threats, vulnerabilities.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 260
533 Development of a Complete Single Jet Common Rail Injection System Gas Dynamic Model for Hydrogen Fueled Engine with Port Injection Feeding System

Authors: Mohammed Kamil, M. M. Rahman, Rosli A. Bakar

Abstract:

Modeling of hydrogen fueled engine (H2ICE) injection system is a very important tool that can be used for explaining or predicting the effect of advanced injection strategies on combustion and emissions. In this paper, a common rail injection system (CRIS) is proposed for 4-strokes 4-cylinders hydrogen fueled engine with port injection feeding system (PIH2ICE). For this system, a numerical one-dimensional gas dynamic model is developed considering single injection event for each injector per a cycle. One-dimensional flow equations in conservation form are used to simulate wave propagation phenomenon throughout the CR (accumulator). Using this model, the effect of common rail on the injection system characteristics is clarified. These characteristics include: rail pressure, sound velocity, rail mass flow rate, injected mass flow rate and pressure drop across injectors. The interaction effects of operational conditions (engine speed and rail pressure) and geometrical features (injector hole diameter) are illustrated; and the required compromised solutions are highlighted. The CRIS is shown to be a promising enhancement for PIH2ICE.

Keywords: Common rail, hydrogen engine, port injection, wave propagation.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 975
532 Simulation Study of Asphaltene Deposition and Solubility of CO2 in the Brine during Cyclic CO2 Injection Process in Unconventional Tight Reservoirs

Authors: Rashid S. Mohammad, Shicheng Zhang, Sun Lu, Syed Jamal-Ud-Din, Xinzhe Zhao

Abstract:

A compositional reservoir simulation model (CMG-GEM) was used for cyclic CO2 injection process in unconventional tight reservoir. Cyclic CO2 injection is an enhanced oil recovery process consisting of injection, shut-in, and production. The study of cyclic CO2 injection and hydrocarbon recovery in ultra-low permeability reservoirs is mainly a function of rock, fluid, and operational parameters. CMG-GEM was used to study several design parameters of cyclic CO2 injection process to distinguish the parameters with maximum effect on the oil recovery and to comprehend the behavior of cyclic CO2 injection in tight reservoir. On the other hand, permeability reduction induced by asphaltene precipitation is one of the major issues in the oil industry due to its plugging onto the porous media which reduces the oil productivity. In addition to asphaltene deposition, solubility of CO2 in the aquifer is one of the safest and permanent trapping techniques when considering CO2 storage mechanisms in geological formations. However, the effects of the above uncertain parameters on the process of CO2 enhanced oil recovery have not been understood systematically. Hence, it is absolutely necessary to study the most significant parameters which dominate the process. The main objective of this study is to improve techniques for designing cyclic CO2 injection process while considering the effects of asphaltene deposition and solubility of CO2 in the brine in order to prevent asphaltene precipitation, minimize CO2 emission, optimize cyclic CO2 injection, and maximize oil production.

Keywords: Tight reservoirs, cyclic O2 injection, asphaltene, solubility, reservoir simulation.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1313
531 Injection Forging of Splines Using Numerical and Experimental Study

Authors: M.Zadshakoyan, H.Jafarzadeh, E.Abdi Sobbouhi

Abstract:

Injection forging is a Nett-shape manufacturing process in which one or two punches move axially causing a radial flow into a die cavity in a form which is prescribed by the exitgeometry, such as pulley, flanges, gears and splines on a shaft. This paper presents an experimental and numerical study of the injection forging of splines in terms of load requirement and material flow. Three dimensional finite element analyses are used to investigate the effect of some important parameters in this process. The experiment has been carried out using solid commercial lead billets with two different billet diameters and four different dies.

