4.4 Article

Defeating SQL injection attack in authentication security: an experimental study

INTERNATIONAL JOURNAL OF INFORMATION SECURITY (2019)

Get Full Text
Add to Collection

Journal

INTERNATIONAL JOURNAL OF INFORMATION SECURITY
Volume 18, Issue 1, Pages 1-22

Publisher

SPRINGER
DOI: 10.1007/s10207-017-0393-x

Keywords

Web-application; SQL injection; Naive Bayes; SVM; Tree-based; Edit-distance; Classification

Categories

Computer Science, Information Systems Computer Science, Software Engineering Computer Science, Theory & Methods

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we consider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised classification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.4
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.