Abstract
Web based applications often have vulnerabilities that can be exploited to launch SQL-based attacks. In fact, web application developers are normally concerned with the application functionalities and can easily neglect security aspects. The increasing number of web attacks reported every day corroborates that this attack-prone scenario represents a real danger and is not likely to change favorably in the future. However, the main problem resides in the fact that most of the SQL-based attacks cannot be detected by typical intrusion detection systems (IDS) at network or operating system level. In this paper we propose a database level IDS to concurrently detect malicious database operations. The proposed IDS is based on a comprehensive anomaly detection scheme that checks SQL commands to detect SQL injection and analyses transactions to detect more elaborate data-centric attacks, including insider attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Acunetix, available at: http://www.acunetix.com
Anton, A., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policies. CERIAS Technical Report (2004)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: proc. VLDB (2002)
Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: DIMVA 2005 (2005)
Chung, C., Gertz, L.: DEMIDS: A Misuse Detection System for Database Systems. In: proc. of Third International IFIP TC-11 WG11.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, Boston (1999)
Bertino, E., et al.: Intrusion detection in RBAC-administered databases. In: ACSAC 2005 (2005)
Vieira, M., Madeira, H.: Detection of malicious transactions in DBMS. In: PRDC 2005 (2005)
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning Fingerprints For A Database Intrusion Detection System. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, Springer, Heidelberg (2002)
Low, W.L., Lee, J., Teoh, P.: DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions. In: International Conference on Enterprise Information Systems (2002)
Viega, J., Bloch, J.T., Kohno, Y., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. In: Computer Security Applications Conference (2000)
Bergeron, et al.: Static Detection of Malicious Code in Executable Programs. In: SREIS (2001)
Internet Security Systems: Network- vs. Host-based Intrusion Detection (1998)
TPC Benchmark W (2002) available at: http://www.tpc.org/tpcw
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fonseca, J., Vieira, M., Madeira, H. (2007). Detecting Malicious SQL. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)