An Innovative Method of Malicious Code Injection Attacks on Websites

Abstract

This paper provides a model to identify website vulnerability to Code Injection Attacks (CIAs). The proposed model identifies vulnerabilities to CIA of various websites, to check vulnerable to CIAs. The lack of existing models in providing checking against code injection has motivated this paper to present a new and enhanced model against web code injection attacks that uses SQL injections and Cross-Site Script (XSS) injections. This paper previews a self-checking protection model which enables web administrators to know whether their current protection program is adequate, or whether a website needs stronger protection against CIAs. The Automated Injection’s model is to check vulnerable to cod injection. The checking methodology consists of many intrusion methods that the attacker may use to launch code injection attacks. Methodology can give a high precision of CIA vulnerability checking for a website compared with other approaches (the minimum accuracy different between proposed approach and other approaches is 3.15%). CIAs can be a serious problem for vulnerable websites including stealing, deleting, or altering important data. Extensive experiments are conducted and compared with existing research [e.g. 1, 5, and 9] to study the effectiveness of the proposed model that can check whether a website is vulnerable to CIAs. The performance of the suggested approach has been tested on SQL injections and XSS injections. The studies showed that the detection rate of our model is 95.27%, and the false positive rate is 5.55%.