One of the most common security attack for web application is SQL injection. It is an attack to acquire access to application's database through injection of script or malicious query attributes. This attack can be executed in any page of web application which interacts with database. SQL injection could be more dangerous if the victim was an enterprise system such as online banking.
Many methods have been researched and developed to prevent SQL injection attacks. One of them is the use of a honeypot. This paper proposed a method for increasing system's capability to detect and prevent SQL injection attacks based on removal of SQL query attribute values and honeypot for trapping attackers. A honeypot is placed as decoy system to hide actual web server from attacker.Malicious queries from attackers will be sent to honeypot while normal queries will be sent directly to the real web server. Honeypot is also used to provide activity logging of each attack which can be used for further analysis. We play with Raspberry Pi because it is cheap and effective to be used as a honeypot. Due to its limited computational ability, we make cluster to improve its power. Based on conducted experiments, we could achieve up to 64% accuracy of SQL injection attack. Moreover, with the redirection, our honeypot could get more attack data to be analyzed.
Detecting exploits is crucial since the effect of undetected ones can be devastating. Identifying their presence on the network allows us to respond and block their malicious payload before they cause damage to the system. Inspecting the payload of network traffic may offer better performance in detecting exploits as they tend to hide their presence and behave similarly to legitimate traffic. Previous works on deep packet inspection for detecting malicious traffic regularly read the full length of application layer messages. As the length varies, longer messages will take more time to analyse, during which time the attack creates a disruptive impact on the system. Hence, we propose a novel early exploit detection mechanism that scans network traffic, reading only 35.21% of application layer messages to predict malicious traffic while retaining a 97.57% detection rate and a 1.93% false positive rate. Our recurrent neural network- (RNN-) based model is the first work to our knowledge that provides early prediction of malicious application layer messages, thus detecting a potential attack earlier than other state-of-the-art approaches and enabling a form of early warning system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.