A new XML-based injection filter is proposed in this research work to prevent and detect injection attacks. The validation approach is used as a security mechanism in this research work and presents an XML-based injection filter framework. The self-aware message validating algorithm estimates the causes of incoming queries dynamically. The proposed algorithms have been tested and evaluated against various XML-based attacks. The conventional firewall and filters are lacking in detecting and preventing XML-based attacks because these attacks contain huge volumes of data and are cluttered in nature. Therefore, a new XML-based injection filter is proposed in this research work to prevent and detect attacks. The results show that the algorithm is very robust against attacks. This filter prevents significant attacks by using a parameter tampering filter, coercive parsing filter, oversized message filter, message replay filter, and semantic URL filter.

1. S. Chawathe, “Comparing hierarchical data in external memory,” in Proceedings of the Twenty-Fifth International Conference on Very Large Data Bases, pp. 90-101, 1999.
2. A. Nierman and H. V. Jagadish, “Evaluating structural similarity in XML documents,” in Proceedings of the Fifth International Workshop on the Web and Databases, vol. 2, pp. 61-67, 2002.
3. I. Mlynkova, “Equivalence of XSD constructs and its exploitation in similarity evaluation,” in On the Move to Meaningful Internet Systems: OTM 2008 (pp. 1253-1270). Springer Berlin Heidelberg, 2008. https://dx.doi.org/10.1007/978-3-540-88873-4_24
4. S. Shah, “Defending web services using mod security (apache): Methodology and filtering techniques,” Several Advisories On Security Flaws, 2002.
5. M. Cremonini, S. Vimercati, E. Damiani and P. Samarati, “An XML-Based approach to combine firewalls and web services security specifications,” in Proceedings of ACM Workshop XML Security, Virginia, pp. 69-78, 2003. https://dx.doi.org/10.1145/968559.968571
6. P. Lindstrom, “Attacking and defending web services, 2013,” A Spire Research Report, 2004.
7. E. Bertino, L. Martino, F. Paci and A. Squicciarini, Security for Web Services and Service-Oriented Architectures, 1st ed. Berlin: Germany, Springer Publisher.

E. Uma, A. Kannan, “Self-aware message validating algorithm for preventing XML-based injection attacks.” International Journal of Technology and Engineering Studies, vol. 2, no. 3, pp. 60-69, 2016.