Defeating SQL injection attack in authentication security: an experimental study

被引:4
|
作者
Das, Debasish [1 ]
Sharma, Utpal [1 ]
Bhattacharyya, D. K. [1 ]
机构
[1] Tezpur Univ, Dept Comp Sci & Engn, Tezpur, India
来源
INTERNATIONAL JOURNAL OF INFORMATION SECURITY | 2019年 / 18卷 / 01期
关键词
Web-application; SQL injection; Naive Bayes; SVM; Tree-based; Edit-distance; Classification;
D O I
10.1007/s10207-017-0393-x
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we consider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised classification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security.
引用
收藏
页码:1 / 22
页数:22
相关论文
共 50 条
  • [21] Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks
    Naderi-Afooshteh, Abbas
    Anh Nguyen-Tuong
    Bagheri-Marzijarani, Mandana
    Hiser, Jason D.
    Davidson, Jack W.
    2015 45TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, 2015, : 172 - 183
  • [22] XML-Based Authentication to Handle SQL Injection
    Mishra, Nitin
    Chaturvedi, Saumya
    Sharma, Anil Kumar
    Choudhary, Shantanu
    PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON SOFT COMPUTING FOR PROBLEM SOLVING (SOCPROS 2012), 2014, 236 : 739 - 749
  • [23] An Authentication Mechanism to Prevent SQL Injection by Syntactic Analysis
    Ramesh, Ashwin
    Bhowmick, Anirban
    Lal, Anand Vardhan
    2015 INTERNATIONAL CONFERENCE ON TRENDS IN AUTOMATION, COMMUNICATIONS AND COMPUTING TECHNOLOGY (I-TACT-15), 2015,
  • [24] Client-Side Detection of SQL Injection Attack
    Shahriar, Hossain
    North, Sarah
    Chen, Wei-Chuen
    ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS (CAISE), 2013, 148 : 512 - 517
  • [25] A Review of Database Forensic Analysis For SQL Injection Attack
    Rahman, Muhammad Razif A. B.
    Abd Manaf, Azizah
    VISION 2020: SUSTAINABLE GROWTH, ECONOMIC DEVELOPMENT, AND GLOBAL COMPETITIVENESS, VOLS 1-5, 2014, : 201 - 206
  • [26] SQL injection attack detection in network flow data
    Crespo-Martinez, Ignacio Samuel
    Campazas-Vega, Adrian
    Guerrero-Higueras, Angel Manuel
    Riego-DelCastillo, Virginia
    Alvarez-Aparicio, Claudia
    Fernandez-Llamas, Camino
    COMPUTERS & SECURITY, 2023, 127
  • [27] Artificial Intelligence Techniques for SQL Injection Attack Detection
    Irungu, John
    Graham, Steffi
    Girma, Anteneh
    Kacem, Thabet
    PROCEEDINGS OF 2023 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT INFORMATION TECHNOLOGY, ICIIT 2023, 2023, : 38 - 45
  • [28] DESIGN AND IMPLEMENTATION OF A DEFENSE MECHANISM FOR SQL INJECTION ATTACK
    Du, Ye
    Liu, Jiqiang
    Li, Jieyuan
    Li, Cheng
    PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER THEORY AND ENGINEERING (ICACTE 2009), VOLS 1 AND 2, 2009, : 1499 - 1506
  • [29] Evaluation of Various Techniques for SQL Injection Attack Detection
    Choras, Michal
    Kozik, Rafal
    PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON COMPUTER RECOGNITION SYSTEMS CORES 2013, 2013, 226 : 753 - 762
  • [30] THE IMPACT OF SQL INJECTION ATTACKS ON THE SECURITY OF DATABASES
    Thiyab, Rua Mohamed
    Ali, Musab A. M.
    Basil, Farooq
    Abdulqader
    PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON COMPUTING AND INFORMATICS: EMBRACING ECO-FRIENDLY COMPUTING, 2017, : 323 - 331
12345