SQL Injection Attack Detection: Profiling of Web Application Parameter Using the Sequence Pairwise Alignment

SQL Injection Attack (SQLIA) is a common cyberattack that target web application database. With the ever increasing and varying techniques to exploit web application SQLIA vulnerabilities, there is no a comprehensive method that can solve this kind of attacks. Therefore, these various of attack techniques required to establish many methods against in order to mitigate its threats. However, most of these methods have not yet been evaluated, where it is still just theories and require to implement and measure its performance and set its limitation. Moreover, most of the existing SQL injection countermeasures either used syntax-based detection methods or a list of predefined rules to detect the SQL injection, which is vulnerable in advance and sophisticated type of attacks because attackers create new ways to evade the detection utilizing their pre-knowledge. Although semantic-based features can improve the detection, up to our knowledge, no studies focused on extracting the semantic features from SQL stamens. This paper, investigates a designed model that can improve the efficacy of the SQL injection attack detection using machine learning techniques by extracting the semantic features that can effectively indicate the SQL injection attack. Also, a tenfold approach will be used to evaluate and validate the proposed detection model.

Download Full-text

SQL Injection Attack Detection Framework Based on HTTP Traffic

10.1145/3472634.3474068 ◽

2021 ◽

Author(s):

ZhongDong Zhu ◽

ShiLin Jia ◽

JiShuai Li ◽

SuJuan Qin ◽

Hui Guo

Keyword(s):

Attack Detection ◽

Sql Injection ◽

Sql Injection Attack

Download Full-text

Safety Measures and Auto Detection against SQL Injection Attacks

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijeat.b3316.129219 ◽

2019 ◽

Vol 8 (4) ◽

pp. 2827-2833

Keyword(s):

Web Application ◽

Application Programming Interface ◽

Database Management System ◽

Transport Layer ◽

Prototype System ◽

Large Network ◽

Security Measures ◽

Sql Injection ◽

Sql Injection Attack ◽

The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

Download Full-text

WEB APPLICATION PROTECTION AGAINST SQL INJECTION ATTACK

International Journal of Advance Engineering and Research Development ◽

10.21090/ijaerd.020330 ◽

2015 ◽

Vol 2 (03) ◽

Keyword(s):

Web Application ◽

Sql Injection ◽

Sql Injection Attack

Download Full-text

SQL injection attack detection using fingerprints and pattern matching technique

2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS) ◽

10.1109/icsess.2017.8342983 ◽

2017 ◽

Cited By ~ 5

Author(s):

Benjamin Appiah ◽

Eugene Opoku-Mensah ◽

Zhiguang Qin

Keyword(s):

Pattern Matching ◽

Attack Detection ◽

Sql Injection ◽

Matching Technique ◽

Sql Injection Attack

Download Full-text

SQL Injection Attack Detection using Machine Learning Algorithm

2021 5th International Conference on Trends in Electronics and Informatics (ICOEI) ◽

10.1109/icoei51242.2021.9452914 ◽

2021 ◽

Author(s):

A. Sivasangari ◽

J. Jyotsna ◽

K. Pravalika

Keyword(s):

Machine Learning ◽

Learning Algorithm ◽

Attack Detection ◽

Machine Learning Algorithm ◽

Sql Injection ◽

Sql Injection Attack

Download Full-text

SQL Injection Attacks Countermeasures

Threats, Countermeasures, and Advances in Applied Information Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-0978-5.ch010 ◽

2012 ◽

pp. 194-213

Author(s):

Kasra Amirtahmasebi ◽

Seyed Reza Jalalinia

Keyword(s):

Web Application ◽

Web Applications ◽

Confidential Information ◽

Sql Injection ◽

Unauthorized Access ◽

Injection Attacks ◽

Prevention Techniques ◽

Sql Injection Attack ◽

Sql Injection Attacks ◽

The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Download Full-text