IJSRSET calls volunteers interested to contribute towards the scientific development in the field of Science, Engineering and Technology

Home > IJSRSET1622417                                                     


An Approach Based on SVM Classifier to Detect SQL Injection Attack

Authors(2):

Ritu Awasthi, Dharmendra Mangal
  • Abstract
  • Authors
  • Keywords
  • References
  • Details
The query process allows the attacker to achieve uncertified access to the back-end server and database, and remove or change sensitive information. It could be threatened because of interaction of code and data. SQL-Injection, cross-site scripting (XSS), cross-site request forgery (XSRF) are some examples of vulnerabilities. Injection Attacks exploit vulnerabilities of Web pages by inserting and executing malicious. We are proposing SVM (Support Vector Machine) for grouping and prediction of SQL Injection attacks. SQL Injection attack identification or detection accuracy is considerably better among the existing SQL-Injection detection techniques. The proposed framework reduces radically the runtime monitoring overhead. It is focusing only on SQL query conditions and program fragments that are vulnerable to injection attacks.

Ritu Awasthi, Dharmendra Mangal

SQL Injection, Support Vector Machine, Malicious Code, Information Security.

  1. A. Tajpour, M. Massrum and M. Z. Heydari, “Comparison of SQL Injection Detection and Prevention Techniques”, 2nd IEEE International Conference on Education Technology and Computer (ICETC), 2010.
  2. E. Athanasopoulos, V. Pappas, A. Krithinakis, S. Ligouras, E. P. Markatos, and T. Karagiannis, “xjs: practical xss prevention for web application development”, In Proceedings of the 2010 USENIX conference on Web application development, Berkeley, CA, USA: USENIX Association, 2010, pp. 13-19.
  3. G. J. William and A. Orso, “AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks”, In International Conference on Automated Software Engineering (ASE), 2005.
  4. Kiezun VA., P. J. Guo, K. Jayaraman, and M. D. Ernst, “Automatic creation of SQL injection and cross-site scripting attacks”, 31st IEEE International Conference on Software Engineering (ICSE), 2009, pp. 199-209.
  5. K. G. Popstojanova, G. Anastasovski, and R. Pantev, “Classification of malicious Web sessions”, 21st IEEE International Conference on Computer Communications and Networks (ICCCN), 2012.
  6. M. Stephen, P. P. Reddy, C. D. Naidu, and C. Rajesh, “Prevention of cross site scripting with E-Guard algorithm”, International Journal of Computer Applications, Vol. 22, No. 5, pp. 30-34, 2011.
  7. M. Ruse, T. Sarkar, and S. Basu, “Analysis & detection of sql injection vulnerabilities via automatic test case generation of programs”, In Proceedings of the 10th IEEE/IPSJ International Symposium on Applications and the Internet, Washington, DC, USA: IEEE Computer Society, 2010, pp. 31-37.
  8. I. Balasundaram, & E. Ramaraj, “An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching”, In Proceedings of the IEEE International Conference on Communication Technology and System Design, 2012, pp. 183-190.
  9. Peter Scherer, Martin Vicher, Jan Martinovic, “Using SVM and clustering algorithms in IDS systems”, In Proceeding of Dateso, 2011, pp. 109-119.
  10. S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar, and M. D. Ernst, “Finding bugs in web applications using dynamic test generation and explicit-state model checking”, IEEE Transaction Software. Engineering, Vol. 36, No. 4, 2010, pp. 474-494.
  11. Tiwari V., Lenka S.K. & Gupta S., "Performance Evolution of Java Remote Method  Invocation   and   Mobile   Agent  Techniques in Context of Distributed  Environment", IEEE International Conference on Networking and Information Technology (ICNIT), Manila, Philippines, 2010.
  12. V. Shanmughaneethi, Y. Pravin, Ra., E. Shyni & S. Swamynathan, “SQLIVD - AOP: Preventing SQL Injection Vulnerabilities Using Aspect Oriented Programming through Web Services”, Communications in Computer and Information Science, Vol.169, 2011, pp. 327-337.
  13. X.  Fu , K. Qian, “SAFELI-SQL Injection Scanner Using Symbolic Execution”, In Proceedings of the ACM 2008 workshop on Testing, analysis, and verification of web services and applications, 2008, pp.  34-39.
  14. Tiwari V.,  V. Tiwari, S. Gupta, R. Tiwari., "Association Rule Mining: A Graph based approach for mining Frequent Itemsets", IEEE International Conference on Networking and Information Technology (ICNIT 2010) Manila, Philippines, IEEE.
  15. Y. Minamide, “Static Approximation of Dynamically Generated Web Pages”, In International Conference on World Wide Web (WWW), 2005.
  16. Tiwari V., Gupta S., & Mishra R., "Computational Study of .NET Remoting   and   Mobile   Agent in Distributed   Environment", International Journal of Computing, Vol. 2, Issue 6,PP. 34-39, DBLP, 2010.
  17. Nema A., Basant T., & Vivek T., "Improving Accuracy for Intrusion Detection through Layered Approach Using Support Vector Machine with Feature Reduction", In Symposium ACM Women in Research, Indore, 2016.

Publication Details

Published in : Volume 2 | Issue 3 | May-June - 2016
Date of Publication Print ISSN Online ISSN
2016-06-30 2395-1990 2394-4099
Page(s) Manuscript Number   Publisher
256-260 IJSRSET1622417   Technoscience Academy

Cite This Article

Ritu Awasthi, Dharmendra Mangal , "An Approach Based on SVM Classifier to Detect SQL Injection Attack", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 3, pp.256-260, May-June-2016.
URL : http://ijsrset.com/IJSRSET1622417.php

IJSRSET Xplore

Subscribe

Conferences

National Conference on Advances in Mechanical Engineering 2017(NCAME 2017)

National Conference on Emerging Trends in Civil Engineering 2017( NCETCE 2017)