Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(460.12KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Automated Detection System for SQL Injection Attacks
K.V.N.Sunitha, M. Sridevi
Pages - 426 - 435     |    Revised - 30-08-2010     |    Published - 30-10-2010
Volume - 4   Issue - 4    |    Publication Date - October 2010  Table of Contents
MORE INFORMATION
KEYWORDS
Intrusion detection, injection attacks, Regular Expressions, SQL query
ABSTRACT
Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL Injection vulnerability (SQLIV), which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. The intent is that Web applications will limit the kinds of queries that can be generated to a safe subset of all possible queries, regardless of what input users provide. SQL Injection attacks are possible due to the design drawbacks of the web sites, which interact with back-end databases. Successful attacks may damage more. We introduce a system that deals with new automated technique for preventing SQLIA based on the novel concept of regular expressions is to detect SQL Injection attacks. The proposed system can detect the attacks that are from Internet and Insider Attacks, by analyzing the packets of the network servers.
CITED BY (5)  
1 Doshi, J. C., Christian, M., & Trivedi, B. H. (2014). SQL FILTER–SQL Injection prevention and logging using dynamic network filter. In Security in Computing and Communications (pp. 400-406). Springer Berlin Heidelberg.
2 Ilic, S. S., Lazic, L., & Spalevic, P. (2011, July). One approach to the testing of security of proposed database application software. In Proc. of the 15th WSEAS Intern. Conf. on Computers, Corfu Island, Greece (pp. 475-480).
3 Modi, R., & Kaur, K. Thwarting from SQL Injection Attack would Secure Database Server Functions in SQL Server over the Public Network.
4 LE, H. T., & LOH, P. K. K. Identification of Performance Issues in Contemporary Black-Box Web Application Scanners in SQLI.
5 Grbavac, s. Eliminisanje sql Injection napada–mehanizmi odbrane elimination of the sql injection attacks–defense mechanisms.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 iSEEK 
5 Scribd 
6 SlideShare 
7 PDFCAST 
8 PdfSR 
1 R.Ezumalai,G.Agila,“Combinational Approach for Preventing SQL Injection Attacks,” IEEE 2009-International Advance Computing Conference-2009.
2 S.W. Boyd and A.D. Keromytis, “SQLrand: Preventing SQL Injection Attacks,” Proc. Second Int’l Conf. Applied Cryptography and Network Security, pp. 292-302, June 2004.
3 Sagar Joshi, “ SQL Injection Attack and Defense “, white paper,2005.
4 Ke Wei, M.Muthuprasanna, Suraj Kothari, “ Preventing SQL Injection Attacks in Stored Procedures“,Proceedings of the 2006 Australian Software Engineering Conference (ASWEC’06).
5 J.Clause, W. Li, and A. Orso, “Dytan: A Generic Dynamic Taint Analysis Framework,” Proc.Int’l Symp. Software Testing and Analysis, pp. 196-206, July 2007.
6 Xiang Fu Xin Lu Boris Peltsverger Shijun Chen , ” A Static Analysis Framework For Detecting SQL Injection Vulnerabilities”, 31st Annual International Computer Software and Applications Conference(COMPSAC 2007).
7 “Top Ten Most Critical Web Application Vulnerabilities,” OWASP Foundation,http://www.owasp.org/documentation/topten.html, 2005.
8 V. Haldar, D. Chandra, and M. Franz, “Dynamic Taint Propagation for Java,” Proc. 21st Ann.Computer Security Applications Conf., pp. 303-311,Dec.2005.
9 W. Halfond, A. Orso, and P. Manolios, “Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks,” Proc. ACM SIGSOFT Symp. Foundations of Software Eng., pp.175- 185, Nov. 2006.
10 W.G. Halfond and A. Orso, “AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks,” Proc. 20th IEEE and ACM Int’l Conf. Automated Software Eng., pp. 174-183, Nov. 2005.
11 W.G. Halfond, J.Viegas, and A. Orso, “A Classification of SQLInjection Attacks and Countermeasures,” Proc.IEEE Int’l Symp. Secure Software Eng., Mar. 2006.
12 J.Newsome and D.Song, “Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software,” Proc. 12th Ann. Network and Distributed System Security Symp.,Feb. 2005.
13 “On the stability of networks operating TCP-like congestion control,” in Proc. IFAC World Congress, Barcelona, Spain,2002.
14 C. Anley, “Advanced SQL Injection In SQL Server Applications,” white paper, Next Generation Security Software, 2002.
15 Stuart McDonald SQL Injection: Modes of Attack, Defence, and Why It Matters , GIAC Security Essentials Certification (GSEC) Practical Assignment - Version 1.4 (amended April 8, 2002) - Option One.
16 http://nvd.nist.gov.
17 http://www.milw0rm.com.
18 http://www.securityfocus.com.
Dr. K.V.N.Sunitha
GNITS - India
k.v.n.sunitha@gmail.com
Associate Professor M. Sridevi
- India