Automated Detection of SQL Injection Attack on Blockchain-Based Database

2021 ◽  
pp. 321-341
Author(s):  
Keshav Sinha ◽  
Amit Kumar Keshari
Keyword(s):  
Network Analysis ◽  
Denial Of Service ◽  
Automated Detection ◽  
Distributed Environment ◽  
Sql Injection ◽  
Insider Attack ◽  
Challenging Tasks ◽  
Sql Injection Attack ◽  
The Web

In the era of computing, where the data are stored in a cloud or distributed environment, the privacy of data is one of the challenging tasks. The attacks like denial of service attacks (DoS), insider attack compromised the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data in the blockchain system. There are several types of attacks that are performed by the adversary on the database to destroy the vulnerability of the system. Here, the authors are mainly focused on the SQL injection attack which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.

The Detection of SQL Injection on Blockchain-Based Database

2021 ◽  
pp. 234-262
Author(s):  
Keshav Sinha ◽  
Madhav Verma
Keyword(s):  
Network Analysis ◽  
Denial Of Service ◽  
Automated Detection ◽  
Distributed Environments ◽  
Storage Space ◽  
Sql Injection ◽  
Challenging Tasks ◽  
Sql Injection Attack ◽  
The Web

In today's world, the storage of data needs a huge amount of space. Meanwhile, cloud and distributed environments provide sufficient storage space for the data. One of the challenging tasks is the privacy prevention of storage data. To overcome the problem of privacy, the blockchain-based database is used to store the data. There are various attacks like denial of service attacks (DoS) and insider attacks that are performed by the adversary to compromise the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data. Here, they are mainly focused on the SQL injection attack, which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.

scholarly journals Safety Measures and Auto Detection against SQL Injection Attacks

2019 ◽  
Vol 8 (4) ◽  
pp. 2827-2833
Keyword(s):  
Web Application ◽  
Application Programming Interface ◽  
Database Management System ◽  
Transport Layer ◽  
Prototype System ◽  
Large Network ◽  
Security Measures ◽  
Sql Injection ◽  
Sql Injection Attack ◽  
The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Method to Detect SQL Injection Attacks for Complex Network Environment

2013 ◽  
Vol 651 ◽  
pp. 841-845
Author(s):  
Wu Min Pan
Keyword(s):  
Operating Systems ◽  
Web Application ◽  
Security Risk ◽  
Defense System ◽  
Sql Injection ◽  
Injection Attacks ◽  
Test Application ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

SQL injection has become a serious security risk among all the attacks against Web application. The SQL injection attack allows an attacker to access the underlying database unrestrictedly, and furthermore, retrieves the confidential information of the corporation and the network user. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. For this reason, we conducts an in-depth research on SQL injection and defense: requires no modification of the web application code,and can be adapted to different usage scenarios,involving also different operating systems and server applications,and can be able to detect all the known injection points for the test application

scholarly journals Security Performance Analysis of Photography Service System

2019 ◽  
Vol 4 (2) ◽  
pp. 15-20
Author(s):  
Nur Khairani Kamarudin ◽  
Farah Shazwani Ismail ◽  
Mahfudzah Othman ◽  
Nurul Hidayah Ahmad Zukri ◽  
Mohd Faris Mohd Fuzi
Keyword(s):  
Service System ◽  
Denial Of Service ◽  
Security Attacks ◽  
Dos Attack ◽  
Sql Injection ◽  
Penetration Testing ◽  
The Public ◽  
Vulnerability Assessments ◽  
Sql Injection Attack ◽  
Cross Site

Photography business become more popular and trending among the most of people who likes photography. Photography Service System was developed to help photography companies to deliver photos and videos to their customers. The use of the system have its advantages such as easiness of accessing data and also make users share the data faster. The purpose of the system was developed to ease the daily works and can be used frequently by photography companies as a method to send photos and videos to their customers. A penetration testing was conducted in order to test the security performance by conducting four security attacks which were Denial of Service (DoS), SQL injection, Cross Site Scripting, and sniffing password. The purpose of these attacks were conducted is to testing and finding the vulnerabilities of the system because the system deals with the customers’ privacy data which is the photos and the videos owned by the customers. This is crucial to secure a system where the first step taken as a prevention to introduce the system to the public, vulnerability assessments was performed to determine the weaknesses of the system. Scanning and vulnerability assessment are done using tools which is Vega Scanning Tool, Wireshark, and Low Orbit Ion Cannon (LOIC). All results are collected and have been analyze. As a summary of the result, it shows that the system are vulnerable to DoS attack, SQL injection attack, cross site scripting and also password sniffing.  

SQL Injection Attack on Web Application

2018 ◽  
Vol 7 (S1) ◽  
pp. 11-15
Author(s):  
S. Parameswari ◽  
K. Kavitha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Sql Injection ◽  
Injection Attacks ◽  
Sql Injection Attack ◽  
Simplified Algorithm ◽  
Basic Features ◽  
Sql Injection Attacks ◽  
Almost All ◽  
The Web

SQL injection attacks are one of the highest dangers for applications composed for the Web. These attacks are dispatched through uncommonly made client information on web applications that utilizes low level string operations to build SQL queries. An SQL injection weakness permits an assailant to stream summons straightforwardly to a web application’s hidden database and annihilate usefulness or privacy. In this paper we proposed a simplified algorithm which works on the basic features of the SQL Injection attacks and will successfully detect almost all types of SQL Injection attacks. In the paper we have also presented the experiment results in order to acknowledge the proficiency of our algorithm.

scholarly journals Anomaly-Based Method for Detecting Multiple Classes of Network Attacks

Information ◽  
2019 ◽  
Vol 10 (3) ◽  
pp. 84 ◽  
Author(s):  
Anastasia Gurina ◽  
Vladimir Eliseev
Keyword(s):  
Dynamic Response ◽  
Denial Of Service ◽  
Web Server ◽  
Detection Algorithm ◽  
Attack Detection ◽  
Sql Injection ◽  
Network Attacks ◽  
Detection Techniques ◽  
Advantages And Disadvantages

The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new lightweight approach to detect attacks as anomalies is proposed. It is based on recognition of the dynamic response of the web server during requests processing. An autoencoder is implemented for dynamic response anomaly recognition. A case study with the MyBB web server is described. Several flood attacks and SQL injection attack are modeled and successfully detected by the proposed method. The efficiency of the detection algorithm is evaluated, and the advantages and disadvantages of the proposed approach are analyzed.

Keeping the Vision Alive: The Role of Networks in National Memorial Building A Case Study of the Vietnam Women’s Memorial and the Black Revolutionary War Patriots Memorial

Public Voices ◽  
2016 ◽  
Vol 11 (1) ◽  
pp. 89
Author(s):  
Amy Probsdorfer Kelley ◽  
John C. Morris
Keyword(s):  
Network Analysis ◽  
Revolutionary War ◽  
The Other ◽  
Perceived Popularity ◽  
National Mall ◽  
Compare And Contrast

The process to win approval to build a national memorial on the National Mall inWashington, DC is both long and complex. Many memorials are proposed, but few are chosen to inhabit the increasingly scarce space available on the Mall. Through the use of network analysis we compare and contrast two memorial proposals, with an eye toward understanding why one proposal was successful while the other seems to have failed. We conclude that the success of a specific memorial has less to do with the perceived popularity of the person or event to be memorialized, and more to do with how the sponsors use the network of people and resources available to advocate for a given proposal.

Sign in / Sign up

Export Citation Format

Share Document