Skip to main content
SpringerLink
Log in
Book cover

Proceedings of the 8th International Conference on Computer Recognition Systems CORES 2013 pp 753–762Cite as

Evaluation of Various Techniques for SQL Injection Attack Detection

  • Conference paper

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 226))

Abstract

The network technology has evolved significantly recently. The growing use of cloud services, increased number of users, novel mobile operating systems and changes in network infrastructures that connect devices make novel challenges for cyber security. In order to counter arising threats, network security mechanisms and protection schemes also evolve and use sophisticated sensors and methods. In our previous work [27] we have introduced an innovative evolutionary algorithm for modeling genuine SQL queries generated by web-application. In [28] we have investigated how the proposed algorithm can be combined together with other Off-The-Shelf solutions (like SNORT and SCALP tools) in order to increase the detection ratio of injection attacks. In this paper we have significantly extended our test suite. First of all, we have compared our method with new efficient solutions for injection attack detection. We have also deeply discussed the drawbacks and benefits of these solutions. We have also explained how the correlation techniques can be adapted in order to overcome these drawbacks without loosing high effectiveness.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERT Polska Annual Report (2011), http://www.cert.pl/PDF/ReportCP2011.pdf

  2. SOPHOS homepage, http://www.sophos.com

  3. Cisco Annual Report (2011)

    Google Scholar 

  4. Choraś, M., Kozik, R., Piotrowski, R., Brzostek, J., Hołubowicz, W.: Network Events Correlation for Federated Networks Protection System. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 100–111. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Rao, T.K., Kum, G.Y., Reddy, E.K., Sharma, M.: Major Issues of Web Applications: A Case Study of SQL Injection. Journal of Current Computer Science and Technology 2(1), 16–20 (2012)

    Google Scholar 

  6. Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEEACM International Conference on Automated Software Engineering (2005)

    Google Scholar 

  7. https://paulsparrows.wordpress.com/2011-cyber-attacks-timeline-master-index/

  8. OWASP Top 10 2010, The Ten Most Critical Web Application Security Risks (2010)

    Google Scholar 

  9. Royal Navy Website Attacked by Romanian Hacker (2008), http://www.bbc.co.uk/news/technology-11711478

  10. Mills, E.: DSL Reports Says Member Information Stolen (2011)

    Google Scholar 

  11. Keizer, G.: Huge Web Hack Attack Infects 500,000 pages (2008)

    Google Scholar 

  12. Tajpour, A., Jor Jor Zade Shooshtari, M.: Evaluation of SQL Injection Detection and Prevention Techniques. In: CICSyN 2010, Second International Conference on Computational Intelligence, Communication Systems and Networks (2010)

    Google Scholar 

  13. Amirtahmasebi, K., Jalalinia, S.R., Khadem, S.: A Survey of SQL Injection Defense Mechanisms. In: ICITST International Conference for Internet Technology and Secured Transactions (2009)

    Google Scholar 

  14. Elia, I.A., Fonseca, J., Vieira, M.: Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (2010)

    Google Scholar 

  15. Needleman, S.B., Wunsch, C.D.: A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology (1970)

    Google Scholar 

  16. Conrad, E.: Detecting Spam with Genetic Regular Expressions. SANS Institute InfoSec Reading Room (2007)

    Google Scholar 

  17. Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201–208 (2002)

    Google Scholar 

  18. Frank, E., Witten, I.H.: Generating Accurate Rule Sets Without Global Optimization. In: Fifteenth International Conference on Machine Learning, pp. 144–151 (1998)

    Google Scholar 

  19. PHP-IDS project homepage, https://phpids.org/

  20. John, G.H., Langley, P.: Estimating Continuous Distributions in Bayesian Classifiers. In: Eleventh Conference on Uncertainty in Artificial Intelligence, San Mateo, pp. 338–345 (1995)

    Google Scholar 

  21. Weka REPTree reference manual, http://www.dbs.informatik.uni-muenchen.de/zimek/diplomathesis/implementations/EHNDs/doc/weka/classifiers/trees/REPTree.html

  22. Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo (1993)

    Google Scholar 

  23. RIDOR classifier, http://weka.sourceforge.net/doc/weka/classifiers/rules/Ridor.html

  24. Kaspersky Lab. Security report, http://www.securelist.com/en/analysis/204792244/The-geography-of-cybercrime-Western-Europe-and-North-America

  25. ESET annual report, http://go.eset.com/us/resources/white-papers/Trends-for-2013-preview.pdf

  26. ESET threat report (December 2012), http://go.eset.com/us/resources/threat-trends/Global-Threat-Trends-November-2012.pdf

  27. Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.: Correlation Approach for SQL Injection Attacks Detection. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 177–185. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  28. Choraś, M., Kozik, R.: Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection. In: Proc. of WSC 17 Online Conference on Soft Computing in Industrial Applications (2012)

    Google Scholar 

  29. WEKA 3 Data mining tool homepage, http://www.cs.waikato.ac.nz/ml/weka/

  30. Ficco, M., Coppolino, L., Romano, L.: A Weight-Based Symptom Correlation Approach to SQL Injection Attacks. In: Fourth Latin-American Symposium on Dependable Computing, LADC 2009, September 1-4, pp. 9–16 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ITTI Ltd., Poznań, Poland

    Michał Choraś

  2. Institute of Telecommunications, UT&LS, Bydgoszcz, Poland

    Michał Choraś & Rafał Kozik

Authors
  1. Michał Choraś
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafał Kozik
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michał Choraś .

Editor information

Editors and Affiliations

  1. , Department of Systems and Computer, Wroclaw University of Technology, WybrzezeWyspianskiego St 27, Wroclaw, 50-370, Poland

    Robert Burduk

  2. , Department of Systems and Computer, Wroclaw University of Technology, WybrzezeWyspianskiego St 27, Wroclaw, 50-370, Poland

    Konrad Jackowski

  3. , Department of Systems and Computer, Wroclaw University of Technology, WybrzezeWyspianskiego St 27, Wroclaw, 50-370, Poland

    Marek Kurzynski

  4. , Department of Systems and Computer, Wroclaw University of Technology, WybrzezeWyspianskiego St 27, Wroclaw, 50-370, Poland

    Michał Wozniak

  5. , Department of Systems and Computer, Wroclaw University of Technology, WybrzezeWyspianskiego St, Wroclaw, 50-370, Poland

    Andrzej Zolnierek

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Choraś, M., Kozik, R. (2013). Evaluation of Various Techniques for SQL Injection Attack Detection. In: Burduk, R., Jackowski, K., Kurzynski, M., Wozniak, M., Zolnierek, A. (eds) Proceedings of the 8th International Conference on Computer Recognition Systems CORES 2013. Advances in Intelligent Systems and Computing, vol 226. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-00969-8_74

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-00969-8_74

  • Publisher Name: Springer, Heidelberg

  • Print ISBN: 978-3-319-00968-1

  • Online ISBN: 978-3-319-00969-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation