Handling Vulnerable Script Code in Web Environment

Authors: Amit Verma , Bhupendra Malviya, Dr. Anshuman Sharma

Abstract- Nowadays, network security is becoming more and more important in our daily life. Owing to that the fact that we cannot live without the Internet, providing a good and security networking environment is significantly necessary. However, cross site scripting (XSS) attacks risk millions of websites. XSS can be used to inject malicious scripting code into applications, and then return the code back to the customer side. When users use the web browser to visit the place where the malicious scripting code has been injected, the code will execute directly to the customers computer. A common solution is detecting the key words of XSS in the browser javascript engine or on the server part to filter the malicious code. Nonetheless, the attacker can construct different new types of malicious scripting to avoid detecting so that it is difficult to collect all keywords in the detecting-list to avoid XSS attacking. Therefore, it is worth letting more people pay attention to XSS and finding more solutions to avoid XSS attacks.

Keywords- Javascript, XSS Attacking.

References-

[1] Yao-Wen Huang, Shih-Kun Huang, and Tsung-Po Lin. Web Application Security Assessmentby Fault Injection and Behavior Monitoring. WWW 2003 Budapest Hungary, May 2003.

[2] G.A. Di Lucca, A.R. Fasolino, M. Mastroianni, and P. Tramontana. Identifying Cross Site Scripting Vulnerabilities in Web Applications. In Sixth IEEE International Workshop on WebSite Evolution (WSE’04), pages 71 – 80, September 2004.

[3] Omar Ismail, Masashi Etoh, YoukiKadobayashi, and Suguru Yamaguchi. A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability. In Proceedings of the 18th International Conference on Advanced Information Networking and Application (AINA04), March 2004.

[4] T. Berners-Lee. Hypertext Transfer Protocol – HTTP/1.0. http://www.rfc-editor.org/rfc/rfc1945.txt, 1996.

[5] Shaukat Ali, Shah Khusro, AzharRauf / University of Peshawar, Peshawar, Pakistan/ IEEE, A Cryptography-Based Approach to Web Mashup Security,2011

[6] Ms. R.Priyadarshini, Ms. Jagadiswaree.D, Ms. Fareedha.A, Mr. Janarthanan.M / B.S.AbdurRahmanUniversityChennai/IEEE, A Cross Platform Intrusion Detection System using Inter Server Communication Technique, 2011.

[7] Jan-Min Chen/ Yu Da University Miaoli, Taiwan, Chia-Lun Wu/ Tatung University Taipei, Taiwan /IEEE, An Automated Vulnerability Scanner for Injection Attack Based on Injection Point, 2010.

[8] HossainShahriar and Mohammad Zulkernine, Queen’s University, Kingston, Canada, “Injecting Comments to Detect JavaScript Code Injection Attacks”, IEEE 978-0-7695-4459-5/11, DOI 10.1109/COMPSACW.2011.27,104-109, 2011.

[9] Blake Anderson and Daniel Quist, Los Alamos National Lab, Terran Lane, University of New Mexico, “Detecting Code Injection Attacks in Internet Explorer”, IEEE 978-0-7695-4459-5/11, DOI 10.1109/COMPSACW.2011.25, 90-95, 2011.

[10] Ryan Riley, Purdue University, Xuxian Jiang, George Mason University, DongyanXu, Purdue University, “An Architectural Approach to Preventing Code Injection Attacks”, IEEE 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks 0-7695-2855-4/07, 2007.

[11] O. Hallaraker and G. Vigna. “ Detecting Malicious JavaScript Code in Mozilla “,In proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), 2005.

[12] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic, “ Noxes: A clientside solution for mitigating cross-site scripting attacks”, In 21st ACM Symposium on Applied Computing (SAC), 2006.

[13] K. Selvamani, A.Duraisamy, A.Kannan “Protection of Web Applications from Cross-Site Scripting Attacks in Browser Side” (IJCSIS) International Journal of Computer Science and Information Security, Vol. 7, No. 3, March 2010.

[14] P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. “ Cross site scripting prevention with dynamic data tainting and static analysis”. In Proceedingof the Network and Distributed System Security Symposium (NDSS07), 2007.

[15] E. Gal´an, A. Alcaide, A. Orfila, J. Blasco “A Multi–agent Scanner to Detect Stored–XSS Vulnerabilities” in ICITST, Technical CoSponsored by IEEE UK/RI Communications, 2010

[16] Zhang Xin-hua, Wang Zhi-jian /Hohai University, China/ IEEE, A Static Analysis Tool for Detecting Web Application Injection Vulnerabilities for ASP Program, 2010.

[17] Masaru Takesue, Dept. Applied Informatics, Hosei University, Tokyo/IEEE, An HTTP Extension for Secure Transfer of Confidential Data, 2009.

[18] Abdul Razzaq, Ali Hur, NasirHaider, Farooq Ahmad/NUST School of Electrical Engineering and Computer Sciences, Pakistan/ IEEE, Multi-Layered Defense against Web Application Attacks, 2009.

