تشخیص حملات اجرای کد از راه دور با استفاده از سامانه تشخیص نفوذ نرم‌افزار وبی زبان PHP

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی کارشناسی ارشد، دانشگاه جامع امام حسین(ع)، تهران، ایران

2 استادیار، دانشگاه جامع امام حسین(ع)، تهران، ایران

چکیده

با توسعه نرم‌افزارهای تحت وب چالش سامانه‌های تشخیص نفوذ مرسوم در برابر حملات مبتنی بر وب، عدم دسترسی آن‌ها به ویژگی‌های لایه کاربرد و بستر وب است. گسترش استفاده از زبان سمت سرور PHP، باعث تولید برنامه‌های کاربردی به‌صورت نامطمئن و بروز مشکلات امنیتی در نرم‌افزارهای این زبان شده ‌است. حمله اجرای کد از راه دور به دلیل اجازه دسترسی از راه دور به دستگاه پردازنده و اعمال دستورات پوسته سیستم عامل، یکی از حملات پراهمیت تحت وب، به شمار می‌رود. تغییر معماری سامانه‌های تشخیص نفوذ لایه شبکه به لایه کاربرد و به‌کار بردن رویکرد تشخیص لایه‌ای با استفاده از روش‌های تشخیص مبتنی بر امضاء و رفتار در نرم‌افزارهای کاربردی زبان PHP، امکان تشخیص حملات اجرای کد از راه دور را فراهم می‌کند. در این پژوهش با استفاده از رویکرد لایه‌ای سامانه تشخیص نفوذ نرم‌افزار وبی زبان PHP، با دقت 4/90% و 95% در رویکرد مبتنی بر امضاء و رفتار، حملات اجرای کد از راه دور تشخیص داده می‌شوند.

کلیدواژه‌ها

عنوان مقاله [English]

Detection of the Remote Code Execution Attacks Using the PHP Web Application Intrusion Detection System

نویسندگان [English]

  • mohammad maghale 1
  • masoud bagheri 2
1 Master's student, Imam Hossein University, Tehran, Iran
2 Associate Professor, Imam Hossein University, Tehran, Iran
چکیده [English]

With the development of web application software, the lack of access to the application layer and web platform features has become the challenge of conventional intrusion detection systems against web-based attacks. The proliferation of PHP server-side languages has led to the creation of unreliable applications and security issues in this language’s software. Remote code execution attack is one of the most important web attacks due to allowing remote access to the processor device and executing the operating system shell commands. Modifying the architecture of network layer intrusion detection systems to the application layer and applying a layered detection approach using the detections methods based on the signature and behavior in PHP application software, facilitates the detection of remote code execution attacks. In this research, remote code execution attacks are detected using the layered approach of PHP web application intrusion detection system, with 90.4% and 95% accuracy in the signature and behavior based approaches respectively.

کلیدواژه‌ها [English]

  • Intrusion detection system
  • web applications
  • PHP server side language
  • Remote code execution attack
  • Layered approach

