Online Database Intrusion Detection System Based on Query Signatures
DOI:
https://doi.org/10.21928/juhd.v3n1y2017.pp282-287Keywords:
SQL injection, Web application, Database Intrusion Detection System, Hash function, SqlmapprojectAbstract
SQL injection (SQLI) is a major type of attack that threatens the integrity, confidentiality and authenticity or functionality of any database driven web application. It allows the attacker to gain unauthorized access to the back-end database by exploiting the vulnerabilities within the system in order to commit an attack and access resources. Database Intrusion Detection System (DIDS) is the defense against SQLI that is used as a detection and prevention technique to protect any database driven web application. In this paper a proposed system is presented to protect the web application from SQLI. This proposed system uses a new technique of signature- based detection. It depends on secure hash algorithm (SHA-1), which is used to check the signature for the submitted queries and to decide whether these queries are valid, or not. The proposed system can distinguish and prevent hacking attempts by detecting the attacker, blocking his/her request, and preventing him/her from accessing the web application again. The proposed system was tested using Sqlmapproject attacking tool. Sqlmapproject was used to attack the web application (built using PHP and MySQL server) before and after protection. The results show that the proposed system works correctly and it can protect the web application system with good performance and high efficiency.
References
[2]OWASP. SQL Injection. Available from: https://www.owasp.org/index.php/SQL_Injection.
[3] Kumar, P. and R. Pateriya. A survey on SQL injection attacks, detection and prevention techniques. in Computing Communication & Networking Technologies (ICCCNT), Third International Conference on. 2012. IEEE.
[4] Kemalis, K. and T. Tzouramanis. SQL-IDS: a specification-based approach for SQL-injection detection. in Proceedings of the 2008 ACM symposium on Applied computing. 2008. ACM.
[5] w3resource. SQL Injection. 2016; Available from: http://www.w3resource.com/sql/sql-injection/sql-injection.php.
[6] Kerner, S.M., How Was SQL Injection Discovered?, in eSecurityPlanet. 2013
[7] Chung, C.Y., M. Gertz, and K. Levitt, Demids: A misuse detection system for database systems, in Integrity and Internal Control in Information Systems. 2000, Springer. p. 159-178.
[8] Lee, V.C., J.A. Stankovic, and S.H. Son. Intrusion detection in real-time database systems via time signatures. in Real-Time Technology and Applications Symposium, 2000. RTAS 2000. Proceedings. Sixth IEEE. 2000.
[9] Low, W.L., J. Lee, and P. Teoh. DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions. in ICEIS. 2002..
[10] Sharma, A., DIDAR–Database Intrusion Detection with Automated Recovery. National Institute of Technology, 2007.
[11] Kemalis, K. and T. Tzouramanis. SQL-IDS: a specification-based approach for SQL-injection detection. in Proceedings of the 2008 ACM symposium on Applied computing. 2008.
[12] Randhe, K. and V. Mogal, Defense against SQL Injection and Cross Site Scripting Vulnerabilities, International Journal of Science and Research (IJSR), Volume 3 Issue 11, November 2014.
[13] Ali, S., S. Shahzad, and H. Javed, Sqlipa: An authentication mechanism against sql injection. European Journal of Scientific Research, 2009.
[14] Hidhaya, S.F. and A. Geetha, Intrusion Protection against SQL Injection Attacks Using a Reverse Proxy. SIPM, FCST, ITCA, WSE, ACSIT, CS & IT, 2012.
[15] Swamy, S., P. Kumar, and V. DEV, IMPR OVED AUTHENTICATION TECHNIQUE TO PROTEC T WEB APPLICATIONS. International Journal of Computer Science and Engineering (IJCSE) ISSN (P): p. 2278-9960.
[16] Mehta, P., J. Sharda, and M.L. Das. SQLshield: Preventing SQL Injection Attacks by Modifying User Input Data. in International Conference on Information Systems Security, Springer 2015..
[17] Latha, R. and E. Ramaraj, SQL Injection Detection Based On Replacing the SQL Query Parameter Values. International Journal of Advanced Trends in Computer Science and Engineering · August 2015
[18] Parchand, D. and H. Khanuja, Framework to Detect Malicious Transactions in Database System. International Journal of Computer Applications, 2015..
[19] Souissi, S. Toward a novel classification-based attack detection and response architecture. in Network of the Future (NOF), 2015 6th International Conference on the. IEEE, 2015..
[20] Kar, D., S. Panigrahi, and S. Sundararajan. SQLiDDS: SQL injection detection using query transformation and document similarity. in International Conference on Distributed Computing and Internet Technology. V, 2015..
[21] Sqlmapproject package avilible from:
https://pypi.python.org/pypi/sqlmap
