A Countermeasure to SQL Injection Attack for Cloud Environment

被引：18

作者：

Wu, Tsu-Yang ^{[1
]}

Chen, Chien-Ming ^{[1
]}

Sun, Xiuyang ^{[1
]}

Liu, Shuai ^{[1
]}

Lin, Jerry Chun-Wei ^{[2
]}

机构：

[1] Harbin Inst Technol, Shenzhen Grad Sch, Sch Comp Sci & Technol, Shenzhen, Peoples R China

[2] Harbin Inst Technol, Shenzhen Grad Sch, Sch Comp Sci & Technol, IIIRC, Shenzhen, Peoples R China

来源：

WIRELESS PERSONAL COMMUNICATIONS | 2017年 / 96卷 / 04期

基金：

中国国家自然科学基金;

关键词：

Cloud computing; SQL injection attack; Network security; SECURITY;

D O I：

10.1007/s11277-016-3741-7

中图分类号：

TN [电子技术、通信技术];

学科分类号：

0809 ;

摘要：

Although cloud computing becomes a new computing model, a variety of security threats have been described. Among these threats, SQL injection attack (SQLIA) has received increasing attention recently. In the past, many researchers had proposed several methods to counter SQLIAs. However, these countermeasures of SQLIAs cannot be applied to cloud environments directly. In this paper, we propose a mechanism called CCSD (Cloud Computing SQLIA Detection) to detect SQLIAs. CCSD does not require any access to the application's source code. Hence, it can be directly applied to existing cloud environments. The experimental results demonstrate that CCSD has high accuracy, low false positive rates and low time consumption.

引用

页码：5279 / 5293

页数：15

共 50 条

[21] DESIGN AND IMPLEMENTATION OF A DEFENSE MECHANISM FOR SQL INJECTION ATTACK
Du, Ye
Liu, Jiqiang
Li, Jieyuan
Li, Cheng
PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER THEORY AND ENGINEERING (ICACTE 2009), VOLS 1 AND 2, 2009, : 1499 - 1506
[22] Evaluation of Various Techniques for SQL Injection Attack Detection
Choras, Michal
Kozik, Rafal
PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON COMPUTER RECOGNITION SYSTEMS CORES 2013, 2013, 226 : 753 - 762
[23] SQL Injection: Types, Methodology, Attack Queries and Prevention
Singh, Nanhay
Dayal, Mohit
Raw, R. S.
Kumar, Suresh
PROCEEDINGS OF THE 10TH INDIACOM - 2016 3RD INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT, 2016, : 2872 - 2876
[24] An Adaptive Multiple-Fault Injection Attack on Microcontrollers and a Countermeasure
Endo, Sho
Homma, Naofumi
Hayashi, Yu-ichi
Takahashi, Junko
Fuji, Hitoshi
Aoki, Takafumi
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2015, E98A (01) : 171 - 181
[25] Buffer overflow attack with multiple fault injection and a proven countermeasure
Nashimoto S.
Homma N.
Hayashi Y.-I.
Takahashi J.
Fuji H.
Aoki T.
Journal of Cryptographic Engineering, 2017, 7 (1) : 35 - 46
[26] False Data Injection Attack and Corresponding Countermeasure in Multienergy Systems
Zhang, Qiwei
Li, Fangxing
Zhao, Jin
She, Buxin
IEEE TRANSACTIONS ON POWER SYSTEMS, 2024, 39 (02) : 3537 - 3547
[27] Prevention of SQL attack over cloud data hashing technique
Maheshwaran, V.C.
Anand, Bright
Devi, T.
Test Engineering and Management, 2019, 81 (11-12): : 5522 - 5526
[28] Analysis of SQL injection attacks in the cloud and in WEB applications
Kumar, Animesh
Dutta, Sandip
Pranav, Prashant
SECURITY AND PRIVACY, 2024, 7 (03)
[29] A new algorithm for detecting SQL injection attack in Web application
Lounis, Ouarda
Guermeche, Salah Eddine Bouhouita
Saoudi, Lalia
Benaicha, Salah Eddine
2014 SCIENCE AND INFORMATION CONFERENCE (SAI), 2014, : 589 - 594
[30] Defeating SQL injection attack in authentication security: an experimental study
Das, Debasish
Sharma, Utpal
Bhattacharyya, D. K.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2019, 18 (01) : 1 - 22

← 1 2 3 4 5 →