Skip to main content
SpringerLink
Log in

MAC based solution for SQL injection

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers’ lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable asset in any organization. SQL injection is an attack technique used to exploit code by altering back-end SQL statements through manipulating input. An attacker can directly compromise the database, that’s why this is a most threatening attack. SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project [12]. It is probably the most common Website vulnerability today! Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can’t be implemented in all platforms or do not cover all types of SQL injection attacks. In this work we implement Detection Block model against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC static and dynamic query which is derived from entropy is compared to detect an attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Shahriar, H., Zulkernine, M.: Information theoretic detection of SQL injection attacks. In: Proceedings of 14th International Symposium on High Assurance System Engineering (2012)

  2. Xue, Q., He, P.: On defense and detection of SQL server injection attack. In: Proceedings of International Conference on Security Systems, 978-1-4244-6252-0/11/, pp. 324–330. IEEE (2011)

  3. Balasundaram, I., Ramaraj, E.: An authentication scheme for preventing SQL injection attack using hybrid encryption (PSQLIA-HBE). Eur. J. Sci. Res. 53(3), 359–368 (2011, ISSN 1450–216X)

  4. Avireddy, S., Perumal, V., Gowraj, N., Kannan, R.S., Prashanth, S.: Random4: an application specific randomized encryption algorithm to prevent SQL injection. In: Proceedings of 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1327–1335. IEEE (2012)

  5. Zhang, K.-X., Lin, C.-J., Chen, S.-J., Hwang, Y.: TransSQL: a translation and validation-based solution for SQL-injection attacks. In: Proceedings of First International Conference on Robot, Vision and Signal Processing, pp. 248–252. IEEE (2011)

  6. Huang, B., Xie, T., Ma, Y.: Anti SQL injection with statements sequence digest. National Science Foundation of China, Scientific Research and Development Plan of Nanning City (No. 10876012). IEEE (2012)

  7. Mamadhan, S., Manesh T., Paul, V.: SQLStor: blockage of stored procedure SQL injection attack using dynamic query structure validation. (No. 978-1-4673-5119-5/12/\({\$}\)31.00c) IEEE, pp. 240–246. 2012

  8. Kim, J.-G.: Injection attack detection using the removal of SQL query attribute values. 978-1-4244-9224-4/11/\({\$}\)26.00 \(\copyright \). IEEE (2011)

  9. Jueneman, R.R., Matyas, S.M., Meyer, C.H.: Message authentication. IEEE Commun. 23(9), 29–40 (1985)

    Article  Google Scholar 

  10. Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: Proceedings of International Conference on Communication Systems and Network Technologies, pp. 453–459. IEEE (2012)

  11. Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL injection attacks and countermeasures. In: Proceedings of the International Symposium on Secure Software Engineering (ISSSE 2006) Mar (2006)

  12. The Open Web Application Security Project (OWASP). Available: https://www.owasp.org/index.php/Top_10_2013-Top_10. Accessed 17 July 2014

Download references

Acknowledgments

Our thanks to the experts who have contributed towards study of the SQL injection. We sincerely thank our colleagues and friends. This paper would have been uncertain without the help and guidance of my guide.

Author information

Authors and Affiliations

  1. PIIT, New Panvel, Navi Mumbai, India

    Diksha Gautam Kumar & Madhumita Chatterjee

Authors
  1. Diksha Gautam Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Madhumita Chatterjee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Diksha Gautam Kumar.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, D.G., Chatterjee, M. MAC based solution for SQL injection. J Comput Virol Hack Tech 11, 1–7 (2015). https://doi.org/10.1007/s11416-014-0219-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-014-0219-6

Keywords

Search

Navigation