Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
Essential information
- Published
- 02/10/2024 01:12
- Modified
- 02/10/2024 10:52
- Tags
- 2024-10-01 2024-10-02 dork-based checker machine learning s.a.s sql injection swiss army suite telemetry analysis underground tools vulnerability scanning web application security
- Related entities
- 8 observables, 10 techniques (mitre), 1 malware, 4 others
Description
Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL vulnerability scanner. The research team analyzed the tool's traffic patterns and conducted tests against a vulnerable web application. The main users of this tool were found to be from the U.S., Romania, U.K., and U.A.E. The article emphasizes the importance of machine learning models in detecting unknown attacks and differentiating between automated scans and actual attacks.