Smiley face

مراجع

[1] "Server-side Programming Languages, "April 1 2021. [Online]. Available: https://w3techs.com.
[2] I. Ristic, Apache Security (The Complete Guide to Securing Your Apache Web Server), O’Reilly, 2005. 
[3] M. Amerei and A. Beigi, "Intrusion Detection System with Hybrid Method," A collection of the fifteenth Conference of Iran's secret conference, In Persian, 2018. 
[4] "Acunetix Web Application Vulnerability Report 2020," 2020. [Online]. Available: https://www.acunetix.com/acunetix-web-application-vulnerability-report/. [Accessed 2020].
[5] S. Biswas, M. M. H. K. Sajal, T. Afrin, T. Bhuiyan, and M. M. Hassan, "A Study on Remote Code Execution Vulnerability in Web Application," in International Conference on Cyber Security and Computer Science (ICONCS’18), 2018. 
[6] R. Chauhan, "PHP Code: Top Ten Security Vulnerabilities," DZone - Web Dev Zone, [Online]. Available: https://dzone.com/articles/php-code-top-ten-security-vuln. [Accessed 2018].
[7] B. Hawkins and B. Demsky, "ZENIDS: Introspective Intrusion Detection for PHP Applications," IEEE/ACM 39th International Conference on Software Engineering, 2017. 
[8] N. Agarwal and S. Z. Hussain, "A Closer Look at Intrusion Detection System for Web Applications," Department of Computer Science, 2018. 
[9] M. Alahmad, A. Alkandari, and N. Alawadhi, "Survey of Os Command Injection Web Application Vulnerability Attack," Journal of Engineering Science and Technology, vol. 17, no. 1, pp 1-5, 2022. 
[10] J. Díaz-Verdejo, J. Muñoz-Calle; and A. E. Alonso, "On the Detection Capabilities of Signature-Based Intrusion Detection System in the Context of Web Attacks," mdpi, vol. 9, no. 1, pp 2-10, 2022. 
[11] B. Harsh, Log based Dynamic Intrusion Detection of Web Application, M.S. Thesis, Department of Computer Science and Engineering Indian Institute of Technology Kanpur, 2019. 
[12] "PHP Security Cheat Sheet, Draft Cheatsheet, OWASP_Code_Review_Guide-V1_1," 2016. [Online]. Available: https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet.
[13] l. Alshanersky, php | Architect’s Guide to PHP Security, A Step-by-Step Guide to Writing Secure and Reliable PHP Applications, 2005. 
[14] "PHP Manual," PHP, [Online]. Available: https://www.php.net/manual/en/. [Accessed 3 2020].
[15] K. Kowsari, K. Jafari Meimandi, M. Heidarysafa, S. Mendu, L. Barnes, and D. Brown, "Text Classification Algorithms: A Survey," Information, vol. 10, no. 4, pp 1-8, 2019. 
[16] K. L. Ingham, Anomaly Detection for HTTP Intrusion Detection: Algorithm Comparisons and the Effect of Generalization on Accuracy, M.S. Thesis, The University of New Mexico, 2007. 
[17] D. Jurafsky and J. Martin, Speech and Language Processing, stanford, 2019. 
[18] K. R. Suneetha and D. R. Krishnamoorthi, "Identifying User Behavior by Analyzing Web Server Access Log File," IJCSNS International Journal of Computer Science and Network Security, vol. 58, no. 2, pp 1-10, 2009. 
[19] K. U. Raut, "Log Based Intrusion Detection System," IOSR Journal of Computer Engineering (IOSR-JCE), vol. 20, no. 5, pp 1-5,  2018. 
[20] İ. Taşdelen, "Command Injection Payload List," Nov 2018. [Online]. Available: https://github.com/payloadbox/command-injection-payload-list. [Accessed 10 2019].
[21] "Exploit Database," [Online]. Available: https://www.exploit-db.com. [Accessed 21 1 2021].
[22] "Expose: An IDS for PHP," Github, 2017. [Online]. Available: https://github.com/enygma/expose. [Accessed 2021].
[23] "OWASP ModSecurity Core Rule Set," OWASP, 2020. [Online]. Available: https://coreruleset.org. [Accessed 4 2020].
[24] V. G. Le and H. T. Nguyen, "GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities," Springer-Verlag GmbH Germany, vol. ?, no. ?, pp ?, 2019. 
[25] "web-application-attacks-datasets," [Online]. Available: https://gitlab.fing.edu.uy/gsi/web-application-attacks-datasets. [Accessed 21 1 2021].
[26] "OWASP (2014). Owasp Modsecurity Core Rule Set," [Online]. Available: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/base_rules/modsecurity_crs_40_generic_attack.conf.
پدافند الکترونیکی و سایبری
دوره 10، شماره 2 - شماره پیاپی 38
شماره پیاپی 38، فصلنامه تابستان
مهر 1401
صفحه 75-85

فایل ها

سابقه مقاله

  • تاریخ دریافت: 18 خرداد 1400
  • تاریخ بازنگری: 12 بهمن 1400
  • تاریخ پذیرش: 18 مرداد 1401
  • تاریخ انتشار: 01 مهر 1401

هم رسانی

ارجاع به این مقاله

آمار