SQL injection attack detection method using expectation criterion

Linghuan Xiao, Shinichi Matsumoto, Tomohisa Ishikawa, Kouichi Sakurai

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

5 被引用数 (Scopus)

抄録

SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security Project (OWASP). In the other hand, although there was proposed a lot of methods to address the SQL injection attack, the current approaches almost have the limitation to detect full scope of the attack. What is more, the approaches have high precision in detecting pre-existing attacks though, but cannot detect unknown attacks. In this paper, we present an expectation-based solution to address SQL injection attack. Our proposal mainly has two phases. In the first phase, we calculate the occurrence probability of the SQL injection attack special characters in attack dataset and typical dataset respectively, and in the second phase we detect SQL injection attack base on expectation calculating take advantage of the computed occurrence probability.

本文言語英語
ホスト出版物のタイトルProceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016
出版社Institute of Electrical and Electronics Engineers Inc.
ページ649-654
ページ数6
ISBN(電子版)9781509026555
DOI
出版ステータス出版済み - 1 13 2017
イベント4th International Symposium on Computing and Networking, CANDAR 2016 - Hiroshima, 日本
継続期間: 11 22 201611 25 2016

出版物シリーズ

名前Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

その他

その他4th International Symposium on Computing and Networking, CANDAR 2016
国/地域日本
CityHiroshima
Period11/22/1611/25/16

All Science Journal Classification (ASJC) codes

  • コンピュータ サイエンスの応用
  • ハードウェアとアーキテクチャ
  • 信号処理
  • コンピュータ ネットワークおよび通信

引用スタイル