Enhanced Query based Layered Approach Towards Detection and Prevention of Web Attacks

Abstract The Internet can be defined as a global system of interconnected networks (wired/wireless) that use a Standard Internet Protocol Suite (Transmission Control Protocol/IP) to serve information worldwide. The client server architecture defines the way in which computing devices all over the world connect to the World Wide Web. In this architecture, the client requests some information from a web server through a web browser. The web server connects to a database server in turn to fetch data. The connection between the web server and the database is the one that needs to be well secured. This is where the role of secure authentication techniques comes into picture. Cyber-crimes are immoral actions that include illegal access of data, illegal interception of data, eavesdropping of unauthorized data over an information technology infrastructure, etc. There are various kinds of cyber-crimes such as Web attacks, Spam, Phishing Attacks, Information Warfare, Nigerian Scams, and DOS Attacks. At some or the other stage, most of these are ramifications of web attacks – an advanced prevention technique of which is explained in this paper. The proposed methodology utilizes a multi-tier mechanism to detect SQL attacks while maintaining the speed and user experience of the web application. The layered approach ensures that a genuine user would never feel that such a security mechanism was in place, while making it extremely difficult for intruders to break in.