<p>The security of Web services for both users and developers is crucial; given that WebAssembly is an emerging format that has seen increasing attention in this environment over the years, new security measures are necessary. Despite this, intrusion detection solutions for WebAssembly applications are mostly confined to static binary analysis. We introduce an innovative method for dynamic WebAssembly intrusion detection through data categorization and machine learning. Our method analyzes communication data extracted from the WebAssembly sandbox to more effectively capture the behavior of applications. Our approach was validated through two strategies, both online and offline, to evaluate the effectiveness of categorical data for intrusion detection. The results obtained demonstrate that both strategies are viable for WebAssembly intrusion detection, showing a high detection rate with low false-negative and false-positive rates.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Method for Detecting Anomalies in WebAssembly Using Categorical Data

  • Tiago Heinrich,
  • Newton Carlos Will,
  • Rafael Obelheiro,
  • Carlos Maziero

摘要

The security of Web services for both users and developers is crucial; given that WebAssembly is an emerging format that has seen increasing attention in this environment over the years, new security measures are necessary. Despite this, intrusion detection solutions for WebAssembly applications are mostly confined to static binary analysis. We introduce an innovative method for dynamic WebAssembly intrusion detection through data categorization and machine learning. Our method analyzes communication data extracted from the WebAssembly sandbox to more effectively capture the behavior of applications. Our approach was validated through two strategies, both online and offline, to evaluate the effectiveness of categorical data for intrusion detection. The results obtained demonstrate that both strategies are viable for WebAssembly intrusion detection, showing a high detection rate with low false-negative and false-positive rates.