Related papers: Off-Path Attacking the Web
The global rise of online users and online devices has ultimately given rise to the global internet population apart from several cybercrimes and cyberattacks. The combination of emerging new technology and powerful algorithms (of…
Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms…
Cross-site scripting (XSS) poses a significant threat to web application security. While Deep Learning (DL) has shown remarkable success in detecting XSS attacks, it remains vulnerable to adversarial attacks due to the discontinuous nature…
The paper demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker. The attacker sends to a victim a sequence of identical spoofed segments.…
Recent web-based cyber attacks are evolving into a new form of attacks such as private information theft and DDoS attack exploiting JavaScript within a web page. These attacks can be made just by accessing a web site without distribution of…
After more than 40 years of development, the fundamental TCP/IP protocol suite, serving as the backbone of the Internet, is widely recognized for having achieved an elevated level of robustness and security. Distinctively, we take a new…
In a spoofing attack, an attacker impersonates a legitimate user to access or tamper with data intended for or produced by the legitimate user. In wireless communication systems, these attacks may be detected by relying on features of the…
Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of…
Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its reveal in late 1999 by Microsoft security engineers, several techniques have been developed in the…
In a spoofing attack, a malicious actor impersonates a legitimate user to access or manipulate data without authorization. The vulnerability of cryptographic security mechanisms to compromised user credentials motivates spoofing attack…
Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming…
In this paper, we uncover a new off-path TCP hijacking attack that can be used to terminate victim TCP connections or inject forged data into victim TCP connections by manipulating the new mixed IPID assignment method, which is widely used…
We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack,…
A key challenge in censorship-resistant web browsing is being able to direct legitimate users to redirection proxies while preventing censors, posing as insiders, from discovering their addresses and blocking them. We propose a new…
According to the Open Web Application Security Project (OWASP), Cross-Site Scripting (XSS) is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed…
Passive operating system fingerprinting reveals valuable information to the defenders of heterogeneous private networks; at the same time, attackers can use fingerprinting to reconnoiter networks, so defenders need obfuscation techniques to…
DDoS attacks are simple, effective, and still pose a significant threat even after more than two decades. Given the recent success in machine learning, it is interesting to investigate how we can leverage deep learning to filter out…
In this paper, we unveil a fundamental side channel in Wi-Fi networks, specifically the observable frame size, which can be exploited by attackers to conduct TCP hijacking attacks. Despite the various security mechanisms (e.g., WEP and…
Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and…
Denial-of-Service attacks continue to be a serious problem for the Internet community despite the fact that a large number of defense approaches has been proposed by the research community. In this paper we introduce IP Fast Hopping, easily…