Das2019_Article_DefeatingSQLInjectionAttackInA.pdf
Terbatas  karya
» Gedung UPT Perpustakaan
Terbatas  karya
» Gedung UPT Perpustakaan
Whenever web-application executes dynamic
SQL statements it may come under SQL injection attack.
To evaluate the existing practices of its detection, we con-
sider two different security scenarios for the
web-application
authentication that generates dynamic SQL query with the
user input data. Accordingly, we generate two different
datasets by considering all possible vulnerabilities in the
run-time queries. We present proposed approach based on
edit-distance
to classify a dynamic SQL query as
normal
or
malicious
using web-profile prepared with the dynamic SQL
queries during training phase. We evaluate the dataset using
proposed approach and some well-known supervised clas-
sification approaches. Our proposed method is found more
effective in detecting SQL injection attack under both the
scenarios of authentication security.