Abstract
SQL is a database language which is used to interact with the database. SQL is a language with the help of which database could be created, modified and deleted. Nowadays every organization used to have their own databases which may keep important information which should not be shared publicly. The SQL injection technique is now one of the most common attacks on the Internet. This paper is all about SQL injection, SQL injection attacks, and more important, how to detect and correct SQL injection. This paper proposes an algorithm to detect not only the SQL injection attack but also detects unauthorized user by maintaining an audit record using machine learning technique (clustering).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Open Web Application Security Project, Top Web application vulnerabilities for (2010), http://www.owasp.org/index.php/
William, G.J., Fond, H., Orso, A.: Projecting applications using positive tainting and syntax Member. IEEE Comptter Society 34(I) (January - February 2008)
Halfond, W.G., Viegas, T., Orso, A.: A Classification of SQL injection Attacks and Counter measures. In: Proc. of the IntI. Symposium on Secure Software Engineering (March 2006)
Tajpour, A., Masrom, S.M.: SQL Injection Detection and Prevention Techniques. Proc. International Journal of Advancements in Computing Technology 3(7) (August 2011)
Kindy, D.A., Pathan, A.-S.K.: A Survey On SQL Injection: Vulnerabilities, Attacks And Prevention Techniques. In: IEEE 15th International Symposium on Consumer Electronics (2011)
Kavi, S.B., Bisht, P., Madhusudan, P.: CANDID: Preventing SQL injection attacks using Dynamic candidate Evaluations. ACM, Alexandria (2007)
Cova, M., Balzarotti, D.: Swaddler: An approach for the Anomaly-based Detection of state violations in web applications. In: Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection, Queensland, Australia, pp. 63–86 (September 7, 2007)
Wei, K., Muthuprasanna, M., Kothari, S.: Preventing SQL Injection Attacks in Stored Procedures. In: Proceedings of the 2006 Australian Software Engineering Conference (ASWEC). IEEE (2006)
Kruegel, C., Vigna, G.: Anomaly Detection of Web based Attacks, CCS (2003)
McDonald, S.: SQL Injection: Modes of attack, defense, and why it matters. White paper, Government Security.org (April 2002)
Bertino, E., Kamara, A., Early, J.P.: Profiling Database Application to Detect SQL Injection Attacks (2007)
Spett, K.: Blind sql injection. White paper, SPI Dynamics, Inc. (2003), http://www.spidynamics.com/whitepapers/BlindSQLInjection.pdf
Ezumalai, R., Aghila, G.: Combinatorial Approach for Preventing SQL Injection Attacks. In: International Advance Computing Conference (IACC 2009). IEEE (2009)
Muthuprasanna, M., Wei, K., Kothari, S.: Eliminating SQL Injection Attacks- A Transparent Defense Mechanism. In: Eight IEEE International Symposium on Web Site Evolution(WSE 2006) (2006)
Halfond, W.G., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183 (2005)
Buehrer, G., Weide, B.W., Sivilotti, P.A.: Using Parse Tree Validation to Prevent SQL Injection Attacks. In: Proceedings of the 5th International Workshop on Software Engineering and Middleware, pp. 105–113 (2005)
Kim, J.-G.: Injection Attack Detection using the Removal of SQL Query Attribute Values, pp. 26–29. IEEE (2011)
Anley, C.: Advanced SQL Injection In SQL Server Applications. White paper. Next Generation Security Software Ltd (2002)
Bouma, F.: Stored Procedures are Bad, O’kay?Technical report, Asp.Net Weblogs (November 2003), http://weblogs.asp.net/fbouma/archive/2003/11/18/38178.aspx
Fayo, E.M.: Advanced SQL Injection in Oracle Databases. Technical report, Argeniss Information Security, Black Hat Briefings, Black Hat USA (2005)
Finnigan, P.: SQL Injection and Oracle - Parts 1 & 2. Technical Report, Security Focus (November 2002), http://securityfocus.com/infocus/1644 , http://securityfocus.com/infocus/1646
Howard, M., LeBlanc, D.: Writing Secure Code, 2nd edn. Microsoft Press, Redmond (2003)
Labs, S.: SQL Injection. White paper. SPI Dynamics, Inc. (2002), http://www.spidynamics.com/assets/documents/WhitepaperSQLInjection.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Singh, G., Kant, D., Gangwar, U., Singh, A.P. (2015). SQL Injection Detection and Correction Using Machine Learning Techniques. In: Satapathy, S., Govardhan, A., Raju, K., Mandal, J. (eds) Emerging ICT for Bridging the Future - Proceedings of the 49th Annual Convention of the Computer Society of India (CSI) Volume 1. Advances in Intelligent Systems and Computing, vol 337. Springer, Cham. https://doi.org/10.1007/978-3-319-13728-5_49
Download citation
DOI: https://doi.org/10.1007/978-3-319-13728-5_49
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13727-8
Online ISBN: 978-3-319-13728-5
eBook Packages: EngineeringEngineering (R0)