ABSTRACT
Injection attacks are at the top of Open Web Application Security Project's Top 10 Application Security Risks list almost every year. SQL Injection (SQLI) is one such attack that presents the adversaries an opportunity to access personally identifiable information and commit identity theft, putting breach victims at risk. An intrusion detection and prevention system is a system or software application that continuously monitors a network for possible malicious activity or policy violations. A signature-based Intrusion Detection System (IDS) relies on predefined signatures to detect an attack. The signatures used are usually released periodically by the company who owns the IDS software or by the admin. Writing these signatures manually or waiting on the releases of new rules can take up significant time, effort, and knowledge. In this paper, we develop a system that monitors traffic in real time, performs deep packet inspection on each incoming packet, and looks for possible SQLI patterns to form rules in Snort (IDS) database. Our method increases the baseline IDS performance by 4.7x, with only 23% of the resources required by the baseline, while performing in the order of a few milliseconds, suitable for real-time edge networks.
- Hesham Altwaijry and Khalid Shahbar. 2013. (WHASG) automatic SNORT signatures generation by using honeypot. Journal of Computers , Vol. 8, 12 (2013), 3280--3287.Google ScholarCross Ref
- Philippe Biondi. 2010. Scapy documentation (!).Google Scholar
- Parminder Chhabra, Ajita John, and Huzur Saran. 2005. PISA: automatic extraction of traffic signatures. In International Conference on Research in Networking. Springer, 730--742.Google ScholarDigital Library
- Security Compass. 2016. A brief history of application security. https://blog.securitycompass.com/a-brief-history-of-application-security-21e5a29ac330.Google Scholar
- Github. 2015. dumbpig. An automated way to check for dumb snort rules. https://github.com/leonward/dumbpig.Google Scholar
- Michael Holloway. 2015. Stuxnet Worm Attack on Iranian Nuclear Facilities. http://large.stanford.edu/courses/2015/ph241/holloway1/.Google Scholar
- Cisco Inc. 2014. Snort: The World's Most Widely Deployed IPS Technology. https://www.cisco.com/c/en/us/products/collateral/security/brief_c17--733286.html.Google Scholar
- Cloudfare Inc. 2019. SQL Injection. https://www.cloudflare.com/learning/security/threats/sql-injection/.Google Scholar
- Intel Inc. 2017. Hyperscan and Snort* Integration. https://software.intel.com/en-us/articles/hyperscan-and-snort-integration.Google Scholar
- Eunsoo Kim, Kuyju Kim, Dongsoon Shin, Beomjin Jin, and Hyoungshick Kim. 2018. CyTIME: Cyber Threat Intelligence ManagEment framework for automatically generating security rules. In Proceedings of the 13th International Conference on Future Internet Technologies. ACM, 7.Google ScholarDigital Library
- Hyang-Ah Kim and Brad Karp. 2004. Autograph: Toward Automated, Distributed Worm Signature Detection. In USENIX security symposium, Vol. 286. San Diego, CA.Google ScholarDigital Library
- Christian Kreibich and Jon Crowcroft. 2004. Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM computer communication review , Vol. 34, 1 (2004), 51--56.Google Scholar
- Norton. 2019. What is cyber security? https://us.norton.com/internetsecurity-iot-what-is-cyber-security.html.Google Scholar
- OWASP. 2017. Open Web Application Security Project: Top Ten Project. https://www.owasp.org/index.php/Category:OWASP_Top_Ten _Project.Google Scholar
- Claus Pahl, Sven Helmer, Lorenzo Miori, Julian Sanin, and Brian Lee. 2016. A container-based edge cloud paas architecture based on raspberry pi clusters. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW). IEEE, 117--124.Google ScholarCross Ref
- Rafeeq Ur Rehman. 2003. Intrusion detection systems with Snort: advanced IDS techniques using Snort, Apache, MySQL, PHP, and ACID .Prentice Hall Professional.Google Scholar
- Brandon Rice. 2014. Automated snort signature generation. Masters Theses, James Madison University (2014).Google Scholar
- Martin Roesch et almbox. 1999. Snort: Lightweight intrusion detection for networks. In Lisa, Vol. 99. 229--238.Google ScholarDigital Library
- Ehsan Saboori, Shafigh Parsazad, and Yasaman Sanatkhani. 2010. Automatic firewall rules generator for anomaly detection systems with Apriori algorithm. In 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), Vol. 6. IEEE, V6--57.Google ScholarCross Ref
- Palen Schwab. 2015. The History of Intrusion Detection Systems (IDS) - Part 1. https://www.threatstack.com/blog/the-history-of-intrusion-detection-systems-ids-part-1.Google Scholar
- SentinelOne. 2019. The history of cyber-security: Everything you ever wanted to know. https://www.sentinelone.com/blog/history-of-cyber-security/.Google Scholar
- Géza Szabó , Zoltán Turányi, László Toka, Sándor Molnár, and Alysson Santos. 2011. Automatic protocol signature generation framework for deep packet inspection. In Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 291--299.Google Scholar
- Chuck Willis. 2010. OWASP Broken Web Applications Project. (2010).Google Scholar
- Zhenwei Yu, Jeffrey JP Tsai, and Thomas Weigert. 2008. An adaptive automatically tuning intrusion detection system. ACM Transactions on Autonomous and Adaptive Systems (TAAS) , Vol. 3, 3 (2008), 10.Google ScholarDigital Library
- Jiong Zhang, Mohammad Zulkernine, and Anwar Haque. 2008. Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) , Vol. 38, 5 (2008), 649--659.Google ScholarDigital Library
Index Terms
- Real-time Traffic Monitoring and SQL Injection Attack Detection for Edge Networks
Recommendations
Exploring Defense of SQL Injection Attack in Penetration Testing
SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed ...
Employing Neural Networks for the Detection of SQL Injection Attack
SIN '14: Proceedings of the 7th International Conference on Security of Information and NetworksStructured Query Language Injection (SQLI) attack is a code injection technique in which malicious SQL statements are inserted into the SQL database by simply using web browsers. SQLI attack can cause severe damages on a given SQL database such as ...
A review of Machine Learning-based zero-day attack detection: Challenges and future directions
AbstractZero-day attacks exploit unknown vulnerabilities so as to avoid being detected by cybersecurity detection tools. The studies (Bilge and Dumitraş, 2012, Google, 0000, Ponemon Sullivan Privacy Report, 2020) show that zero-day attacks are ...
Comments