Hybrid Approach to Detect SQLi Attacks and Evasion Techniques

被引:3
|
作者
Makiou, Abdelhamid [1 ]
Begriche, Youcef [1 ]
Serhrouchni, Ahmed [1 ]
机构
[1] Telecom Paristech, 48 Rue Barrault, F-75013 Paris, France
来源
2014 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING (COLLABORATECOM) | 2014年
关键词
SQL injection; Web Application Firewall; HTTP dissection; machine learning; Security rules;
D O I
10.4108/icst.collaboratecom.2014.257568
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules.
引用
收藏
页码:452 / 456
页数:5
相关论文
共 50 条
  • [1] A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks
    Ashlam, Ahmed Abadulla
    Badii, Atta
    Stahl, Frederic
    [J]. PROCEEDINGS OF THE 2022 5TH INTERNATIONAL CONFERENCE ON ADVANCED SYSTEMS AND EMERGENT TECHNOLOGIES IC_ASET'2022), 2022, : 513 - 517
  • [2] Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques
    Wubetu Barud Demilie
    Fitsum Gizachew Deriba
    [J]. Journal of Big Data, 9
  • [3] Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques
    Demilie, Wubetu Barud
    Deriba, Fitsum Gizachew
    [J]. JOURNAL OF BIG DATA, 2022, 9 (01)
  • [4] A Hybrid Approach to Detect Injection Attacks on Server-side Applications using Data Mining Techniques
    Ahmed, Abu Syeed Sajid
    Shachi, Mehjabeen
    Brishty, Afsana Afrin
    Siddiqui, Nurnaby
    Sakib, Nazmus
    [J]. 2021 3RD INTERNATIONAL CONFERENCE ON SUSTAINABLE TECHNOLOGIES FOR INDUSTRY 4.0 (STI), 2021,
  • [5] Using SQLMAP to Detect SQLI Vulnerabilities
    Almadhy, Waad
    Alruwaili, Amal
    Hendaoui, Saloua
    [J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2022, 22 (01): : 234 - 240
  • [6] A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
    Daneshgadeh, Salva
    Kemmerich, Thomas
    Ahmed, Tarem
    Baykal, Nazife
    [J]. 2018 IEEE 17TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA), 2018,
  • [7] SQLI Attacks: Current State and Mitigation in SDLC
    Kaur, Daljit
    Kaur, Parminder
    [J]. PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON FRONTIERS IN INTELLIGENT COMPUTING: THEORY AND APPLICATIONS, FICTA 2016, VOL 1, 2017, 515 : 673 - 680
  • [8] Securing web applications against XSS and SQLi attacks using a novel deep learning approach
    Jaydeep R. Tadhani
    Vipul Vekariya
    Vishal Sorathiya
    Samah Alshathri
    Walid El-Shafai
    [J]. Scientific Reports, 14
  • [9] Hybrid Algorithm to Detect DDoS Attacks in VANETs
    Adhikary, Kaushik
    Bhushan, Shashi
    Kumar, Sunil
    Dutta, Kamlesh
    [J]. WIRELESS PERSONAL COMMUNICATIONS, 2020, 114 (04) : 3613 - 3634
  • [10] Evasion Attacks Against Watermarking Techniques found in MLaaS Systems
    Hitaj, Dorjan
    Hitaj, Briland
    Mancini, Luigi V.
    [J]. 2019 SIXTH INTERNATIONAL CONFERENCE ON SOFTWARE DEFINED SYSTEMS (SDS), 2019, : 55 - 63
12345