2007 | OriginalPaper | Buchkapitel
SQL Injection Attack Detection: Profiling of Web Application Parameter Using the Sequence Pairwise Alignment
verfasst von : Jae-Chul Park, Bong-Nam Noh
Erschienen in: Information Security Applications
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Web applications employing database-driven content have become widely deployed on the Internet, and organizations use them to provide a broad range of services to people. Along with their growing deployment, there has been a surge in attacks that target these applications. One type of attack in particular, SQL injection, is especially harmful. SQL injections can give attackers direct access to the database underlying an application and allow them to leak confidential or even sensitive information. SQL injection is able to evade or detour IDS or firewall in various ways. Hence, detection system based on regular expression or predefined signatures cannot prevent SQL injection effectively. We present a detection mode for SQL injection using pairwise sequence alignment of amino acid code formulated from web application parameter database sent via web server. An experiment shows that our method detects SQL injection and, moreover, previously unknown attacks as well as variations of known attacks.