Abstract
SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 649-654 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781509026555 |
| DOIs | |
| Publication status | Published - Jan 13 2017 |
| Event | 4th International Symposium on Computing and Networking, CANDAR 2016 - Hiroshima, Japan Duration: Nov 22 2016 → Nov 25 2016 |
Publication series
| Name | Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016 |
|---|
Other
| Other | 4th International Symposium on Computing and Networking, CANDAR 2016 |
|---|---|
| Country | Japan |
| City | Hiroshima |
| Period | 11/22/16 → 11/25/16 |
All Science Journal Classification (ASJC) codes
- Computer Science Applications
- Hardware and Architecture
- Signal Processing
- Computer Networks and Communications
Cite this
SQL injection attack detection method using expectation criterion. / Xiao, Linghuan; Matsumoto, Shinichi; Ishikawa, Tomohisa; Sakurai, Kouichi.
Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 649-654 7818686 (Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - SQL injection attack detection method using expectation criterion
AU - Xiao, Linghuan
AU - Matsumoto, Shinichi
AU - Ishikawa, Tomohisa
AU - Sakurai, Kouichi
PY - 2017/1/13
Y1 - 2017/1/13
N2 - SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.
AB - SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.
UR - http://www.scopus.com/inward/record.url?scp=85015222622&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85015222622&partnerID=8YFLogxK
U2 - 10.1109/CANDAR.2016.74
DO - 10.1109/CANDAR.2016.74
M3 - Conference contribution
AN - SCOPUS:85015222622
T3 - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016
SP - 649
EP - 654
BT - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016
PB - Institute of Electrical and Electronics Engineers Inc.
ER -