IJSEA Archive (Volume 2, Issue 6)
International Journal of Science and Engineering Applications (IJSEA) (Volume 2, Issue 6 - June 2013)
Preventing SQL-BasedAttacks Using Intrusion Detection System
Keywords: SQL injection, Intrusion detection, anomaly detection, misuse detection.
With the advancement of technology everyone is using computer and web applications. These web applications
can be easily made by using rapid application development environments by developers. But they do not
consider security aspect necessary in the process of providing attractive functionalities & also they are
not experts in that field. This make web applications vulnerable to several attacks. Among these attacks
SQL injection is considered most dangerous vulnerability. This paper describes various approaches used by
authors to prevent SQL injection attack using various methods like intrusion detection, black box testing
etc.
[1] José Fonseca, Marco Vieira, and Henrique Madeira, “Detecting malicious SQL,” ESTG-ISUC, 2007.
[2] Open web application security project.Thetoplist of most severe web application
vulnerabilities, 2004.
[3] Christian Bockermann, Martin Apel, and Michael Meier, “Learning SQL for Database Intrusion
Detection Using Context-Sensitive Modelling(Extended Abstract),” Artificial Intelligence Group, Information
Systems and Security Group ,Department of Computer Science TechnischeUniversit¨at Dortmund,2009.
[4] Fredrik Valeur, Darren Mutz, and Giovanni Vigna, “A Learning-Based Approach to the
Detection of SQL Attacks,” Reliable Software Group, Department of Computer Science, University of
California, Santa Barbara , 2005.
[5] Jin-Cherng Lin, Jan-Min Chen and Hsing-Kuo Wong, “An Automatic Meta-revised Mechanism for
Anti-malicious Injection,” The Dept. of Computer Sci&Eng, Tatung University, Taipei 10451, Taiwan, The
Dept. of Information Management, Yu Da College of Business Miaoli 36143,Taiwan, Chung-shan Institute of
Science and Technology, 2007.
[6] Orlando Karam and Svetlana Peltsverger, “Teaching with security in mind,” Department of
Computer Science and Software Engineering School of Computing and Software Engineering Southern Polytechnic
State University Marietta, GA 30060, 2009
[7] Lee, S.-Y., Low, W.L., Wong, P.Y.: “Learning fingerprints for a database intrusion
detection system.” In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp.
264–280. Springer, Heidelberg , 2002.
[8] CristianPinzón, Álvaro Herrero, Juan F. De Paz, Emilio Corchado,and Javier Bajo,
CBRid4SQL: “A CBR Intrusion Detector for SQLInjection Attacks,”HAIS 2010, Part II, LNAI 6077, pp. 510–519,
2010. © Springer-Verlag Berlin Heidelberg, 2010.
[9] JaroslawSkaruz, FranciszekSeredynski, and Pascal Bouvry, “Tracing SQL attacks via neural
networks,”PPAM 2007, LNCS 4967, pp. 549–558, 2008._c Springer-Verlag Berlin Heidelberg, 2008.
[10] JaroslawSkaruz, Jerzy PawelNowacki, AldonaDrabik,FranciszekSeredynski, and Pascal Bouvry,
“Soft computing techniques for intrusion detection of SQL based attacks,” ACIIDS 2010, Part I, LNAI 5990,
pp. 33–42, 2010.c_Springer-Verlag Berlin Heidelberg 2010.
[11] Sin Yeung Lee, WaiLup Low, and Pei Yuen Wong, “Learning fingerprints for database
Intrusion detection system,”ESORICS 2002, LNCS 2502, pp. 264–279, 2002.c_Springer-Verlag Berlin Heidelberg,
2002.
[12]Mehdi Kiani, Andrew Clark and George Mohay, “Evaluation of Anomaly Based Character
DistributionModels in the Detection of SQL Injection Attacks,” 0-7695-3102-4, 2008 IEEE, 2008.
[13] AziahAsmawi, Zailani Mohamed Sidek and ShukorAbdRazak, “System Architecture for SQL
Injection and Insider Misuse Detection Systemfor DBMS,” Faculty of Computer Science and Information System
UniversitiTeknologi Malaysia 978-1-4244-2328-6, IEEE, 2008.
[14] Abdul Razzaq, Ali Hur, NasirHaider, Farooq Ahmad, “Multi-Layered Defense against Web
Application Attacks,” NUST School of Electrical Engineering and Computer Sciences,
Pakistan, 978-0-7695-3596-8, © 2009 IEEE DOI 10.1109/ITNG.2009.77, 2009.
[15] Angelo Ciampa, Corrado Aaron Visaggio and Massimiliano Di Penta, “A heuristic-based
approach for detecting SQL-injection vulnerabilities in Web applications,” ACM, 978-1-60558-965-7, 2010.
[16] StephenW. Boyd and Angelos D. Keromytis, SQLrand: “Preventing SQL Injection Attacks,”
Springer-Verlag Berlin Heidelberg, 2004.
@article{manjuKhari02061006,
title = "Preventing SQL-BasedAttacks Using Intrusion Detection System ",
journal = "International Journal of Science and Engineering Applications (IJSEA)",
volume = "2",
number = "6",
pages = "145 - 150",
year = "2013",
author = "ManjuKhari, Anjali Karar ",
}