期刊
INTERNATIONAL JOURNAL OF INFORMATION SECURITY
卷 18, 期 1, 页码 1-22出版社
SPRINGER
DOI: 10.1007/s10207-017-0393-x
关键词
Web-application; SQL injection; Naive Bayes; SVM; Tree-based; Edit-distance; Classification
Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we consider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised classification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据