A novel method for SQL injection attack detection based on removing SQL query attribute values

被引：62

作者：

Lee, Inyong ^{[2
]}

Jeong, Soonki ^{[3
]}

Yeo, Sangsoo ^{[4
]}

Moon, Jongsub ^{[1
]}

机构：

[1] Korea Univ, Dept Elect & Informat Engn, Yeonkigun 339700, Choongnam, South Korea

[2] Korea Univ, Ctr Informat Secur Technol, Seoul 136713, South Korea

[3] Korea Univ, Grad Sch Informat Secur, Seoul 136713, South Korea

[4] Mokwon Univ, Div Comp Engn, Taejon 302729, South Korea

来源：

MATHEMATICAL AND COMPUTER MODELLING | 2012年 / 55卷 / 1-2期

关键词：

SQL injection attack; SQL query; A combined dynamic and static method; DBMS; Web application;

D O I：

10.1016/j.mcm.2011.01.050

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

SQL injection or SQL insertion attack is a code injection technique that exploits a security vulnerability occurring in the database layer of an application and a service. This is most often found within web pages with dynamic content. This paper proposes a very simple and effective detection method for SQL injection attacks. The method removes the value of an SQL query attribute of web pages when parameters are submitted and then compares it with a predetermined one. This method uses combined static and dynamic analysis. The experiments show that the proposed method is very effective and simple than any other methods. (C) 2011 Elsevier Ltd. All rights reserved.

引用

页码：58 / 68

页数：11

共 50 条

[1] Injection Attack Detection using the Removal of SQL Query Attribute Values
Kim, Jeom Goo
[J]. INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL, 2011, 14 (11): : 3831 - 3841
[2] Detection of SQL Injection Attacks by Removing the Parameter Values of SQL Query
Katole, Rajashree A.
Sherekar, Swati S.
Thakare, Vilas M.
[J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON INVENTIVE SYSTEMS AND CONTROL (ICISC 2018), 2018, : 736 - 741
[3] Data-mining based SQL injection attack detection using internal query trees
Kim, Mi-Yeon
Lee, Dong Hoon
[J]. EXPERT SYSTEMS WITH APPLICATIONS, 2014, 41 (11) : 5416 - 5430
[4] Detection Model for SQL Injection Attack: An Approach for Preventing a Web Application from the SQL Injection Attack
Buja, Geogiana
Bin Abd Jalil, Kamarularifin
Ali, Fakariah Bt Hj Mohd
Rahman, Teh Faradilla Abdul
[J]. 2014 IEEE SYMPOSIUM ON COMPUTER APPLICATIONS AND INDUSTRIAL ELECTRONICS (ISCAIE), 2014,
[5] SQL Injection Attack Detection Method using Expectation Criterion
Xiao, Linghuan
Matsumoto, Shinichi
Ishikawa, Tomohisa
Sakurai, Kouichi
[J]. 2016 FOURTH INTERNATIONAL SYMPOSIUM ON COMPUTING AND NETWORKING (CANDAR), 2016, : 649 - 654
[6] Detection Method of SQL injection Attack in Cloud Computing Environment
Wang, Kuisheng
Hou, Yan
[J]. PROCEEDINGS OF 2016 IEEE ADVANCED INFORMATION MANAGEMENT, COMMUNICATES, ELECTRONIC AND AUTOMATION CONTROL CONFERENCE (IMCEC 2016), 2016, : 487 - 493
[7] Prevention of SQL Injection Attack Using Query Transformation and Hashing
Kar, Debabrata
Panigrahi, Suvasini
[J]. PROCEEDINGS OF THE 2013 3RD IEEE INTERNATIONAL ADVANCE COMPUTING CONFERENCE (IACC), 2013, : 1317 - 1323
[8] SQL Injection Attack Detection using ResNet
Sangeeta
Nagasundari, S.
Honnavali, Prasad B.
[J]. 2019 10TH INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND NETWORKING TECHNOLOGIES (ICCCNT), 2019,
[9] SQL injection attack: Detection, prioritization & prevention
Paul, Alan
Sharma, Vishal
Olukoya, Oluwafemi
[J]. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2024, 85
[10] SQL Injection Attack Detection Framework Based on HTTP Traffic
Zhu, Zhongdong
Jia, Shilin
Li, Jishuai
Qin, Sujuan
Guo, Hui
[J]. PROCEEDINGS OF ACM TURING AWARD CELEBRATION CONFERENCE, ACM TURC 2021, 2021, : 179 - 185

← 1 2 3 4 5 →