Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks

The ubiquity of Web applications has led to an increased focus on the development of attacks targeting these applications. One particular type of attack that has recently become prominent is the SQL injection attack. SQL injection attacks can potentially result in unauthorized access to confidential information stored in a backend database. In this paper we describe an anomaly based approach which utilizes the character distribution of certain sections of HTTP requests to detect previously unseen SQL injection attacks. Our approach requires no user interaction, and no modification of or access to, either the backend database or the source code of the web application itself. Our practical results suggest that the model proposed in this paper is superior to existing models at detecting SQL injection attacks. We also evaluate the effectiveness of our model at detecting different types of SQL injection attacks.

[1]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[2]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[3]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[4]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[5]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[6]  Sushil Jajodia,et al.  Data warehousing and data mining techniques for intrusion detection systems , 2006, Distributed and Parallel Databases.

[7]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[8]  Alessandro Orso,et al.  Combining static analysis and runtime monitoring to counter SQL-injection attacks , 2005, ACM SIGSOFT Softw. Eng. Notes.

[9]  SQL Injection Signatures Evasion , 2004 .

[10]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[11]  Richard Sharp,et al.  Abstracting application-level web security , 2002, WWW.

[12]  George M. Mohay,et al.  Length Based Modelling of HTTP Traffic for Detecting SQL Injection Attacks , 2007 .

[13]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[14]  Chris Anley,et al.  Advanced SQL Injection In SQL Server Applications , 2002 .