Abstract | ||
---|---|---|
Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we consider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised classification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security. |
Year | DOI | Venue |
---|---|---|
2019 | 10.1007/s10207-017-0393-x | International Journal of Information Security |
Keywords | Field | DocType |
Web-application,SQL injection,Naive Bayes,SVM,Tree-based,Edit-distance,Classification | SQL,Edit distance,Authentication,Naive Bayes classifier,Computer security,Computer science,Challenge–response authentication,Support vector machine,Web application,SQL injection | Journal |
Volume | Issue | ISSN |
18 | 1 | 1615-5270 |
Citations | PageRank | References |
0 | 0.34 | 4 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Debasish Das | 1 | 112 | 12.46 |
Utpal Sharma | 2 | 57 | 8.50 |
Dhruba K. Bhattacharyya | 3 | 226 | 27.72 |