IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i7p235-d1427271.html
   My bibliography  Save this article

A Packet Content-Oriented Remote Code Execution Attack Payload Detection Model

Author

Listed:
  • Enbo Sun

    (The 30th Research Institute of China Electronics Technology Group Corporation, Chengdu 610041, China)

  • Jiaxuan Han

    (School of Cyber Science and Engineering, Sichuan University, Chengdu 610207, China)

  • Yiquan Li

    (The 30th Research Institute of China Electronics Technology Group Corporation, Chengdu 610041, China)

  • Cheng Huang

    (School of Cyber Science and Engineering, Sichuan University, Chengdu 610207, China)

Abstract

In recent years, various Remote Code Execution vulnerabilities on the Internet have been exposed frequently; thus, more and more security researchers have begun to pay attention to the detection of Remote Code Execution attacks. In this paper, we focus on three kinds of common Remote Code Execution attacks: XML External Entity, Expression Language Injection, and Insecure Deserialization. We propose a packet content-oriented Remote Code Execution attack payload detection model. For the XML External Entity attack, we propose an algorithm to construct the use-definition chain of XML entities, and implement detection based on the integrity of the chain and the behavior of the chain’s tail node. For the Expression Language Injection and Insecure Deserialization attack, we extract 34 features to represent the string operation and the use of sensitive classes/methods in the code, and then train a machine learning model to implement detection. At the same time, we build a dataset to evaluate the effect of the proposed model. The evaluation results show that the model performs well in detecting XML External Entity attacks, achieving a precision of 0.85 and a recall of 0.94. Similarly, the model performs well in detecting Expression Language Injection and Insecure Deserialization attacks, achieving a precision of 0.99 and a recall of 0.88.

Suggested Citation

  • Enbo Sun & Jiaxuan Han & Yiquan Li & Cheng Huang, 2024. "A Packet Content-Oriented Remote Code Execution Attack Payload Detection Model," Future Internet, MDPI, vol. 16(7), pages 1-18, July.
    • Handle: RePEc:gam:jftint:v:16:y:2024:i:7:p:235-:d:1427271
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/7/235/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/16/7/235/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Fei Xiao & Zhaowen Lin & Yi Sun & Yan Ma, 2019. "Malware Detection Based on Deep Learning of Behavior Graphs," Mathematical Problems in Engineering, Hindawi, vol. 2019, pages 1-10, February.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:7:p:235-:d:1427271. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.