Information-Theoretic Detection of SQL Injection Attacks

@article{Shahriar2012InformationTheoreticDO,
  title={Information-Theoretic Detection of SQL Injection Attacks},
  author={Hossain Shahriar and Mohammad Zulkernine},
  journal={2012 IEEE 14th International Symposium on High-Assurance Systems Engineering},
  year={2012},
  pages={40-47}
}
SQL Injection (SQLI) is a wide spread vulnerability commonly found in web-based programs. Exploitations of SQL injection vulnerabilities lead to harmful consequences such as authentication bypassing and leakage of sensitive personal information. Therefore, SQLI needs to be mitigated to protect end users. In this work, we present a novel approach to detect SQLI attacks based on information theory. We compute the entropy of each query present in a program accessed before program deployment… CONTINUE READING
Highly Cited
This paper has 30 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 22 extracted citations

MotionSure: A cloud-based algorithm for detection of injected object in data in motion

2017 IEEE 4th International Conference on Smart Instrumentation, Measurement and Application (ICSIMA) • 2017
View 1 Excerpt

References

Publications referenced by this paper.
Showing 1-10 of 29 references

Worm Detection at Network Endpoints Using Information-Theoretic Traffic Perturbations

2008 IEEE International Conference on Communications • 2008
View 4 Excerpts
Highly Influenced

Effective Detection of Active Worms with Varying Scan Rate

2006 Securecomm and Workshops • 2006
View 4 Excerpts
Highly Influenced

A network based vulnerability scanner for detecting SQLI attacks in web applications

2012 1st International Conference on Recent Advances in Information Technology (RAIT) • 2012
View 1 Excerpt

Automated Security Analysis of Dynamic Web Applications through Symbolic Code Execution

2012 Ninth International Conference on Information Technology - New Generations • 2012
View 2 Excerpts

An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection

N. Khoury, P. Zavarsky, D. Lindskig, R. Ruhl
Proc. of the 3 International Conference on Privacy, Security, Risk and Trust (PASSAT), Boston, MA, October 2011, pp. 1095-1101. • 2011
View 1 Excerpt

Injection Attack Detection Using the Removal of SQL Query Attribute Values

2011 International Conference on Information Science and Applications • 2011
View 1 Excerpt

An information-theoretic model for resource-constrained systems

2010 IEEE International Conference on Systems, Man and Cybernetics • 2010
View 1 Excerpt

Similar Papers

Loading similar papers…