A Parse Tree-Based NoSQL Injection Attacks Detection Mechanism
نویسندگان
چکیده
Nowadays, many IT giants such as Facebook, Google, and Amazon adopt non-relational database (NoSQL, Not only SQL) technologies to manage their systems. Although these kind of database technologies have made outstanding contributions to the development of the IT industry, it also exposed some security risks such as SQL injection attacks. Up to now, there are many solutions to counter SQL injection attacks in SQL databases. However, there exist few approaches to counter injection attacks in NoSQL databases. So, how to design an effective NoSQL injection attacks detecting mechanism becomes a subject worthy of in-depth study. In this paper, we based on semantic structure analysis of execution statements to propose a detection approach using parse tree. Based on this approach, we focus on MongoDB to propose a dynamic NoSQL injection attacks detection mechanism in the web environment called DND. It does not require access to or modifying source codes, rewriting source codes with extra libraries, or complex assisted devices. Finally, the experimental results are shown that DND has high accuracy rates, low false positive rates, and low response time.
منابع مشابه
No SQL, No Injection? Examining NoSQL Security
NoSQL data storage systems have become very popular due to their scalability and ease of use. This paper examines the maturity of security measures for NoSQL databases, addressing their new query and access mechanisms. For example the emergence of new query formats makes the old SQL injection techniques irrelevant, but are NoSQL databases immune to injection in general? The answer is NO. Here w...
متن کاملAnomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملReset Tree-Based Optical Fault Detection
In this paper, we present a new reset tree-based scheme to protect cryptographic hardware against optical fault injection attacks. As one of the most powerful invasive attacks on cryptographic hardware, optical fault attacks cause semiconductors to misbehave by injecting high-energy light into a decapped integrated circuit. The contaminated result from the affected chip is then used to reveal s...
متن کاملDetecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning
The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...
متن کامل