Swift Student Challenge Submission | WWDC 2024
🎬 Watch Preview 🎬
My Swift Playground App aims to demonstrate the potential of Machine Learning in identifying various injection attacks that target input fields & implement best practices for validating & sanitizing user input.
Introducing Sanitron! Sanitron is a client-side bot that swiftly detects and prevents injection attacks using Machine Learning.
Let's get started!
Malicious input may have various characteristics that distinguish it from legitimate input.
Feature Extraction is done using GoogleColab using Python to effectively classify the user input into various injection attacks.
- Payload Length
- Number of Non-Printable Characters
- Number of Punctuation Characters
- Number of SQL Keywords
- Number of JS Keywords
- Number of OS Command Keywords
PurifyML is an ML-Model trained in CreateML with a Random Forest Algorithm. 6 features are used as input & label + labelProbability as output.
- Navigate to Input Inspector
- You can type or paste your input in the text field or select it from the Payload Dataset.
- Click on the "Inspect" button. It will extract all features from the input & use the PurifyML Model to predict the label output & label probability.
- You can also customize settings to sanitize malicious characters from input.
- It will show an analysis report from the PurifyML model & the attack type with its probability. Also, it will show sanitized input, if settings are configured.
Hurray! This is how we can simply employ Sanitron in your mobile applications to identify injection attacks.
SwiftUI, CreateML, CoreML, AVKit, Python, GoogleColab
- Payload wordlists: GitHub(danielmiessler/SecLists, swisskyrepo/PayloadsAllTheThings)
- Stats: HackerOne Hacker-Powered Security Report 2023
- Icons: Freepik.com
- Sounds: freesound.org
Thank you for checking out my Swift Playground App!!!