Abstract
SQL injection attacks (SQLIA) is one of the topmost threats affects business operations at present. Aho-Corasick (AC) multi-pattern matching algorithm combined with static analysis and dynamic tectonic attack mode to detect and prevent SQL injection attacks effectively. However, for the database, we can also detect and prevent SQL injection with the concept of access to database users and roles. In this paper, we analyze the existing methods of detecting and preventing SQL injection. Besides we extend the traditional AC multi-pattern matching algorithm and propose a two-tiered defence of techniques-the first tier is the fine-grained role-based access control (RBAC) model and the second tier is an extended AC multi-pattern matching algorithm, which improve the detection efficiency and reduce the SQL statement detection time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anley: Advanced SQL Injection in SQL Server Applications. Next Generation Security Software LTD. White Paper (2002)
Sun, W., Manber U.: A Fast Algorithm for Multi-pattern Searching. Technical report 94-17, University of Arizona at Tuscon (1994)
Bertino, E., Kamra, A., Early, J.: Profiling database application to detect SQL injection attacks, San Diego, California, USA (2007)
Amutha, M., Kartikeyan, M., Marimuthu, K.: An efficient technique for preventing Sql injection attack using pattern matching algorithm. In: International Conference on Emerging Trends in Computing, Communication and Nanotechnology, Nassau, Bahamas (2013)
Halfond, W., Orso, A.: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. In: IEEE/ACM International Conference on Automated Engineering (ASE), Long Beach, California, USA, pp. 174–183 (2005)
Halfond, W.G.J., Orso, A.: Combining static analysis and runtime monitoring to counter SQL injection attacks. In: 3rd International Workshop on Dynamic Analysis, St. Louis, Missouri, USA, pp. 1–7 (2005)
Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Commun. ACM 18, 333–340 (1975). St. Louis, Missouri
Millham, R., Dogbe, E., Singh, P.: Role and data-based constraints of data access control in a legacy system migration to a service-oriented environment. In: International Proceedings of Computer Science and Information Technology (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Zhu, Y., Zhang, G., Lai, Z., Niu, B., Shen, Y. (2018). A Two-Tiered Defence of Techniques to Prevent SQL Injection Attacks. In: Barolli, L., Enokido, T. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2017. Advances in Intelligent Systems and Computing, vol 612. Springer, Cham. https://doi.org/10.1007/978-3-319-61542-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-61542-4_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61541-7
Online ISBN: 978-3-319-61542-4
eBook Packages: EngineeringEngineering (R0)