Title :
Injection Attack Detection Using the Removal of SQL Query Attribute Values
Author_Institution :
Dept. of Comput. Sci., Namseoul Univ., Cheonan, South Korea
Abstract :
The expansion of the Internet has made web applications become a part of everyday life. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query removal method which uses Combined Static and Dynamic Analysis and evaluates the efficiency through various experiments.
Keywords :
Internet; SQL; program diagnostics; security of data; Internet; SQL Injection attack; SQL query attribute value removal; Web application; dynamic analysis; injection attack detection; security threat; static analysis; Algorithm design and analysis; Databases; Heuristic algorithms; Java; Machine learning; Runtime; Servers;
Conference_Titel :
Information Science and Applications (ICISA), 2011 International Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4244-9222-0
Electronic_ISBN :
978-1-4244-9223-7
DOI :
10.1109/ICISA.2011.5772411
