SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM

SQL injection attacks have been predominant on web databases since the last 15 years. Exploiting input validation flaws, attackers inject SQL code through the front-end of websites and steal data from the back-end databases. Detection of SQL injection attacks has been a challenging problem due to ex...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security Jg. 60; S. 206 - 225
Hauptverfasser: Kar, Debabrata, Panigrahi, Suvasini, Sundararajan, Srikanth
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Amsterdam Elsevier Ltd 01.07.2016
Elsevier Sequoia S.A
Schlagworte:
Applications programs
Codes
Cybersecurity
Database firewall
Graph of tokens
Graphs
Heterogeneity
Mathematical analysis
Node centrality
Queries
Query languages
Query token graph
Software
SQL injection attack
SQL injection detection
Structured Query Language-SQL
Studies
Support vector machine
Support vector machines
SQL injection attack
Query token graph
Node centrality
Support vector machine
SQL injection detection
Database firewall
Graph of tokens
ISSN:0167-4048, 1872-6208
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:SQL injection attacks have been predominant on web databases since the last 15 years. Exploiting input validation flaws, attackers inject SQL code through the front-end of websites and steal data from the back-end databases. Detection of SQL injection attacks has been a challenging problem due to extreme heterogeneity of the attack vectors. In this paper, we present a novel approach to detect injection attacks by modeling SQL queries as graph of tokens and using the centrality measure of nodes to train a Support Vector Machine (SVM). We explore different methods of creating token graphs and propose alternative designs of the system comprising of single and multiple SVMs. The system is designed to work at the database firewall layer and can protect multiple web applications in a shared hosting scenario. Though we focus primarily on web applications developed with PHP and MySQL, the approach can be easily ported to other platforms. The experimental results demonstrate that this technique can effectively identify malicious SQL queries with negligible performance overhead.
Bibliographie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2016.04.005