Keywords: Injection forging, splines, material flow, FEM

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1548
530 An Efficient and Secure Solution for the Problems of ARP Cache Poisoning Attacks

Authors: Md. Ataullah, Naveen Chauhan

Abstract:

The Address Resolution Protocol (ARP) is used by computers to map logical addresses (IP) to physical addresses (MAC). However ARP is an all trusting protocol and is stateless which makes it vulnerable to many ARP cache poisoning attacks such as Man-in-the-Middle (MITM) and Denial of service (DoS) attacks. These flaws result in security breaches thus weakening the appeal of the computer for exchange of sensitive data. In this paper we describe ARP, outline several possible ARP cache poisoning attacks and give the detailed of some attack scenarios in network having both wired and wireless hosts. We have analyzed each of proposed solutions, identify their strengths and limitations. Finally get that no solution offers a feasible solution. Hence, this paper presents an efficient and secure version of ARP that is able to cope up with all these types of attacks and is also a feasible solution. It is a stateful protocol, by storing the information of the Request frame in the ARP cache, to reduce the chances of various types of attacks in ARP. It is more efficient and secure by broadcasting ARP Reply frame in the network and storing related entries in the ARP cache each time when communication take place.

Keywords: ARP cache poisoning, MITM, DoS

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2708
529 Taxonomy of Structured P2P Overlay Networks Security Attacks

Authors: Zied Trifa, Maher Khemakhem

Abstract:

The survey and classification of the different security attacks in structured peer-to-peer (P2P) overlay networks can be useful to computer system designers, programmers, administrators, and users. In this paper, we attempt to provide a taxonomy of structured P2P overlay networks security attacks. We have specially focused on the way these attacks can arise at each level of the network. Moreover, we observed that most of the existing systems such as Content Addressable Network (CAN), Chord, Pastry, Tapestry, Kademlia, and Viceroy suffer from threats and vulnerability which lead to disrupt and corrupt their functioning. We hope that our survey constitutes a good help for who-s working on this area of research.

Keywords: P2P, Structured P2P Overlay Networks, DHT, Security, classification

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1549
528 Study on Network-Based Technology for Detecting Potentially Malicious Websites

Authors: Byung-Ik Kim, Hong-Koo Kang, Tae-Jin Lee, Hae-Ryong Park

Abstract:

Cyber terrors against specific enterprises or countries have been increasing recently. Such attacks against specific targets are called advanced persistent threat (APT), and they are giving rise to serious social problems. The malicious behaviors of APT attacks mostly affect websites and penetrate enterprise networks to perform malevolent acts. Although many enterprises invest heavily in security to defend against such APT threats, they recognize the APT attacks only after the latter are already in action. This paper discusses the characteristics of APT attacks at each step as well as the strengths and weaknesses of existing malicious code detection technologies to check their suitability for detecting APT attacks. It then proposes a network-based malicious behavior detection algorithm to protect the enterprise or national networks.

Keywords: Advanced Persistent Threat, Malware, Network Security, Network Packet, Exploit Kits.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1394
527 The Analysis of Two-Phase Jet in Pneumatic Powder Injection into Liquid Alloys

Authors: J. Jezierski, K. Janerka

Abstract:

The results of the two-phase gas-solid jet in pneumatic powder injection process analysis were presented in the paper. The researches were conducted on model set-up with high speed camera jet movement recording. Then the recorded material was analyzed to estimate main particles movement parameters. The values obtained from this direct measurement were compared to those calculated with the use of the well-known formulas for the two-phase flows (pneumatic conveying). Moreover, they were compared to experimental results previously achieved by authors. The analysis led to conclusions which to some extent changed the assumptions used even by authors, regarding the two-phase jet in pneumatic powder injection process. Additionally, the visual analysis of the recorded clips supplied data to make a more complete evaluation of the jet behavior in the lance outlet than before.

