Improving Web Application Firewalls to detect advanced SQL injection attacks

Author

Makiou, Abdelhamid ; Begriche, Youcef ; Serhrouchni, Ahmed

Author_Institution

Telecom ParisTech, Paris, France

fYear

2014

Firstpage

35

Lastpage

40

Abstract

Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF´s rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules. Our Web Application Firewall architecture aims to optimize detection performances by using a prediction module that excludes legitimate requests from the inspection process.

Keywords

Internet; SQL; firewalls; learning (artificial intelligence); pattern classification; pattern matching; telecommunication traffic; transport protocols; HIPS; HTTP data streams; WAF rules; Web application firewall architecture; complex SQL injection attack detection; hybrid injection prevention system; legitimate requests; machine learning classifier; malicious HTTP transaction detection; pattern matching inspection engine; prediction module; reduced sets; security rules; security threats; Servers; HTTP dissection; SQL injection; Security rules; Web Application Firewall; machine learning;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance and Security (IAS), 2014 10th International Conference on

Print_ISBN

978-1-4799-8098-7

Type

conf

DOI

10.1109/ISIAS.2014.7064617

Filename

7064617