Abstract | ||
---|---|---|
SQL injection attacks (SQLIAs) consist of maliciously crafted SQL inputs, including control code, used against Database-connected Web applications. To curtail the attackers' ability to generate such attacks, we propose an SQL Proxy-based Blocker (SQLProb). SQLProb harnesses the effectiveness and adaptivity of genetic algorithms to dynamically detect and extract users' inputs for undesirable SQL control sequences. Compared to state-of-the-art protection mechanisms, our method does not require any code changes on either the client, the web-server or the back-end database. Rather, our system uses a proxy that seamlessly integrates with existing operational environments offering protection to front-end web servers and back-end databases. To evaluate the overhead and the detection performance of our system, we implemented a prototype of SQLProb which we tested using real SQL attacks. Our experimental results show that we can detect all SQL injection attacks while maintaining very low resource utilization. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1145/1529282.1529737 | SAC |
Keywords | Field | DocType |
state-of-the-art protection mechanism,control code,back-end databases,real sql attack,proxy-based architecture,sql proxy-based blocker,code change,back-end database,undesirable sql control sequence,sql injection attack,sql input,intrusion,intrusion prevention,genetic algorithm,front end,intrusion detection,information security,resource utilization | SQL,Architecture,Computer science,Information security,Web application,SQL injection,Intrusion detection system,Operating system,Genetic algorithm,Web server | Conference |
Citations | PageRank | References |
36 | 1.48 | 26 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Anyi Liu | 1 | 187 | 12.01 |
Yi Yuan | 2 | 38 | 2.85 |
Duminda Wijesekera | 3 | 1464 | 141.54 |
Angelos Stavrou | 4 | 1288 | 98.69 |