SQL injection attack detection using fingerprints and pattern matching technique

Web-Based applications are becoming more increasingly technically complex and sophisticated. The very nature of their feature-rich design and their capability to collate, process, and disseminate information over the Internet or from within an intranet makes them a popular target for attack. According to Open Web Application Security Project (OWASP) Top Ten Cheat sheet-2017, SQL Injection Attack is at peak among online attacks. This can be attributed primarily to lack of awareness on software security. Developing effective SQL injection detection approaches has been a challenge in spite of extensive research in this area. In this paper, we propose a signature based SQL injection attack detection framework by integrating fingerprinting method and Pattern Matching to distinguish genuine SQL queries from malicious queries. Our framework monitors SQL queries to the database and compares them against a dataset of signatures from known SQL injection attacks. If the fingerprint method cannot determine the legitimacy of query alone, then the Aho Corasick algorithm is invoked to ascertain whether attack signatures appear in the queries. The initial experimental results of our framework indicate the approach can identify wide variety of SQL injection attacks with negligible impact on performance.

[1]  Lukas Kencl,et al.  Approximate fingerprinting to accelerate pattern matching , 2006, IMC '06.

[2]  George Varghese,et al.  Applying Fast String Matching to Intrusion Detection , 2001 .

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  Debabrata Kar,et al.  SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity , 2015, ICDCIT.

[5]  Wang Yi,et al.  Literal Tainting Method for Preventing Code Injection Attack in Web Application , 2012 .

[6]  Marc Najork,et al.  On the evolution of clusters of near-duplicate Web pages , 2003, Proceedings of the IEEE/LEOS 3rd International Conference on Numerical Simulation of Semiconductor Optoelectronic Devices (IEEE Cat. No.03EX726).

[7]  Sharath Pankanti,et al.  On the Individuality of Fingerprints , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[8]  Zhendong Su,et al.  Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.

[9]  Christopher Krügel,et al.  Static analysis for detecting taint-style vulnerabilities in web applications , 2010, J. Comput. Secur..

[10]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[11]  Stuart Staniford,et al.  Towards Faster String Matching for Intrusion Detection , 2001 .

[12]  Zeng Qing Taint Propagation Analysis and Dynamic Verification with Information Flow Policy , 2011 .

[13]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[14]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[16]  Zhoujun Li,et al.  SQL Injection Detection via Program Tracing and Machine Learning , 2012, IDCS.