M. SAOUDI Lalia

MAA

Directory of teachers

Department

Informatics Department

Research Interests

web security

Contact Info

University of M'Sila, Algeria

Email : lalia.saoudi@univ-msila.dz

On the Web:

  • Google Scholar N/A
  • ResearchGate
    ResearchGate N/A
  • ORCID N/A
  • SC
    Scopus N/A

Recent Publications

2019

Implementation of Web Browser Extension for Mitigating CSRF Attack

CSRF is one of the most serious cyber-attacks and has been recognized among the major threats and among the top ten worst vulnerabilities of web applications. CSRF attack occurs when the attacker takes the advantages of implicit authentication mechanisms of HTTP protocol and cached credentials in the browser to execute a sensitive action on a target website behalf of an authenticated user without his knowledge. In this paper, we present a CSRF protection mechanism that can be added to Google Chrome browser as an extension. Our tool “CSRF Detector” is purely implemented on the client-side to defeat the attacker attempt to perform CSRF attacks by analyzing web requests and web pages content to detect all the basic and advanced CSRF attacks. Our evaluation result shows that CSRF Detector extension successfully detects all the generated attacks and it has the ability to protect users and web applications against CSRF attacks with no false positive. Keywords CSRF Detector CSRF attack Google chrome extension Client-side attack detection
Citation

M. SAOUDI Lalia, (2019), "Implementation of Web Browser Extension for Mitigating CSRF Attack", [international] WorldCIST'19 2019. , La Toja Island, Galicia, Spain

Read Full Paper

A rejection-based approach for detecting SQL injection vulnerabilities in Web applications

Abstract. According to OWASP top10 Application Security Risks[8, 9]
SQL injection (SQLi) remains the most dangerous and most commonly
exploited vulnerability in web applications. Thus, a lot of attentions are
devoted by the scienti c community for the development of SQLi veri -
cation tools. In this paper we focus on the development of an ecient,
black box, SQLi vulnerability scanner to achieve an accurate detection.
Our new approach is based on the use of structural similarity between
rejection pages and their corresponding injection pages. A software pro-
totype has been implemented and showed promising results as compared
to well-known web application scanners.
Keywords: SQL injection vulnerability detection  Web page structural
similarity  black box scanner
Citation

M. SAOUDI Lalia, (2019), "A rejection-based approach for detecting SQL injection vulnerabilities in Web applications", [international] The 12th International Symposium on Foundations & Practice of Security FPS 2019 , Toulouse -france

Read Full Paper
2018

XSS Attack Detection Approach Based on Scripts Features Analysis

Cross-Site Scripting (XSS) attacks are type of injection problems in modern Web applications that can be exploited by injecting JavaScript code. By now there have been a variety of defensive techniques to protect web application against XSS injection attack, but XSS still cannot be totally detected by injecting benign code of JavaScript: injecting of existing method calls or overriding an existing method definition. Moreover, the present server-side XSS detection systems are based on source code modification of the supervised application. In this project, we developed a server side XSS detection approach based on scripts features analysis, which permits the detection of a wide range of injected scripts: malicious script or legitimate script which is similar to the benign script, without any modification of application source code. Our approach is evaluated on three web applications. The experimental results prove that our approach detects a wide range of XSS attacks.
Citation

M. SAOUDI Lalia, (2018), "XSS Attack Detection Approach Based on Scripts Features Analysis", [international] WorldCIST'18 2018 6th World Conference on Information Systems and Technologies , Naples, Italy

Read Full Paper

Implementation of Web Browser Extension for Mitigating Clickjacking Attack

Clickjacking is an attack that attracts the web surfer to click on invisible elements on a malicious web page to perform an unwanted action which is beneficial for the attacker. Many recent research studies have shown that clickjacking is the primary source of different exploitations such as cross site request forgery ( CSRF) and phishing attacks. In this paper we propose ClickDetector, a chrome extension to defeat the attacker attempt to perform clickjacking attacks; it detects all advanced clickjacking attacks techniques reported by OWASP, Our ClickDetector tool is composed of the following components, based on the following three steps: • Request analysis. • Response header analysis • Response page analysis With the adoption of user’s feedback to make future interactions to be more informed for new users. Users also are able to choose google safe browsing service for more protection. The obtained experimental results demonstrate that our ClickDetector extension successfully detects all generated attacks with no false positive; this proves the effectiveness of our extension without any effect on browser performance.
Citation

M. SAOUDI Lalia, (2018), "Implementation of Web Browser Extension for Mitigating Clickjacking Attack", [international] 8th International Conference on Sciences of Electronics,Technologies of Information and Telecommunications (SETIT’18) , At Hôtel Méhari Hammamet,Tunisia

Read Full Paper
2014

Intrusion detection system using genetic algorithm

n this paper, we present a Genetic Algorithm (GA) approach with an improved initial population and selection operator, to efficiently detect various types of network intrusions. GA is used to optimize the search of attack scenarios in audit files, thanks to its good balance exploration / exploitation; it provides the subset of potential attacks which are present in the audit file in a reasonable processing time. In the testing phase the Network Security Laboratory-Knowledge Discovery and Data Mining (NSL-KDD99) benchmark dataset has been used to detect the misuse activities. By combining the IDS with Genetic algorithm increases the performance of the detection rate of the Network Intrusion Detection Model and reduces the false positive rate.
Citation

M. SAOUDI Lalia, (2014), "Intrusion detection system using genetic algorithm", [international] 2014 Science and Information Conference (SAI) , londre

Read Full Paper

A new algorithm for detecting SQL injection attack in Web application

Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit tool, it uses an algorithm which bases on a classification techniques of pages obtained by sending HTTP requests especially formatted. We propose in this paper a new algorithm which was built in a vision to improve rather to supplement the logic followed in modeling WASAPY tool. The tool was supplemented by a new class reflecting the legitimate appearance or referential, therefore, the detection mechanism was solidly built on a statistic in a fairly clear mathematical framework described by a simple geometric representation or interpretation.
Citation

M. SAOUDI Lalia, (2014), "A new algorithm for detecting SQL injection attack in Web application", [international] International Journal of Advanced Computer Science and Applications , londre

Read Full Paper
← Back to Researchers List