SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity

SQL Injection Attack has been a major security threat to web applications since last 15 years. Nowadays, hackers use automated tools to discover vulnerable websites and launch mass injection attacks. Accurate run-time detection of SQL injection has been a challenge in spite of extensive research in this area. This paper presents a novel approach for real-time detection of SQL injection attacks using query transformation and document similarity measure. Acting as a database firewall, the proposed system named SQLiDDS, can protect multiple web applications using the database server. With additional inputs from human expert, SQLiDDS can also become more robust over time. Our experimental results confirm that this approach can effectively detect and prevent all types of SQL injection attacks with good accuracy yet negligible impact on system performance. The approach was tested on web applications built using PHP and MySQL, however it can be easily adopted in other platforms with minimal changes.

[1]  Maya Gokhale,et al.  A configurable-hardware document-similarity classifier to detect web attacks , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW).

[2]  Joachim Posegga,et al.  Secure Code Generation for Web Applications , 2010, ESSoS.

[3]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[4]  Hinrich Schütze,et al.  Introduction to information retrieval , 2008 .

[5]  Sang-Soo Yeo,et al.  A novel method for SQL injection attack detection based on removing SQL query attribute values , 2012, Math. Comput. Model..

[6]  V. Rao Vemuri,et al.  Using Text Categorization Techniques for Intrusion Detection , 2002, USENIX Security Symposium.

[7]  V. N. Venkatakrishnan,et al.  CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks , 2010, TSEC.

[8]  Tina Eliassi-Rad,et al.  Classification of HTTP Attacks: A Study on the ECML/PKDD 2007 Discovery Challenge , 2009 .

[9]  Juan Jose García Adeva,et al.  Intrusion detection in web applications using text mining , 2007, Eng. Appl. Artif. Intell..

[10]  Niels Provos,et al.  To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads , 2008, USENIX Security Symposium.

[11]  S. Panigrahi,et al.  Prevention of SQL Injection attack using query transformation and hashing , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[12]  Niels Provos,et al.  To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction , 2008 .

[13]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[14]  Úlfar Erlingsson,et al.  Using web application construction frameworks to protect against code injection attacks , 2007, PLAS '07.

[15]  Michael Benedikt,et al.  VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .

[16]  Hiroshi Inamura,et al.  Dynamic test input generation for web applications , 2008, ISSTA '08.

[17]  Christopher Krügel,et al.  SecuBat: a web vulnerability scanner , 2006, WWW '06.

[18]  Zhoujun Li,et al.  SQL Injection Detection via Program Tracing and Machine Learning , 2012, IDCS.

[19]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[20]  Giancarlo Fortino,et al.  Internet and Distributed Computing Systems , 2014, Lecture Notes in Computer Science.

[21]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[22]  Maya Gokhale,et al.  Massively parallel acceleration of a document-similarity classifier to detect web attacks , 2011, J. Parallel Distributed Comput..

[23]  Junho Choi,et al.  Efficient Malicious Code Detection Using N-Gram Analysis and SVM , 2011, 2011 14th International Conference on Network-Based Information Systems.

[24]  Úlfar Erlingsson,et al.  Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.