Implementation of pattern matching algorithm to defend SQLIA

SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. SQL injection is one of the technique by which a malicious user alters SQL statements to serve a different purpose than what was originally intended. In network security pattern matching is used to detect malicious packets. Most of the pattern based techniques use static analysis and patterns are generated from the attacked statements. In the existing system the algorithm which they have used is not memory efficient. We have proposed a detection and prevention technique for SQL Injection Attack (SQLIA) using modified Aho-Corasick pattern matching algorithm. In proposed system the user generated SQL Queries are checked whether they are SQL injected or not using SQLMAP tool and AIIDA-sql techniques. Then the user generated SQL queries are checked by applying static pattern matching algorithm. In the new system, if any form of new anomaly occurs, then a new anomaly pattern will be updated to the existing static pattern list. In addition, the repeated keywords are stored only once which optimizes overall memory consumption. (C) 2015 The Authors. Published by Elsevier B.V.