New threats and attacks on the World Wide Web

Mannheim Univ.
IEEE Security and Privacy Magazine (Impact Factor: 0.72). 04/2006; 4(2):72 - 75. DOI: 10.1109/MSP.2006.46
Source: IEEE Xplore

ABSTRACT Ten years ago, very few networks had a firewall; today, they're ubiquitous. The newest target is the workstation: client-side attacks have increased because direct attacks on servers aren't so easy any more. Moreover, as new defenses are raised, information flows are increasingly embedded into Web applications, making them extremely valuable as well, and, thus, the next target. This article describes some of these new threats

1 Follower
  • Source
    Wireless Communications and Mobile Computing 05/2006; 6(3):269-271. DOI:10.1002/wcm.393 · 1.29 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a new lightweight method that utilizes the growing hierarchical self-organizing map (GHSOM) for malware detection and structural classification. It also shows a new method for measuring the structural similarity between classes. A dynamic link library (DLL) file is an executable file used in the Windows operating system that allows applications to share codes and other resources to perform particular tasks. In this paper, we classify different malware by the data mining of the DLL files used by the malware. Since the malware families are evolving quickly, they present many new problems, such as how to link them to other existing malware families. The experiment shows that our GHSOM-based structural classification can solve these issues and generate a malware classification tree according to the similarity of malware families. © 2014 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.
    IEEJ Transactions on Electrical and Electronic Engineering 11/2014; 9(6). DOI:10.1002/tee.22018 · 0.33 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: International standard bodies such as the Parlay Group, 3GPP (Third Generation Partnership Project), and ETSI TISPAN describe an applications middleware in the form of open service access (OSA)/Parlay Application Programming Interfaces and Parlay X Web Services which allow multimedia applications to be implemented on top of different fixed and mobile network types. These established middleware services are also applicable to the new IP Multimedia Subsystem (IMS) forming the heart of emerging next generation networks. The main objective of this kind of middleware services is to simplify and unify service creation and – as applications are realized in so-called application servers which can be flexibly connected to dedicated network gateways – also to expose available network capabilities to third parties. This results in an inherent increase of security threats and increases the risk of attacks on network resources. This article describes the security requirements and challenges to Web services-based NGN middleware. Based on this analysis the paper presents the middleware security mechanisms at application level providing end-to-end security based on standard such as XML Digital Signatures, XML Encryption and SAML (Security Assertion Markup Language). Furthermore, we propose additional security means in the form of intrusion detection and prevention (IDP) system protecting applications middleware against SQL injection attacks which are not mitigated by existing solutions.
    Computer Networks 11/2007; DOI:10.1016/j.comnet.2007.06.011 · 1.28 Impact Factor


Available from