Detection and Prevention of SQL Injection Attacks Using Semantic Equivalence

Narayanan, S.; Pais, Alwyn Roshan; Mohandas, Radhesh

doi:10.1007/978-3-642-22786-8_13

Cited by 11 publications

(11 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Query rewriting involves transforming an original query into a more efficient version without altering its semantic meaning. The primary purpose of query rewriting is to optimize query execution by restructuring the query to take advantage of database indexing and other optimization strategies (Narayanan et al, 2011). This transformation process leverages rules and heuristics to modify the query, aiming to reduce the computational overhead and improve performance.…”

Section: Query Rewriting Techniquesmentioning

confidence: 99%

“…Another method is join reordering, which rearranges the order of join operations to exploit indexes and reduce the number of tuples processed. Additionally, subquery unnesting transforms subqueries into equivalent join operations, improving execution efficiency by leveraging the database's join optimization capabilities (Narayanan et al, 2011). These techniques, among others, are widely used to enhance query performance by optimizing the structure and execution plan of SQL queries.…”

Section: Query Rewriting Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

Untitled

2024

AJBAIS

View full text Add to dashboard Cite

Section: Query Rewriting Techniquesmentioning

confidence: 99%

Section: Query Rewriting Techniquesmentioning

confidence: 99%

Untitled

2024

AJBAIS

View full text Add to dashboard Cite

“…Changes in a query's structure when compared with known, valid input indicate a malicious query [23,24]. Some works also focus on common substructures of parse trees [25] or leverage semantic equivalence between queries [26].…”

Section: Related Workmentioning

confidence: 99%

Combinatorial methods for dynamic gray‐box SQL injection testing

Garn

Zivanovic

Leithner

et al. 2022

Software Testing Verif & Rel

View full text Add to dashboard Cite

This work presents an extended and enhanced gray-box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. We propose multiple new attack grammars modelling SQLi attacks against MySQL-compatible databases, each one targeting a different injection context. Additionally, these grammars are also dynamically refined at the beginning of each attack against an endpoint of a web application, as a further optimization of the used attack model by taking into account the specifics of the generated query of that endpoint. Our goal is to enhance existing combinatorial approaches for detecting SQL injection vulnerabilities. The newly developed methodology is implemented in a prototype security testing tool called SQLInjector+, which is an extension of an earlier prototype developed by us in prior work. This improved tool can attack (i.e. test) any web application that uses a MySQL-compatible database management system. We evaluate our revised approach and improved prototype tool in a case study comprising of different kinds of web applications to which SQLi is a potential security threat. The case study contains the well-known verification framework WAVSEP among other five realworld web applications and one web application firewall. Our generated attack vectors, constructed via combinatorial methods applied to our improved and dynamically optimized attack grammars, are capable of injecting every known vulnerable endpoint in WAVSEP and also of finding new vulnerable parameters in some of the real-world applications investigated in this paper. Our approach performs equally well or better when compared with existing state-of-art of SQL injection security testing tools (sqlmap, w3af, wapiti and fuzzdb) across all tested web applications in the case study. K E Y W O R D S combinatorial testing, security testing, gray-box testing, SQL injection, web applications 1 | INTRODUCTIONSQL injection (SQLi) is a well-known type of command injection attack, where an attacker attempts to insert additional content into SQL queries produced by an application that uses databases (DBs) to store and retrieve information. SQLis are some of the most common and most critical vulnerabilities found in web applications according to the most recent OWASP Top 10 report [1] published in 2017 and prior releases [2,3]. This is despite the fact that there exists a large body of work dedicated to this topic, both in terms of detecting and defending against such flaws.The most popular method of identifying SQLis, particularly as part of penetration testing, entails the use of dynamic application security testing tools. Numerous commercial and open-source solutions are available to support this type of security testing effort.

show abstract

“…Parsing Approach is also known as parse tree approach. This is a technique to detect and avoid a SQLIA on the application's URL, was suggested by [23]. In this technique, the SQL_statement_safe query model was developed as a library with a SQL statement syntax grammar.…”

Section: Parsing Approachmentioning

confidence: 99%

SQL Injection Attacks Predictive Analytics Using Supervised Machine Learning Techniques

Jide¹,

Awodele²,

Sunday³

et al. 2020

IJCATR

View full text Add to dashboard Cite

Structured Query Language Injection Attack (SQLIA) is one of the most prevalent cyber attacks against web-based application vulnerabilities; that are manipulated through injection techniques to gain access to restricted data, bypass authentication mechanisms, and execute unauthorized data manipulation language. There are several solutions and approaches for identification and prevention of SQLIA, such as Cryptography, Extensible Markup Language (XML), Pattern Matching, Parsing and Machine Learning. Machine Learning (ML) approach has been found to be profound for SQLIA mitigation, which is implemented through defensive coding approach. Machine Learning Approach requires a lot of data for efficient model training with capability for using several attack patterns. ML approach can be used to mitigate a very hard blind SQL injection attack. An experimental analysis was performed in Waikato Environment for Knowledge Analysis on Logistic Regression (LRN), Stochastic Gradient Descent (SDG), Sequential Minimal Optimization (SMO), Bayes Network (BNK), Instance Based Learner (IBK), Multilayer Perceptron (MLP), Naive Bayes (NBS), and J48. Hold-Out (70%) and 10-fold Cross Validation evaluation techniques were used to evaluate the performance of the supervised learning classification algorithms to choose the best algorithm. The results of Cross Validation technique showed that SMO, IBK and J48 had Accuracy of 99.982%, 99.995% and 99.999% respectively; while Hold-Out technique showed that SMO, IBK and J48 had Accuracy of 99.986 %, 99.989 % and 100 respectively. On the other hand, in Cross Validation technique SMO, IBK and J48 had time to build model value of 10.15sec, 0.06sec, and 14.12sec respectively while in Hold-Out technique SMO, IBK and J48 had time to build model value of 9.71sec, 0.16sec and 14.28sec respectively. From the findings, IBK had the minimum time to build model in Cross Validation technique in addition to better performance in Accuracy, Sensitivity as well as Specificity and was chosen as the classifier for SQLIA detection and prevention. Therefore, beyond Accuracy, other performance evaluation metrics are critical for optimal algorithm selection for predictive analytics.

show abstract

Detection and Prevention of SQL Injection Attacks Using Semantic Equivalence

Cited by 11 publications

References 7 publications

Untitled

Untitled

Combinatorial methods for dynamic gray‐box SQL injection testing

SQL Injection Attacks Predictive Analytics Using Supervised Machine Learning Techniques

Contact Info

Product

Resources

About