A Countermeasure to SQL Injection Attack for Cloud Environment

被引:18
|
作者
Wu, Tsu-Yang [1 ]
Chen, Chien-Ming [1 ]
Sun, Xiuyang [1 ]
Liu, Shuai [1 ]
Lin, Jerry Chun-Wei [2 ]
机构
[1] Harbin Inst Technol, Shenzhen Grad Sch, Sch Comp Sci & Technol, Shenzhen, Peoples R China
[2] Harbin Inst Technol, Shenzhen Grad Sch, Sch Comp Sci & Technol, IIIRC, Shenzhen, Peoples R China
来源
WIRELESS PERSONAL COMMUNICATIONS | 2017年 / 96卷 / 04期
基金
中国国家自然科学基金;
关键词
Cloud computing; SQL injection attack; Network security; SECURITY;
D O I
10.1007/s11277-016-3741-7
中图分类号
TN [电子技术、通信技术];
学科分类号
0809 ;
摘要
Although cloud computing becomes a new computing model, a variety of security threats have been described. Among these threats, SQL injection attack (SQLIA) has received increasing attention recently. In the past, many researchers had proposed several methods to counter SQLIAs. However, these countermeasures of SQLIAs cannot be applied to cloud environments directly. In this paper, we propose a mechanism called CCSD (Cloud Computing SQLIA Detection) to detect SQLIAs. CCSD does not require any access to the application's source code. Hence, it can be directly applied to existing cloud environments. The experimental results demonstrate that CCSD has high accuracy, low false positive rates and low time consumption.
引用
收藏
页码:5279 / 5293
页数:15
相关论文
共 50 条
  • [41] An Effective Method for Preventing SQL Injection Attack and Session Hijacking
    D'silva, Karis
    Vanajakshi, J.
    Manjunath, K. N.
    Prabhu, Srikanth
    2017 2ND IEEE INTERNATIONAL CONFERENCE ON RECENT TRENDS IN ELECTRONICS, INFORMATION & COMMUNICATION TECHNOLOGY (RTEICT), 2017, : 697 - 701
  • [42] SQL Injection Attack Detection Framework Based on HTTP Traffic
    Zhu, Zhongdong
    Jia, Shilin
    Li, Jishuai
    Qin, Sujuan
    Guo, Hui
    PROCEEDINGS OF ACM TURING AWARD CELEBRATION CONFERENCE, ACM TURC 2021, 2021, : 179 - 185
  • [43] How to Prevent SQL Injection Attack Based on Web Applications
    Zheng Haiyan
    Wu Weituan
    Zhang Ruili
    PROCEEDINGS OF THE 2015 INTERNATIONAL CONFERENCE ON INDUSTRIAL TECHNOLOGY AND MANAGEMENT SCIENCE (ITMS 2015), 2015, 34 : 854 - 857
  • [44] Integrated approach to prevent SQL injection attack and reflected cross site scripting attack
    Sharma, Pankaj
    Johari, Rahul
    Sarma, S. S.
    INTERNATIONAL JOURNAL OF SYSTEM ASSURANCE ENGINEERING AND MANAGEMENT, 2012, 3 (04) : 343 - 351
  • [45] Fault Injection Attack on Salsa20 and ChaCha and a Lightweight Countermeasure
    Fukushima, Kazuhide
    Xu, Rui
    Kiyomoto, Shinsaku
    Homma, Naofumi
    2017 16TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS / 11TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING / 14TH IEEE INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS, 2017, : 1032 - 1037
  • [46] A novel method for SQL injection attack detection based on removing SQL query attribute values
    Lee, Inyong
    Jeong, Soonki
    Yeo, Sangsoo
    Moon, Jongsub
    MATHEMATICAL AND COMPUTER MODELLING, 2012, 55 (1-2) : 58 - 68
  • [47] Policy Injection: A Cloud Dataplane DoS Attack
    Csikor, Levente
    Rothenberg, Christian
    Pezaros, Dimitrios P.
    Schmid, Stefan
    Toka, Laszlo
    Retvari, Gabor
    SIGCOMM'18: PROCEEDINGS OF THE ACM SIGCOMM 2018 CONFERENCE: POSTERS AND DEMOS, 2018, : 147 - 149
  • [48] Approach to detecting SQL injection behaviors in network environment
    Zhao Y.-F.
    Xiong G.
    He L.-T.
    Li Z.-J.
    Tongxin Xuebao/Journal on Communications, 2016, 37 (02): : 88 - 97
  • [49] Injection Attack Detection using the Removal of SQL Query Attribute Values
    Kim, Jeom Goo
    INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL, 2011, 14 (11): : 3831 - 3841
  • [50] On Predictive Errors of SQL Injection Attack Detection by the Feature of the Single Character
    Matsuda, Takeshi
    Koizumi, Daiki
    Sonoda, Michio
    Hirasawa, Shigeichi
    2011 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN, AND CYBERNETICS (SMC), 2011, : 1722 - 1727
12345