English
Related papers

Related papers: Off-Path Attacking the Web

200 papers

The global rise of online users and online devices has ultimately given rise to the global internet population apart from several cybercrimes and cyberattacks. The combination of emerging new technology and powerful algorithms (of…

Cryptography and Security · Computer Science 2024-02-05 Naresh Kshetri , Dilip Kumar , James Hutson , Navneet Kaur , Omar Faruq Osama

Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms…

Cryptography and Security · Computer Science 2013-05-07 Yossi Gilad , Amir Herzberg , Haya Shulman

Cross-site scripting (XSS) poses a significant threat to web application security. While Deep Learning (DL) has shown remarkable success in detecting XSS attacks, it remains vulnerable to adversarial attacks due to the discontinuous nature…

Software Engineering · Computer Science 2026-03-23 Samuele Pasini , Gianluca Maragliano , Jinhan Kim , Paolo Tonella

The paper demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker. The attacker sends to a victim a sequence of identical spoofed segments.…

Cryptography and Security · Computer Science 2012-01-25 Jan Wrobel

Recent web-based cyber attacks are evolving into a new form of attacks such as private information theft and DDoS attack exploiting JavaScript within a web page. These attacks can be made just by accessing a web site without distribution of…

Cryptography and Security · Computer Science 2015-02-16 JongHun Jung , Hwan-Kuk Kim , Soojin Yoon

After more than 40 years of development, the fundamental TCP/IP protocol suite, serving as the backbone of the Internet, is widely recognized for having achieved an elevated level of robustness and security. Distinctively, we take a new…

Cryptography and Security · Computer Science 2024-11-20 Xuewei Feng , Qi Li , Kun Sun , Ke Xu , Jianping Wu

In a spoofing attack, an attacker impersonates a legitimate user to access or tamper with data intended for or produced by the legitimate user. In wireless communication systems, these attacks may be detected by relying on features of the…

Machine Learning · Computer Science 2022-11-09 Daniel Romero , Peter Gerstoft , Hadi Givehchian , Dinesh Bharadia

Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of…

Cryptography and Security · Computer Science 2010-04-13 K. Selvamani , A. Duraisamy , A. Kannan

Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its reveal in late 1999 by Microsoft security engineers, several techniques have been developed in the…

Cryptography and Security · Computer Science 2024-04-24 Abdelhakim Hannousse , Salima Yahiouche , Mohamed Cherif Nait-Hamoud

In a spoofing attack, a malicious actor impersonates a legitimate user to access or manipulate data without authorization. The vulnerability of cryptographic security mechanisms to compromised user credentials motivates spoofing attack…

Signal Processing · Electrical Eng. & Systems 2024-01-17 Tien Ngoc Ha , Daniel Romero

Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming…

Cryptography and Security · Computer Science 2023-05-01 Mahnoor Shahid

In this paper, we uncover a new off-path TCP hijacking attack that can be used to terminate victim TCP connections or inject forged data into victim TCP connections by manipulating the new mixed IPID assignment method, which is widely used…

Cryptography and Security · Computer Science 2020-09-01 Xuewei Feng , Chuanpu Fu , Qi Li , Kun Sun , Ke Xu

We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack,…

Cryptography and Security · Computer Science 2012-08-14 Yossi Gilad , Amir Herzberg

A key challenge in censorship-resistant web browsing is being able to direct legitimate users to redirection proxies while preventing censors, posing as insiders, from discovering their addresses and blocking them. We propose a new…

Cryptography and Security · Computer Science 2012-03-12 Qiyan Wang , Xun Gong , Giang T. K. Nguyen , Amir Houmansadr , Nikita Borisov

According to the Open Web Application Security Project (OWASP), Cross-Site Scripting (XSS) is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed…

Cryptography and Security · Computer Science 2025-05-01 Dennis Miczek , Divyesh Gabbireddy , Suman Saha

Passive operating system fingerprinting reveals valuable information to the defenders of heterogeneous private networks; at the same time, attackers can use fingerprinting to reconnoiter networks, so defenders need obfuscation techniques to…

Cryptography and Security · Computer Science 2017-06-27 Blake Anderson , David McGrew

DDoS attacks are simple, effective, and still pose a significant threat even after more than two decades. Given the recent success in machine learning, it is interesting to investigate how we can leverage deep learning to filter out…

Cryptography and Security · Computer Science 2020-12-15 Wesley Joon-Wie Tann , Jackie Tan Jin Wei , Joanna Purba , Ee-Chien Chang

In this paper, we unveil a fundamental side channel in Wi-Fi networks, specifically the observable frame size, which can be exploited by attackers to conduct TCP hijacking attacks. Despite the various security mechanisms (e.g., WEP and…

Networking and Internet Architecture · Computer Science 2024-10-02 Ziqiang Wang , Xuewei Feng , Qi Li , Kun Sun , Yuxiang Yang , Mengyuan Li , Ganqiu Du , Ke Xu , Jianping Wu

Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and…

Cryptography and Security · Computer Science 2023-02-28 Guodong Huang , Chuan Ma , Ming Ding , Yuwen Qian , Chunpeng Ge , Liming Fang , Zhe Liu

Denial-of-Service attacks continue to be a serious problem for the Internet community despite the fact that a large number of defense approaches has been proposed by the research community. In this paper we introduce IP Fast Hopping, easily…

Networking and Internet Architecture · Computer Science 2014-03-31 Vladimir Krylov , Kirill Kravtsov
‹ Prev 1 2 3 10 Next ›