Skip to main content
SpringerLink
Log in
Book cover

International Conference on Internet and Distributed Computing Systems

IDCS 2012: Internet and Distributed Computing Systems pp 264–274Cite as

SQL Injection Detection via Program Tracing and Machine Learning

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7646))

Abstract

Database systems are indispensable in modern web applications in order to process and store business information. Due to the contained valuable information, these systems are highly interesting to hackers and their diverse and enormous amount of attacks severely undermine the effectiveness of classical signature-based detection. In this work we propose a novel hybrid approach for learning SQL statements with program tracing techniques in order to detect malicious behavior between the database and application. The approach incorporates the program trace hashing technique and tree structure of SQL queries as well as query name similarity as characteristic to distinguish malicious from benign queries. An prototype learning system integrated in PHP is demonstrated to show the usefulness of our approach on real-world application.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of LISA, pp. 229–238. USENIX (1999)

    Google Scholar 

  2. Ristic, I.: ModSecurity - A Filter-Module for the Apache web server (1998)

    Google Scholar 

  3. Kruegel, C., Vigna, G.: Anomaly Detection of Web-based Attacks. In: Proc. of ACM CCS, pp. 251–261. ACM Press, New York (2003)

    Google Scholar 

  4. Kruegel, C., Vigna, G., Robertson, W.: A Multi-model Approach to the Detection of Web-based Attacks. Computer Networks 48(5), 717–738 (2005)

    Article  Google Scholar 

  5. Cova, M., Balzarotti, D., Felmetsger, V., Vigna, G.: Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 63–86. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: Conference on Programming Language Design and Implementation, PLDI (2007)

    Google Scholar 

  7. Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: ICSE (2008)

    Google Scholar 

  8. Martin, M., Lam, M.S.: Automatic generation of XSS and Sql injection attacks with goal-directed model checking. In: 17th USENIX Security Symposium (2008)

    Google Scholar 

  9. Collins, M., Duffy, N.: New ranking algorithms for parsing and tagging: Kernels over discrete structures, and the voted perceptron. In: ACL (2002)

    Google Scholar 

  10. Vishwanathan, S.V.N., Smola, A.J.: Fast kernels on strings and trees. In: Proceedings of Neural Information Processing Systems (2002)

    Google Scholar 

  11. Lodhi, H., Saunders, C., Shawe-Taylor, J., Cristianini, N., Watkins, C.: Text classification using string kernels. In: NIPS 2002, Vancouver, Canada (2000)

    Google Scholar 

  12. Zelenko, D., Aone, C., Richardella, A.: Kernel methods for relation extraction. Journal of Machine Learning Research (2003)

    Google Scholar 

  13. Moschitti, A.: Making tree kernels practical for natural language learning. In: Proceedings of the Eleventh International Conference on European Association for Computational Linguistics, Trento, Italy (2006)

    Google Scholar 

  14. Lee, S.-Y., Low, W.L., Wong, P.Y.: Learning Fingerprints for a Database Intrusion Detection System. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–280. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Buehrer, G., Weide, B.W., Sivilotti, P.A.G.: Using parse tree validation to prevent sql injection attacks. In: Proc. of SEM, pp. 106–113. ACM, New York (2005)

    Google Scholar 

  16. Gerstenberger, R.: Anomaliebasierte Angriffserkennung im FTP-Protokoll. Master’s thesis, University of Potsdam, Germany (2008)

    Google Scholar 

  17. Düssel, P., Gehl, C., Laskov, P., Rieck, K.: Incorporation of Application Layer Protocol Syntax into Anomaly Detection. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 188–202. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  18. Bockermann, C., Apel, M., Meier, M.: Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract). In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 196–205. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Dewhurst, R.: Damn Vulnerable Web Application, DVWA (2012), http://www.dvwa.co.uk/

  20. Bernardo Damele, A.G., Stampar, M.: Sqlmap: automatic SQL injection and database takeover tool (2012), http://sqlmap.sourceforge.net/

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Software Development Enviroment, Beihang University, 100191, Beijing, China

    Yi Wang & Zhoujun Li

Authors
  1. Yi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhoujun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University, Melbourne Burwood Campus, 221 Burwood Highway, 3125, Burwood, VIC, Australia

    Yang Xiang

  2. Media Distribution, Telstra Corporation Limited, 21/35 Collins St, 3000, Melbourne, VIC, Australia

    Mukaddim Pathan

  3. Department of Mathematics and Computing, The University of Southern Queensland, Toowoomba, QLD, Australia

    Xiaohui Tao  & Hua Wang  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, Y., Li, Z. (2012). SQL Injection Detection via Program Tracing and Machine Learning. In: Xiang, Y., Pathan, M., Tao, X., Wang, H. (eds) Internet and Distributed Computing Systems. IDCS 2012. Lecture Notes in Computer Science, vol 7646. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34883-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34883-9_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34882-2

  • Online ISBN: 978-3-642-34883-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation