DocumentCode
2694817
Title
Design considerations for a honeypot for SQL injection Attacks
Author
Chen, Thomas M. ; Buford, John
Author_Institution
Sch. of Eng., Swansea Univ., Swansea, UK
fYear
2009
fDate
20-23 Oct. 2009
Firstpage
915
Lastpage
921
Abstract
SQL injection attacks continue to be a major problem for Web applications. We investigate design considerations for an application layer honeypot to attract and learn about SQL injection attacks. The honeypot responds with indications of vulnerability leading attackers ultimately to disinformation that could be useful to track them. The honeypot restricts attackers from escalating the attack to the operating system or launching attacks on other systems. The honeypot could emulate the appearance of common defenses against SQL injection in order to seem more genuine. Finally, we describe considerations to implement an experimental honeypot with honeyd.
Keywords
Internet; SQL; operating systems (computers); security of data; SQL injection attacks; Web applications; application layer honeypot; operating system; Application software; Communication networks; Computer languages; Database languages; Design engineering; ISO standards; Information retrieval; Operating systems; Relational databases; Web server;
fLanguage
English
Publisher
ieee
Conference_Titel
Local Computer Networks, 2009. LCN 2009. IEEE 34th Conference on
Conference_Location
Zurich
Print_ISBN
978-1-4244-4488-5
Electronic_ISBN
978-1-4244-4487-8
Type
conf
DOI
10.1109/LCN.2009.5355040
Filename
5355040
Link To Document