SQL Injection Detection and Correction Using Machine Learning Techniques

SQL is a database language which is used to interact with the database. SQL is a language with the help of which database could be created, modified and deleted. Nowadays every organization used to have their own databases which may keep important information which should not be shared publicly. The SQL injection technique is now one of the most common attacks on the Internet. This paper is all about SQL injection, SQL injection attacks, and more important, how to detect and correct SQL injection. This paper proposes an algorithm to detect not only the SQL injection attack but also detects unauthorized user by maintaining an audit record using machine learning technique (clustering).

[1]  G. Aghila,et al.  Combinatorial Approach for Preventing SQL Injection Attacks , 2009, 2009 IEEE International Advance Computing Conference.

[2]  Chris Anley,et al.  Advanced SQL Injection In SQL Server Applications , 2002 .

[3]  Suraj C. Kothari,et al.  Eliminating SQL Injection Attacks - A Transparent Defense Mechanism , 2006, 2006 Eighth IEEE International Symposium on Web Site Evolution (WSE'06).

[4]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[5]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[6]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[7]  Giovanni Vigna,et al.  Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.

[8]  David LeBlanc,et al.  Writing Secure Code , 2001 .

[9]  Jeom-Goo Kim,et al.  Injection Attack Detection Using the Removal of SQL Query Attribute Values , 2011, 2011 International Conference on Information Science and Applications.

[10]  Al-Sakib Khan Pathan,et al.  A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[11]  Suhaimi Ibrahim,et al.  SQL injection detection and prevention techniques , 2011 .

[12]  Suraj C. Kothari,et al.  Preventing SQL injection attacks in stored procedures , 2006, Australian Software Engineering Conference (ASWEC'06).

[13]  Elisa Bertino,et al.  Profiling Database Application to Detect SQL Injection Attacks , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[14]  V. N. Venkatakrishnan,et al.  CANDID: preventing sql injection attacks using dynamic candidate evaluations , 2007, CCS '07.