Sciweavers

SAC
2009
ACM

SQLProb: a proxy-based architecture towards preventing SQL injection attacks

14 years 7 months ago
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
SQL injection attacks (SQLIAs) consist of maliciously crafted SQL inputs, including control code, used against Databaseconnected Web applications. To curtail the attackers’ ability to generate such attacks, we propose an SQL Proxy-based Blocker (SQLProb). SQLProb harnesses the effectiveness and adaptivity of genetic algorithms to dynamically detect and extract users’ inputs for undesirable SQL control sequences. Compared to state-of-the-art protection mechanisms, our method does not require any code changes on either the client, the web-server or the back-end database. Rather, our system uses a proxy that seamlessly integrates with existing operational environments offering protection to front-end web servers and back-end databases. To evaluate the overhead and the detection performance of our system, we implemented a prototype of SQLProb which we tested using real SQL attacks. Our experimental results show that we can detect all SQL injection attacks while maintaining very low ...
Anyi Liu, Yi Yuan, Duminda Wijesekera, Angelos Sta
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where SAC
Authors Anyi Liu, Yi Yuan, Duminda Wijesekera, Angelos Stavrou
Comments (0)