SQL injection detection via program tracing and machine learning

Authors:
Yi Wang;Zhoujun Li
Affiliations:
State Key Laboratory of Software Development Enviroment, Beihang University, Beijing, China;State Key Laboratory of Software Development Enviroment, Beihang University, Beijing, China
Venue:
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Year:
2012

Citing 13
Cited 0

Learning Fingerprints for a Database Intrusion Detection System

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Kernel methods for relation extraction

The Journal of Machine Learning Research
Anomaly detection of web-based attacks

Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
New ranking algorithms for parsing and tagging: kernels over discrete structures, and the voted perceptron

ACL '02 Proceedings of the 40th Annual Meeting on Association for Computational Linguistics
Using parse tree validation to prevent SQL injection attacks

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
Sound and precise analysis of web applications for injection vulnerabilities

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static detection of cross-site scripting vulnerabilities

Proceedings of the 30th international conference on Software engineering
Incorporation of Application Layer Protocol Syntax into Anomaly Detection

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Automatic generation of XSS and SQL injection attacks with goal-directed model checking

SS'08 Proceedings of the 17th conference on Security symposium
Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract)

DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A multi-model approach to the detection of web-based attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Swaddler: an approach for the anomaly-based detection of state violations in web applications

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Database systems are indispensable in modern web applications in order to process and store business information. Due to the contained valuable information, these systems are highly interesting to hackers and their diverse and enormous amount of attacks severely undermine the effectiveness of classical signature-based detection. In this work we propose a novel hybrid approach for learning SQL statements with program tracing techniques in order to detect malicious behavior between the database and application. The approach incorporates the program trace hashing technique and tree structure of SQL queries as well as query name similarity as characteristic to distinguish malicious from benign queries. An prototype learning system integrated in PHP is demonstrated to show the usefulness of our approach on real-world application.