Learning Fingerprints for a Database Intrusion Detection System
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Kernel methods for relation extraction
The Journal of Machine Learning Research
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
ACL '02 Proceedings of the 40th Annual Meeting on Association for Computational Linguistics
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Hi-index | 0.00 |
Database systems are indispensable in modern web applications in order to process and store business information. Due to the contained valuable information, these systems are highly interesting to hackers and their diverse and enormous amount of attacks severely undermine the effectiveness of classical signature-based detection. In this work we propose a novel hybrid approach for learning SQL statements with program tracing techniques in order to detect malicious behavior between the database and application. The approach incorporates the program trace hashing technique and tree structure of SQL queries as well as query name similarity as characteristic to distinguish malicious from benign queries. An prototype learning system integrated in PHP is demonstrated to show the usefulness of our approach on real-world application.