An adaptive algorithm to prevent SQL injection

@inproceedings{John2015AnAA,
  title={An adaptive algorithm to prevent SQL injection},
  author={Ashish John and Ajay Kumar Agarwal and Manish Bhardwaj},
  year={2015}
}
SQL Injection attacks are one of the top most threats for application written for the web. SQL Injection is a type of attack in which the attacker uses SQL commands to gain access or make changes to data. It allows attacker to obtain unauthorized access to the database to change the intended queries. In the web environment, end user privacy is one of the most controversial legal issues. Using SQL Injection, an attacker can leak confidential information such as credit card no. ATM Pin, User… Expand
7 Citations
A Detailed Study on Prevention of SQLI attacks for Web Security
TLDR
This paper presents different techniques and tools which can prevent various attacks of SQL injection, and efficiently blocked all the attacks without generating any false positive. Expand
Detecting SQL Injection Attacks in Web Application Using REGEX and Query Result Size
Nowadays, web applications are essential part in the real world environment. Nearly each and every major organization has a web presence. Most of these firms and organizations use web applications toExpand
A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm
TLDR
The proposed Knuth-Morris-Pratt string matching algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code and proved to be more effective in detecting and preventing SQL injection and XSS attacks. Expand
A Two-Phase Pattern Matching-parse Tree Validation Approach for Efficient SQL Injection Attacks Detection
TLDR
An algorithm was proposed that is based on the combination of two of the existing detection algorithms: pattern matching algorithm using Aho-Corasick (AC) and PT that guarantees high accuracy and reasonable time. Expand
Intelligent Vulnerability Analyzer – A Novel Dynamic Vulnerability Analysis Framework for Mobile Based Online Applications
TLDR
In the proposed approach, the external attacks occurred due to dynamic user inputs are identified using heuristic guided intelligent graph searching performed by the Intelligent Vulnerability Analyzer Agent (IVA). Expand
An Agent Based Intelligent Dynamic Vulnerability Analysis Framework for Critical SQLIA Attacks: Intelligent SQLIA Vulnerability Analyzer Agent
TLDR
An intelligent agent namely intelligent vulnerability analyzer agent (IVA) is proposed in which the external attacks due to dynamic user inputs are identified using a heuristic-guided intelligent graph searching and then a pre and post condition based analysis is performed to identify the dynamic vulnerabilities. Expand
SQL Injection Behavior Mining Based Deep Learning
TLDR
The scheme proposed in this article extracts the characteristics of the HTTP traffic in the training sets and uses the deep neural network LSTM and the MLP training data sets, the final predictive capacity of the testing sets is over 99%. Expand

References

SHOWING 1-10 OF 10 REFERENCES
An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching
TLDR
Malicious Text Detector, Constraint Validation, Query length validation and Text based Key Generator are the four types of filtration technique used to detect and prevent the SQL Injection Attacks from accessing the database. Expand
A Classification of SQL-Injection Attacks and Countermeasures
TLDR
An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections. Expand
Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries
TLDR
This paper proposes a very simple, effective and time saving technique to detectSQLIAs which uses combined static and dynamic analysis and also defines an attack other than existing classification of SQLIAs. Expand
SQL Injection Detection and Prevention Using Input Filter Technique
TLDR
Based on the observation that the injected string in a SQL injection attack is interpreted differently on different databases, a novel and effective solution to solve this problem is proposed to detect various types of SQLIA. Expand
Using parse tree validation to prevent SQL injection attacks
TLDR
A technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities is described, based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input. Expand
A survey of SQL injection defense mechanisms
TLDR
This survey has presented and analyzed six different SQL Injection prevention techniques which can be used for securing the data storage over the Internet. Expand
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
TLDR
A new technique using a model-based approach to detect illegal queries before they are executed on the database and was able to stop all of the attempted attacks without generating any false positives. Expand
Internet Security Enters the Middle Ages
TLDR
The Internet has just entered the Middle Ages; the simple security model of the Stone Age still works for single hosts and LANs, but it no longer works for WANs in general and the Internet in particular. Expand
and Raman Kumar " Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries " I
  • J . Computer Network and Information Security
  • 2013
Ramaraj "An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching" International Conference on Communication Technology and System Design
  • ICCTSD
  • 2011