Thursday, January 23, 2014

DISM Final Year Project Sharing - Uncovering the Masqueraded Code

Project Title: Uncovering the Masqueraded Code Project
Categories: Masqueraded Code, Code Analyser.
Students:  Li Hong Sheng Gabriel, Leong Jian Hao and Han Xing Jie.

Li Hong Sheng Gabriel, Leong Jian Hao and Han Xing Jie
Masqueraded code is represented in a form that does not resemble a piece of code. The original data could be code, plaintext, etc. This presents a feeling of uncertainty over the content and intent of the data. Website administrators, in particular, would be greatly concerned about the data that users are sending to their servers, especially due to the proliferation of SQL-injection attacks.

Web-based attacks are being more rampant with the increasing popularity of the internet. The types of attacks are being more sophisticated as well. There is no simple way to secure web applications or ensure the legitimacy of user input. Among these attacks, masqueraded code is the most common technique that attackers would use to bypass security controls. Hence, detecting and uncovering masqueraded code is paramount in enhancing the security of web applications.
The objective of this project is to develop an algorithm that can be used to detect masqueraded code and de-masquerade it. A proof-of-concept will be developed consisting of the algorithm to showcase the functionality of what the algorithm can achieve.

Potential Opportunities
The de-masquerading algorithm can be applied in commercial applications (e.g. website back-end databases) to enhance the identification of possible web-attacks.

No comments:

Post a Comment