Skip to main content
SpringerLink
Log in

A Novel Method to Detect and Prevent SQLIA Using Ontology to Cloud Web Security

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Many modern day web applications deal with huge amount of secured and high impact data. As a result security plays a major role in web application development. The security of any web application focuses on data the application handles. The web application framework should prevent and detect web application vulnerabilities. Data will be stored in a database, so the OWASP categorized vulnerability SQL Injection Attacks (SQLIA) is the most critical vulnerability for a web application. An Ontology based model for preventing and detecting SQLIA using ontology (SQLIO) is proposed which implements Ontology Creation and prediction rule based vulnerabilities model. The proposed methodology provides prevents and detects SQLIA web vulnerability to a greater extent in cloud environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Azfar, A., Choo, K. R., & Liu, L. (2019). Forensic taxonomy of android productivity apps. Multimedia Tools & Applications, 76, 3313–3341.

    Article  Google Scholar 

  2. Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., & Evans, D. (2003). Automatically hardening web applications using precise tainting. In Security & privacy in the age of S. Christensen, A. Moller, & M. I. Schwartzbach. Precise analysis of string expressions. Static Analysis, Proceedings, Vol. 2694, pp. 1–18.

  3. Yeole, S., & Meshram, B. B. (2011). Analysis of different technique for detection of SQL injection. In Proceedings of the International Conference & Workshop on Emerging Trends in Technology (ICWET ’11) (pp. 963–966). Mumbai: ACM.

  4. Sharma, A., & Sheth, J. N. (2004). Web-based marketing: The coming revolution in marketing thought & strategy. Journal of Business Research, 57(7), 696–702.

    Article  Google Scholar 

  5. Alserhani, F., Akhlaq, M., Awan, I., & Cullen, A. (2011). Event-based alert correlation system to detect SQLI activities. In 2011 IEEE international conference on Advanced Information Networking & Applications (AINA) (pp. 175–182). IEEE.

  6. Avireddy, S., et al. (2012). Random4: An application specific randomized encryption algorithm to prevent SQL injection. In 2012 IEEE 11th international conference on Trust, Security & Privacy in Computing & Communications (TrustCom). IEEE.

  7. Pankaj, P., Nagle, M., & Pankaj, K. K. (2012). Prevention of buffer prevention of buffer f buffer overflow attack overflow attack overflow attack blocker blocker blocker using IDS. International Journal of Computer Science & Network (IJCSN), 1(5). www.ijcsn.org. ISSN 2277-5420.

  8. Benedikt, M., Freire, J., & Godefroid, P. (2002). VeriWeb: Automatically testing dynamic web sites. In Proceedings of 11th International World Wide Web Conference (WWW’2002). Citeseer.

  9. Bertino, E., Kamra, A., & Early, J. (2007). Profiling database application to detect SQL injection attacks. In IEEE International Performance, Computing, & Communications Conference, 2007. IPCCC 2007 (pp. 449–548). IEEE.

  10. Buehrer, G., Weide, B. W., & Sivilotti, P. A. G. (2005). Using parse tree validation to prevent SQL injection attacks. In Proceedings of the 5th international workshop on Software engineering & middleware. ACM.

  11. Anley, C. (2002). Advanced SQL injection in SQL server applications. White Paper Next Generation Security Software Ltd. 2002, 9. Oracle SQL injection in web applications. Red-Database-Security GmbH Company, Germany, 2009. https://www.red-database-security.com/whitepaper/oracle_sql_injection_web.html. Accessed 16 March 2010.

  12. Gould, C., Su, Z., & Devanbu, P. (2004). JDBC checker: A static analysis tool for SQL/JDBC applications. In Proceedings of the 26th International Conference on Software Engineering (ICSE 2004) Formal Demos, pp. 697–698.

