Abstract
In this paper we prove that the correlation approach to SQL Injection Attacks allows improving results of such attacks detection. Moreover, we propose a novel method for SQLIA detection based on the genetic algorithm for determining anomalous queries. Experimental scenario is also described and the achieved results are reported.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Choraś, M., Kozik, R., Piotrowski, R., Brzostek, J., Hołubowicz, W.: Network Events Correlation for Federated Networks Protection System. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 100–111. Springer, Heidelberg (2011)
Rao, T.K., Kum, G.Y., Reddy, E.K., Sharma, M.: Major Issues of Web Applications: A Case Study of SQL Injection. Journal of Current Computer Science and Technology 2(1), 16–20 (2012)
Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEEACM International Conference on Automated Software Engineering (2005)
https://paulsparrows.wordpress.com/2011-cyber-attacks-timeline-master-index/
OWASP Top 10 – 2010, The Ten Most Critical Web Application Security Risks (2010)
Royal Navy Website Attacked by Romanian Hacker (2008), http://www.bbc.co.uk/news/technology-11711478
Mills, E.: DSL Reports Says Member Information Stolen (2011)
Keizer, G.: Huge Web Hack Attack Infects 500,000 pages (2008)
Tajpour, A., JorJor Zade Shooshtari, M.: Evaluation of SQL Injection Detection and Prevention Techniques. In: CICSyN 2010 Second International Conference on Computational Intelligence, Communication Systems and Networks (2010)
Amirtahmasebi, K., Jalalinia, S.R., Khadem, S.: A Survey of SQL Injection Defense Mechanisms. In: ICITST International Conference for Internet Technology and Secured Transactions (2009)
Elia, I.A., Fonseca, J., Vieira, M.: Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (2010)
Needleman, S.B., Wunsch, C.D.: A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology (1970)
Conrad, E.: Detecting Spam with Genetic Regular Expressions. SANS Institute InfoSec Reading Room (2007)
Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201–208 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W. (2013). Correlation Approach for SQL Injection Attacks Detection. In: Herrero, Á., et al. International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Advances in Intelligent Systems and Computing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33018-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-33018-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33017-9
Online ISBN: 978-3-642-33018-6
eBook Packages: EngineeringEngineering (R0)