The query process allows the attacker to achieve uncertified access to the back-end server and database, and remove or change sensitive information. It could be threatened because of interaction of code and data. SQL-Injection, cross-site scripting (XSS), cross-site request forgery (XSRF) are some examples of vulnerabilities. Injection Attacks exploit vulnerabilities of Web pages by inserting and executing malicious. We are proposing SVM (Support Vector Machine) for grouping and prediction of SQL Injection attacks. SQL Injection attack identification or detection accuracy is considerably better among the existing SQL-Injection detection techniques. The proposed framework reduces radically the runtime monitoring overhead. It is focusing only on SQL query conditions and program fragments that are vulnerable to injection attacks.
Ritu Awasthi, Dharmendra Mangal
SQL Injection, Support Vector Machine, Malicious Code, Information Security.
- A. Tajpour, M. Massrum and M. Z. Heydari, “Comparison of SQL Injection Detection and Prevention Techniques”, 2nd IEEE International Conference on Education Technology and Computer (ICETC), 2010.
- E. Athanasopoulos, V. Pappas, A. Krithinakis, S. Ligouras, E. P. Markatos, and T. Karagiannis, “xjs: practical xss prevention for web application development”, In Proceedings of the 2010 USENIX conference on Web application development, Berkeley, CA, USA: USENIX Association, 2010, pp. 13-19.
- G. J. William and A. Orso, “AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks”, In International Conference on Automated Software Engineering (ASE), 2005.
- Kiezun VA., P. J. Guo, K. Jayaraman, and M. D. Ernst, “Automatic creation of SQL injection and cross-site scripting attacks”, 31st IEEE International Conference on Software Engineering (ICSE), 2009, pp. 199-209.
- K. G. Popstojanova, G. Anastasovski, and R. Pantev, “Classification of malicious Web sessions”, 21st IEEE International Conference on Computer Communications and Networks (ICCCN), 2012.
- M. Stephen, P. P. Reddy, C. D. Naidu, and C. Rajesh, “Prevention of cross site scripting with E-Guard algorithm”, International Journal of Computer Applications, Vol. 22, No. 5, pp. 30-34, 2011.
- M. Ruse, T. Sarkar, and S. Basu, “Analysis & detection of sql injection vulnerabilities via automatic test case generation of programs”, In Proceedings of the 10th IEEE/IPSJ International Symposium on Applications and the Internet, Washington, DC, USA: IEEE Computer Society, 2010, pp. 31-37.
- I. Balasundaram, & E. Ramaraj, “An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching”, In Proceedings of the IEEE International Conference on Communication Technology and System Design, 2012, pp. 183-190.
- Peter Scherer, Martin Vicher, Jan Martinovic, “Using SVM and clustering algorithms in IDS systems”, In Proceeding of Dateso, 2011, pp. 109-119.
- S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar, and M. D. Ernst, “Finding bugs in web applications using dynamic test generation and explicit-state model checking”, IEEE Transaction Software. Engineering, Vol. 36, No. 4, 2010, pp. 474-494.
- Tiwari V., Lenka S.K. & Gupta S., "Performance Evolution of Java Remote Method Invocation and Mobile Agent Techniques in Context of Distributed Environment", IEEE International Conference on Networking and Information Technology (ICNIT), Manila, Philippines, 2010.
- V. Shanmughaneethi, Y. Pravin, Ra., E. Shyni & S. Swamynathan, “SQLIVD - AOP: Preventing SQL Injection Vulnerabilities Using Aspect Oriented Programming through Web Services”, Communications in Computer and Information Science, Vol.169, 2011, pp. 327-337.
- X. Fu , K. Qian, “SAFELI-SQL Injection Scanner Using Symbolic Execution”, In Proceedings of the ACM 2008 workshop on Testing, analysis, and verification of web services and applications, 2008, pp. 34-39.
- Tiwari V., V. Tiwari, S. Gupta, R. Tiwari., "Association Rule Mining: A Graph based approach for mining Frequent Itemsets", IEEE International Conference on Networking and Information Technology (ICNIT 2010) Manila, Philippines, IEEE.
- Y. Minamide, “Static Approximation of Dynamically Generated Web Pages”, In International Conference on World Wide Web (WWW), 2005.
- Tiwari V., Gupta S., & Mishra R., "Computational Study of .NET Remoting and Mobile Agent in Distributed Environment", International Journal of Computing, Vol. 2, Issue 6,PP. 34-39, DBLP, 2010.
- Nema A., Basant T., & Vivek T., "Improving Accuracy for Intrusion Detection through Layered Approach Using Support Vector Machine with Feature Reduction", In Symposium ACM Women in Research, Indore, 2016.
|Published in :
||Volume 2 | Issue 3 | May-June - 2016
|Date of Publication
Cite This Article
Ritu Awasthi, Dharmendra Mangal , "An Approach Based on SVM Classifier to Detect SQL Injection Attack", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 3, pp.256-260, May-June-2016.
URL : http://ijsrset.com/IJSRSET1622417.php