Hybrid Approach to Detect SQLi Attacks and Evasion Techniques

被引：3

作者：

Makiou, Abdelhamid ^{[1
]}

Begriche, Youcef ^{[1
]}

Serhrouchni, Ahmed ^{[1
]}

机构：

[1] Telecom Paristech, 48 Rue Barrault, F-75013 Paris, France

来源：

2014 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING (COLLABORATECOM) | 2014年

关键词：

SQL injection; Web Application Firewall; HTTP dissection; machine learning; Security rules;

D O I：

10.4108/icst.collaboratecom.2014.257568

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules.

引用

页码：452 / 456

页数：5

共 50 条

[21] Hybrid Method for the Detection of Evasion Attacks Aimed at Machine Learning Systems
Kalinin, M. O.
Suprun, A. F.
Ivanova, O. D.
[J]. AUTOMATIC CONTROL AND COMPUTER SCIENCES, 2023, 57 (08) : 983 - 988
[22] A new multistage approach to detect subtle DDoS attacks
Wang, Fei
Wang, Hailong
Wang, Xiaofeng
Su, Jinshu
[J]. MATHEMATICAL AND COMPUTER MODELLING, 2012, 55 (1-2) : 198 - 213
[23] An ISP level distributed approach to detect DDoS attacks
Kumar, Krishan
Joshi, R. C.
Singh, Kuldip
[J]. INNOVATIVE ALGORITHMS AND TECHNIQUES IN AUTOMATION, INDUSTRIAL ELECTRONICS AND TELECOMMUNICATIONS, 2007, : 235 - +
[24] An Approach to Detect Network Attacks Applied for Network Forensics
Nguyen, Khoa
Tran, Dat
Ma, Wanli
Sharma, Dharmendra
[J]. 2014 11TH INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS AND KNOWLEDGE DISCOVERY (FSKD), 2014, : 655 - 660
[25] Evasion Attacks in Smart Power Grids: A Deep Reinforcement Learning Approach
El-Toukhy, Ahmed T.
Mahmoud, Mohamed
Bondok, Atef H.
Fouda, Mostafa M.
Alsabaan, Maazen
[J]. 2024 IEEE 21ST CONSUMER COMMUNICATIONS & NETWORKING CONFERENCE, CCNC, 2024, : 708 - 713
[26] Event-based alert correlation system to detect SQLI activities
Alserhani, Faeiz
Akhlaq, Monis
Awan, Irfan U.
Cullen, Andrea J.
[J]. 25TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA 2011), 2011, : 175 - 182
[27] Deep learning techniques to detect cybersecurity attacks: a systematic mapping study
Damiano Torre
Frantzy Mesadieu
Anitha Chennamaneni
[J]. Empirical Software Engineering, 2023, 28
[28] Analyses of Flow Based Techniques to Detect Distributed Denial of Service Attacks
Saboor, A.
Aslam, B.
[J]. 2015 12TH INTERNATIONAL BHURBAN CONFERENCE ON APPLIED SCIENCES AND TECHNOLOGY (IBCAST), 2015, : 354 - 362
[29] Machine learning techniques applied to detect cyber attacks on web applications
Choras, Michal
Kozik, Rafal
[J]. LOGIC JOURNAL OF THE IGPL, 2015, 23 (01) : 45 - 56
[30] A COMPREHENSIVE IDS TO DETECT BOTNET ATTACKS USING MACHINE LEARNING TECHNIQUES
Alghamdi, Abdullah
Barsoum, Ayad
[J]. 2024 IEEE 3RD INTERNATIONAL CONFERENCE ON COMPUTING AND MACHINE INTELLIGENCE, ICMI 2024, 2024,

← 1 2 3 4 5 →