  13. Blanco, C., Sheras, J., Fernández-Medina, E., Valencia-García, R., & Toval, A. (2011). Basis for an integrated security ontology according to a systematic review of existing proposals. Computer Standards & Interfaces, 33(67), 372–388.

    Article  Google Scholar 

  14. Pinzón, C. I., De Paz, J. F., Herrero, Á., Corchado, E., Bajo, J., & Corchado, J. M. (2013). idMAS-SQL: Intrusion detection based on MAS to detect & block SQL injection through data mining. Information Sciences, 231(10), 15–31.

    Article  Google Scholar 

  15. Ezumalai, R., & G. Aghila. (2009). Combinatorial approach for preventing SQL injection attacks. In IEEE International Advance Computing Conference. IACC 2009. IEEE.

  16. Abdoli, F. & Kahani, M. (2009). Ontology-based distributed intrusion detection system. In Proceedings of the 14th International CSI Computer Conference.

  17. Valeur, F., Mutz, D., & Vigna, G. (2005). A learning-based approach to the detection of SQL attacks. In Detection of intrusions and malware, and vulnerability assessment, Proceedings, Vol. 3548, pp. 123–140.

  18. Valeur, F., Mutz, D., Vigna, G. (2013). A learning-based approach to the detection of SQL Attacks. In Conference on detection of intrusions & malware and vulnerability ass (Vol. 55, No. 10, , pp. 1767–1780). Elsevier.

  19. Shar, L. K., & Tan, H. B. K. (2013). Predicting SQL injection & cross site scripting vulnerabilities through mining input sanitization patterns. Information & Software Technology, 55(10), 1767–1780.

    Article  Google Scholar 

  20. Cova, M., Felmetsger, V., & Vigna, G. (2007). Vulnerability analysis of web applications. In L. Baresi & E. Dinitto (Eds.), Testing & analysis of web services. Berlin: Springer.

    Google Scholar 

  21. El-Moussaid, N. E. B., & Toumanari, A. (2014). Web application attacks detection: A survey & classification. International Journal of Computer Applications, 103(12), 1–6.

    Article  Google Scholar 

  22. Bisht, P., Madhusudan, P., & Venkatakrishnan, V. N. (2010). CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks. ACM Transaction on Information System Security, 13, 14.

    Article  Google Scholar 

  23. Pietraszek, T., & Berghe, C. V. (2006). Defending against injection attacks through context-sensitive string evaluation. Recent Advances in Intrusion Detection, 3858, 124–145.

    Article  Google Scholar 

  24. Haldar, V., Chandra, D., & Franz, M. (2005). Dynamic taint propagation for Java. In Proceedings 21st Annual Computer Security Applications Conference.

  25. García, V. H., Monroy, R., Quintana, M. (2006). Web attack detection using ID3. In workshop International Federation for Information Processing Santiago, Chile, pp. 323–332.

  26. Chung, Y.-C., Ming-Chuan, Wu, Chen, Y.-C., & Chang, W.-K. (2012). A Hot Query Bank approach to improve detection performance against SQL injection attacks. Computers & Security, 31(2), 233–248.

    Article  Google Scholar 

  27. Su, Z., & Wassermann, G. (2006). The essence of command injection attacks in web applications. ACM SIGPLAN Notices., 41, 372–382.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Sri Eshwar College of Engineering, Coimbatore, TamilNadu, India

    K. Naveen Durai, R. Subha & Anandakumar Haldorai

Authors
  1. K. Naveen Durai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Subha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anandakumar Haldorai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Naveen Durai.

Ethics declarations

Conflict of interest

The authors have declared to have no confliect of interest.

Human and Animal Rights

This research includes no studies involving animals or humans controlled by the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Durai, K.N., Subha, R. & Haldorai, A. A Novel Method to Detect and Prevent SQLIA Using Ontology to Cloud Web Security. Wireless Pers Commun 117, 2995–3014 (2021). https://doi.org/10.1007/s11277-020-07243-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07243-z

Keywords

Search

Navigation