SQL injection attack detection method using expectation criterion

Linghuan Xiao; Shinichi Matsumoto; Tomohisa Ishikawa; Kouichi Sakurai

doi:10.1109/CANDAR.2016.74

SQL injection attack detection method using expectation criterion

Linghuan Xiao, Shinichi Matsumoto, Tomohisa Ishikawa, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.

Original language	English
Title of host publication	Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	649-654
Number of pages	6
ISBN (Electronic)	9781509026555
DOIs	https://doi.org/10.1109/CANDAR.2016.74
Publication status	Published - Jan 13 2017
Event	4th International Symposium on Computing and Networking, CANDAR 2016 - Hiroshima, Japan Duration: Nov 22 2016 → Nov 25 2016

Publication series

Name	Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

Other

Other	4th International Symposium on Computing and Networking, CANDAR 2016
Country	Japan
City	Hiroshima
Period	11/22/16 → 11/25/16

All Science Journal Classification (ASJC) codes

Computer Science Applications
Hardware and Architecture
Signal Processing
Computer Networks and Communications

Access to Document

10.1109/CANDAR.2016.74

Cite this

Xiao, L., Matsumoto, S., Ishikawa, T., & Sakurai, K. (2017). SQL injection attack detection method using expectation criterion. In Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016 (pp. 649-654). [7818686] (Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2016.74

SQL injection attack detection method using expectation criterion. / Xiao, Linghuan; Matsumoto, Shinichi; Ishikawa, Tomohisa; Sakurai, Kouichi.

Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 649-654 7818686 (Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Xiao, L, Matsumoto, S, Ishikawa, T & Sakurai, K 2017, SQL injection attack detection method using expectation criterion. in Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016., 7818686, Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016, Institute of Electrical and Electronics Engineers Inc., pp. 649-654, 4th International Symposium on Computing and Networking, CANDAR 2016, Hiroshima, Japan, 11/22/16. https://doi.org/10.1109/CANDAR.2016.74

Xiao L, Matsumoto S, Ishikawa T, Sakurai K. SQL injection attack detection method using expectation criterion. In Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016. Institute of Electrical and Electronics Engineers Inc. 2017. p. 649-654. 7818686. (Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016). https://doi.org/10.1109/CANDAR.2016.74

Xiao, Linghuan ; Matsumoto, Shinichi ; Ishikawa, Tomohisa ; Sakurai, Kouichi. / SQL injection attack detection method using expectation criterion. Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 649-654 (Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016).

@inproceedings{3975ccc90312432dbc88206187d85fcf,

title = "SQL injection attack detection method using expectation criterion",

abstract = "SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.",

author = "Linghuan Xiao and Shinichi Matsumoto and Tomohisa Ishikawa and Kouichi Sakurai",

year = "2017",

month = jan,

day = "13",

doi = "10.1109/CANDAR.2016.74",

language = "English",

series = "Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "649--654",

booktitle = "Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016",

address = "United States",

note = "4th International Symposium on Computing and Networking, CANDAR 2016 ; Conference date: 22-11-2016 Through 25-11-2016",

}

TY - GEN

T1 - SQL injection attack detection method using expectation criterion

AU - Xiao, Linghuan

AU - Matsumoto, Shinichi

AU - Ishikawa, Tomohisa

AU - Sakurai, Kouichi

PY - 2017/1/13

Y1 - 2017/1/13

N2 - SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.

AB - SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.

UR - http://www.scopus.com/inward/record.url?scp=85015222622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015222622&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2016.74

DO - 10.1109/CANDAR.2016.74

M3 - Conference contribution

AN - SCOPUS:85015222622

T3 - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

SP - 649

EP - 654

BT - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 4th International Symposium on Computing and Networking, CANDAR 2016

Y2 - 22 November 2016 through 25 November 2016

ER -