DocumentCode :
3513004
Title :
Obfuscation-based analysis of SQL injection attacks
Author :
Halder, Raju ; Cortesi, Agostino
Author_Institution :
Dipt. di Inf., Univ. Ca Foscari di Venezia, Venice, Italy
fYear :
2010
fDate :
22-25 June 2010
Firstpage :
931
Lastpage :
938
Abstract :
In this paper, we propose an obfuscation/ deobfuscation based technique to detect the presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a DBMS. This technique combines static and dynamic analysis. In the static phase, the queries in the application are replaced by queries in obfuscated form. The main idea behind obfuscation is to isolate all the atomic formulas from other control elements of the query. During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas, and the dynamic verifier analysis the presence of possible SQLIA at atomic formula level. Finally, a deobfuscation step is performed to recover the original query before submitting it to the DBMS.
Keywords :
Databases; Encoding; Feature extraction; Logic gates; Pediatrics; Security; Servers; Deobfuscation; Obfuscation; SQL Injection Attack;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computers and Communications (ISCC), 2010 IEEE Symposium on
Conference_Location :
Riccione, Italy
ISSN :
1530-1346
Print_ISBN :
978-1-4244-7754-8
Type :
conf
DOI :
10.1109/ISCC.2010.5546750
Filename :
5546750
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3513004
بازگشت