Paper Info
Title
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Abstract
SQL injection attacks (SQLIAs) consist of maliciously crafted SQL inputs, including control code, used against Database-connected Web applications. To curtail the attackers' ability to generate such attacks, we propose an SQL Proxy-based Blocker (SQLProb). SQLProb harnesses the effectiveness and adaptivity of genetic algorithms to dynamically detect and extract users' inputs for undesirable SQL control sequences. Compared to state-of-the-art protection mechanisms, our method does not require any code changes on either the client, the web-server or the back-end database. Rather, our system uses a proxy that seamlessly integrates with existing operational environments offering protection to front-end web servers and back-end databases. To evaluate the overhead and the detection performance of our system, we implemented a prototype of SQLProb which we tested using real SQL attacks. Our experimental results show that we can detect all SQL injection attacks while maintaining very low resource utilization.
Year
DOI
Venue
2009
10.1145/1529282.1529737
SAC
Keywords
Field
DocType
state-of-the-art protection mechanism,control code,back-end databases,real sql attack,proxy-based architecture,sql proxy-based blocker,code change,back-end database,undesirable sql control sequence,sql injection attack,sql input,intrusion,intrusion prevention,genetic algorithm,front end,intrusion detection,information security,resource utilization
SQL,Architecture,Computer science,Information security,Web application,SQL injection,Intrusion detection system,Operating system,Genetic algorithm,Web server
Conference
Citations 
PageRank 
References 
36
1.48
26
Authors
4
Name
Order
Citations
PageRank
Anyi Liu118712.01
Yi Yuan2382.85
Duminda Wijesekera31464141.54
Angelos Stavrou4128898.69