High-Interaction Honeypot System for SQL Injection Analysis

Author

Ma, Jiao ; Chai, Kun ; Xiao, Yao ; Lan, Tian ; Huang, Wei

Author_Institution

Beijing Univ. of Posts & Telecommun., Beijing, China

Volume

3

fYear

2011

fDate

24-25 Sept. 2011

Firstpage

274

Lastpage

277

Abstract

In order to solve the problems that IDSs and firewalls cannot efficiently detect new SQL injection and too much time is wasted when the security personnel reads log files to analyze attacks, we proposed and implemented a high-interaction web honey pot system for SQL injection analysis. By (i)modifying PHP extension for MySQL to intercept data-base requests and (ii)adopting exception based and signature based detection techniques, the system can generate the corresponding attack graphs to solve problems above. For illustration, SQL injection attack examples are utilized to show the performance of the honey pot system. The results show that the honey pot system can intercept all database requests and increase the efficiency of SQL injection analysis with the attack graphs. This system provides an efficient and timely detection on the new SQL injection and helps security personnel quickly analyzing the new SQL injection with the attack graph.

Keywords

Internet; SQL; authorisation; computer network security; graphs; IDS; MySQL; PHP extension; SQL injection attack; attack graph; firewall; high-interaction Web honeypot system; high-interaction honeypot system; intercept database request; log file; security personnel; signature based detection technique; Computers; Information technology; SQL injection; attack graph; honeypot;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology, Computer Engineering and Management Sciences (ICM), 2011 International Conference on

Conference_Location

Nanjing, Jiangsu

Print_ISBN

978-1-4577-1419-1

Type

conf

DOI

10.1109/ICM.2011.287

Filename

6113637