Logical Trees: an Essential Method of Parsing SQL Statement with Semantic Analysis

Comparing where sub-clauses between different SQL statements is important in analyzing SQL statements, which is usually the key for databases security. Comparing them literally is not sufficient, because there may be different character strings for the same semantic structure. A method called Logical Tree (LT) is proposed in this paper, which is used to compare different where sub-clauses semantically. By this method, where sub-clauses of SQL statements are denoted by trees. Some basic definitions of LT are addressed. According to laws of logical expressions, which are the form of where sub-clauses, accordingly laws and operations are defined for LT. When different LTs are reduced basing on some principles, they can be compared according to their structures. As a result, the where sub-clauses they denote are compared semantically. Basing on the method of LT, there may be more work about analyzing SQL statements can be done.

[1]  Angelos Stavrou,et al.  SQLProb: a proxy-based architecture towards preventing SQL injection attacks , 2009, SAC '09.

[2]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[3]  Marco Vieira,et al.  Detection of malicious transactions in DBMS , 2005, 11th Pacific Rim International Symposium on Dependable Computing (PRDC'05).

[4]  Gang Lu,et al.  Monitoring cumulated Anomaly in Databases , 2009, Int. J. Softw. Eng. Knowl. Eng..

[5]  Suhaimi Ibrahim,et al.  SQL injection detection and prevention techniques , 2011 .

[6]  Javier Bajo,et al.  CBRid4SQL: A CBR Intrusion Detector for SQL Injection Attacks , 2010, HAIS.

[7]  Dimitris Mitropoulos,et al.  SDriver: Location-specific signatures prevent SQL injection attacks , 2009, Comput. Secur..

[8]  Sang-Soo Yeo,et al.  A novel method for SQL injection attack detection based on removing SQL query attribute values , 2012, Math. Comput. Model..

[9]  V. N. Venkatakrishnan,et al.  CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks , 2010, TSEC.

[10]  Joseph Lee,et al.  DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions , 2002, ICEIS.

[11]  Konstantinos Kemalis,et al.  SQL-IDS: a specification-based approach for SQL-injection detection , 2008, SAC '08.

[12]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[13]  Mohamed I. Marie,et al.  Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection , 2012 .

[14]  Gang Lu,et al.  Detecting Cumulated Anomaly by a Dubiety Degree based detection Model , 2007, Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007).

[15]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[16]  Eelco Visser,et al.  Preventing injection attacks with syntax embeddings , 2007, GPCE '07.

[17]  Marco Vieira,et al.  Detecting Malicious SQL , 2007, TrustBus.

[18]  Yang Hong,et al.  Enhancement of learning by using an Online SQL Learning System with Automatic Checking Mechanism , 2012 .