Defeating SQL injection attack in authentication security: an experimental study

被引:4
|
作者
Das, Debasish [1 ]
Sharma, Utpal [1 ]
Bhattacharyya, D. K. [1 ]
机构
[1] Tezpur Univ, Dept Comp Sci & Engn, Tezpur, India
来源
INTERNATIONAL JOURNAL OF INFORMATION SECURITY | 2019年 / 18卷 / 01期
关键词
Web-application; SQL injection; Naive Bayes; SVM; Tree-based; Edit-distance; Classification;
D O I
10.1007/s10207-017-0393-x
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we consider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised classification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security.
引用
收藏
页码:1 / 22
页数:22
相关论文
共 50 条
  • [1] Defeating SQL injection attack in authentication security: an experimental study
    Debasish Das
    Utpal Sharma
    D. K. Bhattacharyya
    International Journal of Information Security, 2019, 18 : 1 - 22
  • [2] SQL injection authentication security threat
    Mane, Sulakshana B.
    Kakade, Kiran Shrimant
    Shingare, S. P.
    Halgare, Nanasaheb M.
    INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2024, 16 (04) : 474 - 485
  • [3] Defeating SQL Injection
    Shar, Lwin Khin
    Tan, Hee Beng Kuan
    COMPUTER, 2013, 46 (03) : 69 - 77
  • [4] A Top Web Security Vulnerability SQL Injection attack - Survey
    Abirami, J.
    Devakunchari, R.
    Valliyammai, C.
    2015 SEVENTH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING (ICOAC), 2015,
  • [5] Result Evaluation of Field Authentication based SQL Injection and XSS Attack Exposure
    Dikhit, Ajay Singh
    Karodiya, Khusbhoo
    2017 IEEE INTERNATIONAL CONFERENCE ON INFORMATION, COMMUNICATION, INSTRUMENTATION AND CONTROL (ICICIC), 2017,
  • [6] Modeling a SQL Injection Attack
    Kaur, Navdeep
    Kaur, Parminder
    PROCEEDINGS OF THE 10TH INDIACOM - 2016 3RD INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT, 2016, : 77 - 82
  • [7] Detection Model for SQL Injection Attack: An Approach for Preventing a Web Application from the SQL Injection Attack
    Buja, Geogiana
    Bin Abd Jalil, Kamarularifin
    Ali, Fakariah Bt Hj Mohd
    Rahman, Teh Faradilla Abdul
    2014 IEEE SYMPOSIUM ON COMPUTER APPLICATIONS AND INDUSTRIAL ELECTRONICS (ISCAIE), 2014,
  • [8] A Multilevel System to Mitigate DDoS, Brute force and SQL Injection Attack for Cloud Security
    Patil, Ajit
    Athawale, S. V.
    Tathawade, Priya
    Laturkar, Aishwarya
    Takale, Rutuja
    2017 IEEE INTERNATIONAL CONFERENCE ON INFORMATION, COMMUNICATION, INSTRUMENTATION AND CONTROL (ICICIC), 2017,
  • [9] SQL Filtering: An Effective Technique to Prevent SQL Injection Attack
    Dubey, Rhythm
    Gupta, Himanshu
    2016 5TH INTERNATIONAL CONFERENCE ON RELIABILITY, INFOCOM TECHNOLOGIES AND OPTIMIZATION (TRENDS AND FUTURE DIRECTIONS) (ICRITO), 2016, : 312 - 317
  • [10] Analysis and implementation of SQL injection attack and countermeasures using SQL injection prevention techniques
    Jesudoss, A.
    Mercy, Theresa M.
    Christy, A.
    Maheswari, M.
    Selvi, M.
    Ulagamuthalvi, V
    INTERNATIONAL JOURNAL OF ENGINEERING SYSTEMS MODELLING AND SIMULATION, 2022, 13 (04) : 262 - 267
12345