Article Details

Defeating SQL injection attack in authentication security: an experimental study

Oleh   undefined [2017]
Kontributor / Dosen Pembimbing : Utpal Sharma.; D. K. Bhattacharyya
Jenis Koleksi : Jurnal elektronik
Penerbit : STEI - Teknik Informatika
Fakultas : Sekolah Teknik Elektro dan Informatika (STEI)
Subjek :
Kata Kunci : Web-application · SQL injection · Naive Bayes · SVM · Tree-based · Edit-distance · Classification
Sumber : Springer-Verlag GmbH Germany 2017
Staf Input/Edit : karya  
File : 1 file
Tanggal Input : 2019-01-24 10:51:45

Generic placeholder image

» Gedung UPT Perpustakaan

Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we con- sider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised clas- sification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security.