SQLProb: a proxy-based architecture towards preventing SQL injection attacks

14 years 6 months ago

Download cs.gmu.edu

SQL injection attacks (SQLIAs) consist of maliciously crafted SQL inputs, including control code, used against Databaseconnected Web applications. To curtail the attackers’ ability to generate such attacks, we propose an SQL Proxy-based Blocker (SQLProb). SQLProb harnesses the eﬀectiveness and adaptivity of genetic algorithms to dynamically detect and extract users’ inputs for undesirable SQL control sequences. Compared to state-of-the-art protection mechanisms, our method does not require any code changes on either the client, the web-server or the back-end database. Rather, our system uses a proxy that seamlessly integrates with existing operational environments oﬀering protection to front-end web servers and back-end databases. To evaluate the overhead and the detection performance of our system, we implemented a prototype of SQLProb which we tested using real SQL attacks. Our experimental results show that we can detect all SQL injection attacks while maintaining very low ...

Anyi Liu, Yi Yuan, Duminda Wijesekera, Angelos Sta

Real-time Traffic

Applied Computing | Back-end Databases | SAC 2009 | Sql Injection Attack | SQL Proxy-based Blocker |

claim paper

Post Info
More Details (n/a)

Added	19 May 2010
Updated	19 May 2010
Type	Conference
Year	2009
Where	SAC
Authors	Anyi Liu, Yi Yuan, Duminda Wijesekera, Angelos Stavrou

Comments (0)

Sciweavers

SQLProb: a proxy-based architecture towards preventing SQL injection attacks

Applied Computing | Back-end Databases | SAC 2009 | Sql Injection Attack | SQL Proxy-based Blocker |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers