Evaluation of Various Techniques for SQL Injection Attack Detection

  • Michał ChoraśEmail author
  • Rafał Kozik
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 226)


The network technology has evolved significantly recently. The growing use of cloud services, increased number of users, novel mobile operating systems and changes in network infrastructures that connect devices make novel challenges for cyber security. In order to counter arising threats, network security mechanisms and protection schemes also evolve and use sophisticated sensors and methods. In our previous work [27] we have introduced an innovative evolutionary algorithm for modeling genuine SQL queries generated by web-application. In [28] we have investigated how the proposed algorithm can be combined together with other Off-The-Shelf solutions (like SNORT and SCALP tools) in order to increase the detection ratio of injection attacks. In this paper we have significantly extended our test suite. First of all, we have compared our method with new efficient solutions for injection attack detection. We have also deeply discussed the drawbacks and benefits of these solutions. We have also explained how the correlation techniques can be adapted in order to overcome these drawbacks without loosing high effectiveness.


Cloud Service Regular Expression Attack Detection Malicious Code Injection Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CERT Polska Annual Report (2011),
  2. 2.
    SOPHOS homepage,
  3. 3.
    Cisco Annual Report (2011)Google Scholar
  4. 4.
    Choraś, M., Kozik, R., Piotrowski, R., Brzostek, J., Hołubowicz, W.: Network Events Correlation for Federated Networks Protection System. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 100–111. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Rao, T.K., Kum, G.Y., Reddy, E.K., Sharma, M.: Major Issues of Web Applications: A Case Study of SQL Injection. Journal of Current Computer Science and Technology 2(1), 16–20 (2012)Google Scholar
  6. 6.
    Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEEACM International Conference on Automated Software Engineering (2005)Google Scholar
  7. 7.
  8. 8.
    OWASP Top 10 2010, The Ten Most Critical Web Application Security Risks (2010)Google Scholar
  9. 9.
    Royal Navy Website Attacked by Romanian Hacker (2008),
  10. 10.
    Mills, E.: DSL Reports Says Member Information Stolen (2011)Google Scholar
  11. 11.
    Keizer, G.: Huge Web Hack Attack Infects 500,000 pages (2008)Google Scholar
  12. 12.
    Tajpour, A., Jor Jor Zade Shooshtari, M.: Evaluation of SQL Injection Detection and Prevention Techniques. In: CICSyN 2010, Second International Conference on Computational Intelligence, Communication Systems and Networks (2010)Google Scholar
  13. 13.
    Amirtahmasebi, K., Jalalinia, S.R., Khadem, S.: A Survey of SQL Injection Defense Mechanisms. In: ICITST International Conference for Internet Technology and Secured Transactions (2009)Google Scholar
  14. 14.
    Elia, I.A., Fonseca, J., Vieira, M.: Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (2010)Google Scholar
  15. 15.
    Needleman, S.B., Wunsch, C.D.: A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology (1970)Google Scholar
  16. 16.
    Conrad, E.: Detecting Spam with Genetic Regular Expressions. SANS Institute InfoSec Reading Room (2007)Google Scholar
  17. 17.
    Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201–208 (2002)Google Scholar
  18. 18.
    Frank, E., Witten, I.H.: Generating Accurate Rule Sets Without Global Optimization. In: Fifteenth International Conference on Machine Learning, pp. 144–151 (1998)Google Scholar
  19. 19.
    PHP-IDS project homepage,
  20. 20.
    John, G.H., Langley, P.: Estimating Continuous Distributions in Bayesian Classifiers. In: Eleventh Conference on Uncertainty in Artificial Intelligence, San Mateo, pp. 338–345 (1995)Google Scholar
  21. 21.
  22. 22.
    Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo (1993)Google Scholar
  23. 23.
  24. 24.
  25. 25.
  26. 26.
  27. 27.
    Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.: Correlation Approach for SQL Injection Attacks Detection. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 177–185. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  28. 28.
    Choraś, M., Kozik, R.: Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection. In: Proc. of WSC 17 Online Conference on Soft Computing in Industrial Applications (2012)Google Scholar
  29. 29.
    WEKA 3 Data mining tool homepage,
  30. 30.
    Ficco, M., Coppolino, L., Romano, L.: A Weight-Based Symptom Correlation Approach to SQL Injection Attacks. In: Fourth Latin-American Symposium on Dependable Computing, LADC 2009, September 1-4, pp. 9–16 (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  1. 1.ITTI Ltd.PoznańPoland
  2. 2.Institute of TelecommunicationsUT&LSBydgoszczPoland

Personalised recommendations