Hybrid Approach to Detect SQLi Attacks and Evasion Techniques

被引：3

作者：

Makiou, Abdelhamid ^{[1
]}

Begriche, Youcef ^{[1
]}

Serhrouchni, Ahmed ^{[1
]}

机构：

[1] Telecom Paristech, 48 Rue Barrault, F-75013 Paris, France

来源：

2014 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING (COLLABORATECOM) | 2014年

关键词：

SQL injection; Web Application Firewall; HTTP dissection; machine learning; Security rules;

D O I：

10.4108/icst.collaboratecom.2014.257568

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules.

引用

页码：452 / 456

页数：5

共 50 条

[31] Machine learning techniques applied to detect cyber attacks on web applications
Choras, Michal
Kozik, Rafal
[J]. LOGIC JOURNAL OF THE IGPL, 2015, 23 (01) : 45 - 56
[32] Deep learning techniques to detect cybersecurity attacks: a systematic mapping study
Torre, Damiano
Mesadieu, Frantzy
Chennamaneni, Anitha
[J]. EMPIRICAL SOFTWARE ENGINEERING, 2023, 28 (03)
[33] Applying Machine Learning Techniques to Detect and Analyze Web Phishing Attacks
Cuzzocrea, Alfredo
Martinelli, Fabio
Mercaldo, Francesco
[J]. IIWAS2018: THE 20TH INTERNATIONAL CONFERENCE ON INFORMATION INTEGRATION AND WEB-BASED APPLICATIONS & SERVICES, 2014, : 355 - 359
[34] Hybrid approach model for prevention of tax evasion and fraud
Stankevicius, Evaldas
Leonas, Linas
[J]. 20TH INTERNATIONAL SCIENTIFIC CONFERENCE - ECONOMICS AND MANAGEMENT 2015 (ICEM-2015), 2015, 213 : 383 - 389
[35] Machine Learning Techniques to Detect DDoS Attacks on VANET System: A Survey
Alrehan, Alia Mohammed
Al-Haidari, Fahd
[J]. 2019 2ND INTERNATIONAL CONFERENCE ON COMPUTER APPLICATIONS & INFORMATION SECURITY (ICCAIS), 2019,
[36] Composite hybrid techniques for defending against targeted attacks
Sidiroglou, Stelios
Keromytis, Angelos D.
[J]. MALWARE DETECTION, 2007, : 213 - +
[37] Hybrid machine learning: A tool to detect phishing attacks in communication networks
Abidoye A.P.
Kabaso B.
[J]. Intl. J. Adv. Comput. Sci. Appl., 2020, 6 (559-569): : 559 - 569
[38] Hybrid Machine Learning: A Tool to Detect Phishing Attacks in Communication Networks
Abidoye, Ademola Philip
Kabaso, Boniface
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2020, 11 (06) : 559 - 569
[39] A Static Approach to Detect Drive-by-download Attacks on Webpages
Priya, M.
Sandhya, L.
Thomas, Ciza
[J]. 2013 INTERNATIONAL CONFERENCE ON CONTROL COMMUNICATION AND COMPUTING (ICCC), 2013, : 298 - +
[40] CLIQUE clustering approach to detect denial-of-service attacks
Bethi, SK
Phoha, VV
Reddy, YB
[J]. PROCEEDINGS FROM THE FIFTH IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2004, : 447 - 448

← 1 2 3 4 5 →