• DocumentCode
    3194923
  • Title

    Injection Attack Detection Using the Removal of SQL Query Attribute Values

  • Author

    Kim, Jeom-Goo

  • Author_Institution
    Dept. of Comput. Sci., Namseoul Univ., Cheonan, South Korea
  • fYear
    2011
  • fDate
    26-29 April 2011
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    The expansion of the Internet has made web applications become a part of everyday life. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query removal method which uses Combined Static and Dynamic Analysis and evaluates the efficiency through various experiments.
  • Keywords
    Internet; SQL; program diagnostics; security of data; Internet; SQL Injection attack; SQL query attribute value removal; Web application; dynamic analysis; injection attack detection; security threat; static analysis; Algorithm design and analysis; Databases; Heuristic algorithms; Java; Machine learning; Runtime; Servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Science and Applications (ICISA), 2011 International Conference on
  • Conference_Location
    Jeju Island
  • Print_ISBN
    978-1-4244-9222-0
  • Electronic_ISBN
    978-1-4244-9223-7
  • Type

    conf

  • DOI
    10.1109/ICISA.2011.5772411
  • Filename
    5772411
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3194923