Keywords: injection lance, liquid metal, powder injection, slip velocity, two-phase jet

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1399
526 A Study of General Attacks on Elliptic Curve Discrete Logarithm Problem over Prime Field and Binary Field

Authors: Tun Myat Aung, Ni Ni Hla

Abstract:

This paper begins by describing basic properties of finite field and elliptic curve cryptography over prime field and binary field. Then we discuss the discrete logarithm problem for elliptic curves and its properties. We study the general common attacks on elliptic curve discrete logarithm problem such as the Baby Step, Giant Step method, Pollard’s rho method and Pohlig-Hellman method, and describe in detail experiments of these attacks over prime field and binary field. The paper finishes by describing expected running time of the attacks and suggesting strong elliptic curves that are not susceptible to these attacks.c

Keywords: Discrete logarithm problem, general attacks, elliptic curves, strong curves, prime field, binary field, attack experiments.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 964
525 Steam Assisted Gravity Drainage: A Recipe for Success

Authors: Mohsen Ebrahimi

Abstract:

In this paper, Steam Assisted Gravity Drainage (SAGD) is introduced and its advantages over ordinary steam injection is demonstrated. A simple simulation model is built and three scenarios of natural production, ordinary steam injection, and SAGD are compared in terms of their cumulative oil production and cumulative oil steam ratio. The results show that SAGD can significantly enhance oil production in quite a short period of time. However, since the distance between injection and production wells is short, the oil to steam ratio decreases gradually through time.

Keywords: Thermal recovery, Steam injection, SAGD, Enhanced oil recovery

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1990
524 A Taxonomy of Internal Attacks in Wireless Sensor Network

Authors: Muhammad R Ahmed, Xu Huang, Dharmendra Sharma

Abstract:

Developments in communication technologies especially in wireless have enabled the progress of low-cost and lowpower wireless sensor networks (WSNs). The features of such WSN are holding minimal energy, weak computational capabilities, wireless communication and an open-medium nature where sensors are deployed. WSN is underpinned by application driven such as military applications, the health sector, etc. Due to the intrinsic nature of the network and application scenario, WSNs are vulnerable to many attacks externally and internally. In this paper we have focused on the types of internal attacks of WSNs based on OSI model and discussed some security requirements, characterizers and challenges of WSNs, by which to contribute to the WSN-s security research.

Keywords: Wireless sensor network, internal attacks, security, OSI model.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2835
523 An Investigation on the Effects of Injection Spray Cone on Propulsive Droplets in a Duct

Authors: M. Mojtahedpoor

Abstract:

This paper addresses one important aspect of combustion system analysis, the spray evaporation and dispersion modeling. In this study we assume an empty cylinder which is as a simulator for a ramjet engine and the cylinder has been studied by cold flow. Four nozzles have the duties of injection which are located in the entrance of cylinder. The air flow comes into the cylinder from one side and injection operation will be done. By changing injection velocity and entrance air flow velocity, we have studied droplet sizing and efficient mass fraction of fuel vapor near and at the exit area. We named the mass of fuel vapor inside the flammability limit as the efficient mass fraction. Further, we decreased the initial temperature of fuel droplets and we have repeated the investigating again. To fulfill the calculation we used a modified version of KIVA-3V.

Keywords: Ramjet, droplet sizing, injection velocity, air flowvelocity, efficient mass fraction..

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1230
522 Double Diffusive Convection in a Partially Porous Cavity under Suction/Injection Effects

Authors: Y. Outaleb, K. Bouhadef, O. Rahli

Abstract:

Double-diffusive steady convection in a partially porous cavity with partially permeable walls and under the combined buoyancy effects of thermal and mass diffusion was analysed numerically using finite volume method. The top wall is well insulated and impermeable while the bottom surface is partially well insulated and impermeable and partially submitted to constant temperature T1 and concentration C1. Constant equal temperature T2 and concentration C2 are imposed along the vertical surfaces of the enclosure. Mass suction/injection and injection/suction are respectively considered at the bottom of the porous centred partition and at one of the vertical walls. Heat and mass transfer characteristics as streamlines and average Nusselt numbers and Sherwood numbers were discussed for different values of buoyancy ratio, Rayleigh number, and injection/suction coefficient. It is especially noted that increasing the injection factor disadvantages the exchanges in the case of the injection while the transfer is augmented in case of suction. On the other hand, a critical value of the buoyancy ratio was highlighted for which heat and mass transfers are minimized.

Keywords: Double diffusive convection, Injection/Extraction, Partially porous cavity

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1387