A Novel Approach for Face Recognition using CHMM Algorithm

Authors: Azharruddin, Bhupendra Malviya, Dr. Anshuman Sharma

Abstract- Face recognition is one of the most suitable applications of image analysis. It’s a true challenge to build an automated system which equals human ability to recognize faces. While traditional face recognition is typically based on still images, face recognition from video sequences has become popular recently due to more abundant information than still images. Video-based face recognition has been one of the hot topics in the field of pattern recognition in the last few decades. This paper presents an overview of face recognition scenarios and video-based face recognition system architecture and various approaches are used in video-based face recognition system which can not only discover more space-time semantic information hidden in video face sequence, but also make full use of the high level semantic concepts and the intrinsic nonlinear structure information to extract discriminative manifold features. We also compare our algorithm with other algorithms on our own database.

Keywords- Face recognition, image, video based face recognition

References-

[1] R. Chellappa, C.L. Wilson, and S. Sirohey, “Human and machine recognition of faces: a survey”, Proceedings of the IEEE, Vol.83, No.5, 1995, pp.705–741.

[2] M. Turk and A. Pentland, “Eigenfaces for Recognition”, Journal of Cognitive Neuroscience, Vol.3, No.1, 1991, pp.71-86.

[3] P.N. Belhumeur, J.P. Hespanha, and D.J. Kriegman, “Eiegnfaces vs. Fisherfaces: Recognition Using Class Specific Linear Projection”, IEEE Transaction on Pattern Analysis and Machine Intelligence, Vol.19, No.7, 1997, pp.711-720.

[4] M. Lades, J.C. Vorbruggen, J. Buhmann, J. Lange, C. von der Malsburg, R.P. Wurtz, and W. Konen, “Distortion Invariant Object Recognition in the Dynamic Link Architecture”, IEEE Transactions on Computers, Vol.42, No.3, 1992, pp.300-311.

[5] Y. Li, Dynamic face models: construction and applications, PhD Thesis, Queen Mary, University of London, 2001.

[6] G. J. Edwards, C.J. Taylor, T.F. Cootes, “Improving Identification Performance by Integrating Evidence from Sequences”, In Proc. Of 1999 IEEE Conference on Computer Vision and Pattern Recognition,June 23-25, 1999 Fort Collins, Colorado, pp.486-491.

[7] S. Zhou, V. Krueger, and R. Chellappa, “Face Recognition from Video: A CONDENSATION Approach”, In Proc. of Fifth IEEE International Conference on Automatic Face and Gesture Recognition, Washington D.C., May 20-21, 2002, pp.221-228.

[8] X. Liu, T. Chen and S. M. Thornton, “Eigenspace Updating for NonStationary Process and Its Application to Face Recognition”, To appear in Pattern Recognition, Special issue on Kernel and Subspace Methods for Computer Vision, September 2002.

[9] A. Roy Chowdhury, R. Chellappa, R. Krishnamurthy and T.Vo, “3D Face Recostruction from Video Using A Generic Model”, In Proc. of Int. Conf. on Multimedia and Expo, Lausanne, Switzerland, August 26-29, 2002.

[10] S. Baker and T. Kanade, “Limits on Super-Resolution and How to Break Them”, IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 24, No. 9, September 2002, pp.1167-1183.

[11] L. Rabiner, “A tutorial on Hidden Markov Models and selected applications in speech recognition”, Proceedings of the IEEE, Vol.77, No.2, 1989, pp.257-286.

[12] A. Kale, A.N. Rajagopalan, N. Cuntoor and V. Krueger, “Gaitbased Recognition of humans Using Continuous HMMs”, In proceedings of the 5th IEEE International Conference on Automatic Face and Gesture Recognition, Washinton D.C. May 20-21, 2002, pp.336-341.

[13] J.J. Lien, Automatic Recognition of Facial Expressions Using Hidden Markov Models and Estimation of Expression Intensity, doctoral dissertation, tech. report CMU-RI-TR-98-31, Robotics Institute, Carnegie Mellon University, April 1998.

[14] F. Samaria and S. Young, “HMM-based architecture for face identification”, Image and vision computing, Vol.12, No.8, Oct 1994.

[15] A. Nefian, A hidden Markov model-based approach for face detection and recognition, PhD thesis, Georgia Institute of Technology, Atlanta, GA. 1999.

[16] J-L. Gauvain and C-H. Lee, “Maximum a Posteriori Estimation for Multivariate Gaussian Mixture Observations of Markov Chains”, IEEE Transactions on Speech and Audio Processing, Vol.2, No.2, 1994, pp.291-298.

[17] C. J. Leggetter and P. C. Woodland, “Maximum likelihood linear regression for speaker adaptation of the parameters of continuous density hidden markov models”, Computer Speech and Language, Vol.9, 1995, pp. 171-185.

[18] R. Gross and J. Shi, The CMU Motion of Body (MoBo) Database, tech. report CMU-RI-TR-01-18, Robotics Institute, Carnegie Mellon University, June, 2001.