On the Property of the Distribution of Symbols in SQL Injection Attack
نویسنده
چکیده
SQL injection is an attack of type to insert malicious query via an input form on web site. If SQL injection attack were successful, there are the threats of unauthorized access, information leak or falsification of data for web applications driven database system. In the conventional studies, a lot of prevention and detection methods using pattern matching, parsing or machine learning have been developed. However, it is easy to evade detection by modifying the strings of SQL injection attacks. Therefore, it is very important to investigate the essence of SQL injection attacks for preventing such evasion of detection. In this study, we constructed the feature space by using the property of the distribution of SQL injection attack, and proposed an attack detection method. The result of this study is showing the importance concerning the construction of feature space.
منابع مشابه
Resilient Configuration of Distribution System versus False Data Injection Attacks Against State Estimation
State estimation is used in power systems to estimate grid variables based on meter measurements. Unfortunately, power grids are vulnerable to cyber-attacks. Reducing cyber-attacks against state estimation is necessary to ensure power system safe and reliable operation. False data injection (FDI) is a type of cyber-attack that tampers with measurements. This paper proposes network reconfigurati...
متن کاملVerification of a CFD solver in near ground effect for aerodynamic behavior of airfoil NACA 0015
Numerical investigation was performed on NACA 0015 which is a symmetric airfoil. Pressure distribution and then lift and drag forces are verified. Changing of ground clearance was a considerable point. Also the angle of attack was changed from 0° to 10°. Pressure coefficient reaches its higher amounts on the wing lower surface when the ground clearance diminishes. Increment of the angle of atta...
متن کاملComparison of SQL Injection Detection and Prevention Tools based on Attack Type and Deployment Requirements
SQL injection is a type of attack which the attacker adds Structured Query Language code to a web form input box to gain access or make changes to data. SQL injection vulnerability allows an attacker to flow commands directly to a web application's underlying database and destroy functionality or confidentiality. Researchers have proposed different tools to detect and prevent this vulnerability...
متن کاملA Survey On: Attacks due to SQL injection and their prevention method for web application
In this paper we present a detailed review on various types of SQL injection attacks and prevention technique for web application. Here we are presenting our findings from deep survey on SQL injection attack. This paper is consist of following five section:[1] Introduction, [2]Types of Sql Injection, [3] Related work, [4] Conclusion, And [5] References. Keywords— SQL injection, database securit...
متن کاملDetection Block Model for SQL Injection Attacks
With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in...
متن کامل