Abstract
The network technology has evolved significantly recently. The growing use of cloud services, increased number of users, novel mobile operating systems and changes in network infrastructures that connect devices make novel challenges for cyber security. In order to counter arising threats, network security mechanisms and protection schemes also evolve and use sophisticated sensors and methods. In our previous work [27] we have introduced an innovative evolutionary algorithm for modeling genuine SQL queries generated by web-application. In [28] we have investigated how the proposed algorithm can be combined together with other Off-The-Shelf solutions (like SNORT and SCALP tools) in order to increase the detection ratio of injection attacks. In this paper we have significantly extended our test suite. First of all, we have compared our method with new efficient solutions for injection attack detection. We have also deeply discussed the drawbacks and benefits of these solutions. We have also explained how the correlation techniques can be adapted in order to overcome these drawbacks without loosing high effectiveness.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CERT Polska Annual Report (2011), http://www.cert.pl/PDF/ReportCP2011.pdf
SOPHOS homepage, http://www.sophos.com
Cisco Annual Report (2011)
Choraś, M., Kozik, R., Piotrowski, R., Brzostek, J., Hołubowicz, W.: Network Events Correlation for Federated Networks Protection System. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 100–111. Springer, Heidelberg (2011)
Rao, T.K., Kum, G.Y., Reddy, E.K., Sharma, M.: Major Issues of Web Applications: A Case Study of SQL Injection. Journal of Current Computer Science and Technology 2(1), 16–20 (2012)
Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEEACM International Conference on Automated Software Engineering (2005)
https://paulsparrows.wordpress.com/2011-cyber-attacks-timeline-master-index/
OWASP Top 10 2010, The Ten Most Critical Web Application Security Risks (2010)
Royal Navy Website Attacked by Romanian Hacker (2008), http://www.bbc.co.uk/news/technology-11711478
Mills, E.: DSL Reports Says Member Information Stolen (2011)
Keizer, G.: Huge Web Hack Attack Infects 500,000 pages (2008)
Tajpour, A., Jor Jor Zade Shooshtari, M.: Evaluation of SQL Injection Detection and Prevention Techniques. In: CICSyN 2010, Second International Conference on Computational Intelligence, Communication Systems and Networks (2010)
Amirtahmasebi, K., Jalalinia, S.R., Khadem, S.: A Survey of SQL Injection Defense Mechanisms. In: ICITST International Conference for Internet Technology and Secured Transactions (2009)
Elia, I.A., Fonseca, J., Vieira, M.: Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (2010)
Needleman, S.B., Wunsch, C.D.: A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology (1970)
Conrad, E.: Detecting Spam with Genetic Regular Expressions. SANS Institute InfoSec Reading Room (2007)
Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201–208 (2002)
Frank, E., Witten, I.H.: Generating Accurate Rule Sets Without Global Optimization. In: Fifteenth International Conference on Machine Learning, pp. 144–151 (1998)
PHP-IDS project homepage, https://phpids.org/
John, G.H., Langley, P.: Estimating Continuous Distributions in Bayesian Classifiers. In: Eleventh Conference on Uncertainty in Artificial Intelligence, San Mateo, pp. 338–345 (1995)
Weka REPTree reference manual, http://www.dbs.informatik.uni-muenchen.de/zimek/diplomathesis/implementations/EHNDs/doc/weka/classifiers/trees/REPTree.html
Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo (1993)
RIDOR classifier, http://weka.sourceforge.net/doc/weka/classifiers/rules/Ridor.html
Kaspersky Lab. Security report, http://www.securelist.com/en/analysis/204792244/The-geography-of-cybercrime-Western-Europe-and-North-America
ESET annual report, http://go.eset.com/us/resources/white-papers/Trends-for-2013-preview.pdf
ESET threat report (December 2012), http://go.eset.com/us/resources/threat-trends/Global-Threat-Trends-November-2012.pdf
Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.: Correlation Approach for SQL Injection Attacks Detection. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 177–185. Springer, Heidelberg (2013)
Choraś, M., Kozik, R.: Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection. In: Proc. of WSC 17 Online Conference on Soft Computing in Industrial Applications (2012)
WEKA 3 Data mining tool homepage, http://www.cs.waikato.ac.nz/ml/weka/
Ficco, M., Coppolino, L., Romano, L.: A Weight-Based Symptom Correlation Approach to SQL Injection Attacks. In: Fourth Latin-American Symposium on Dependable Computing, LADC 2009, September 1-4, pp. 9–16 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Choraś, M., Kozik, R. (2013). Evaluation of Various Techniques for SQL Injection Attack Detection. In: Burduk, R., Jackowski, K., Kurzynski, M., Wozniak, M., Zolnierek, A. (eds) Proceedings of the 8th International Conference on Computer Recognition Systems CORES 2013. Advances in Intelligent Systems and Computing, vol 226. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-00969-8_74
Download citation
DOI: https://doi.org/10.1007/978-3-319-00969-8_74
Publisher Name: Springer, Heidelberg
Print ISBN: 978-3-319-00968-1
Online ISBN: 978-3-319-00969-8
eBook Packages: EngineeringEngineering (R0)