DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data

Gu, Haifeng; Zhang, Jianning; Liu, Tian; Hu, Ming; Zhou, Junlong; Wei, Tongquan; Chen, Mingsong

doi:10.1109/tr.2019.2925415

Cited by 42 publications

(16 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, vulnerabilities exist in the databases themselves (Gu et al, 2019 ). For example, there are authentication weaknesses in databases (such as the large and cross-platform MongoDB database program) that can be exploited through cyber-attacks (described in more detail in Table 2 , Supplementary Table 1 ).…”

Section: Resultsmentioning

confidence: 99%

A Systematic Review of the Criminogenic Potential of Synthetic Biology and Routes to Future Crime Prevention

Elgabry

Nesbeth

Johnson

2020

Front. Bioeng. Biotechnol.

View full text Add to dashboard Cite

Synthetic biology has the potential to positively transform society in many application areas, including medicine. In common with all revolutionary new technologies, synthetic biology can also enable crime. Like cybercrime, that emerged following the advent of the internet, biocrime can have a significant effect on society, but may also impact on peoples' health. For example, the scale of harm caused by the SARS-CoV-2 pandemic illustrates the potential impact of future biocrime and highlights the need for prevention strategies. Systematic evidence quantifying the crime opportunities posed by synthetic biology has to date been very limited. Here, we systematically reviewed forms of crime that could be facilitated by synthetic biology with a view to informing their prevention. A total of 794 articles from four databases were extracted and a three-step screening phase resulted in 15 studies that met our threshold criterion for thematic synthesis. Within those studies, 13 exploits were identified. Of these, 46% were dependent on technologies characteristic of synthetic biology. Eight potential crime types emerged from the studies: bio-discrimination, cyber-biocrime, bio-malware, biohacking, at-home drug manufacturing, illegal gene editing, genetic blackmail, and neuro-hacking. 14 offender types were identified. For the most commonly identified offenders (>3 mentions) 40% were outsider threats. These observations suggest that synthetic biology presents substantial new offending opportunities. Moreover, that more effective engagement, such as ethical hacking, is needed now to prevent a crime harvest from developing in the future. A framework to address the synthetic biology crime landscape is proposed.

show abstract

Section: Resultsmentioning

confidence: 99%

A Systematic Review of the Criminogenic Potential of Synthetic Biology and Routes to Future Crime Prevention

Elgabry

Nesbeth

Johnson

2020

Front. Bioeng. Biotechnol.

View full text Add to dashboard Cite

show abstract

“…In [21], the authors have performed a combined examination strategy for examining web applications related to the concerns of SQLi exploits and proposed a SQL-INJECTION tool capable of automatic SQLi exploits examination in web applications. In [22], the authors have built the first level RegExps for SQL Injection discovery from network traffic. To identify malicious SQL Injection of web traffic, it uses legitimate expressions obtained from popular SQL Injection tools.…”

Section: Related Workmentioning

confidence: 99%

Web Security: Emerging Threats and Defense

Almutairi¹,

Mishra²,

Alshehri³

2022

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Web applications have become a widely accepted method to support the internet for the past decade. Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities, the configuration is growing and becoming more complicated. The growing demand and complexity also make these web applications a preferred target for intruders on the internet. Even with the support of security specialists, they remain highly problematic for the complexity of penetration and code reviewing methods. It requires considering different testing patterns in both codes reviewing and penetration testing. As a result, the number of hacked websites is increasing day by day. Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors. Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach. These are quite easy to use; however, these often miss out on some of the unique critical vulnerabilities in a different and static approach. Although these are time-consuming, they can find complex vulnerabilities and improve developer knowledge in coding and best practices. Many scanners choose both dynamic and static approaches, and the developers can select them based on their requirements and conditions. This research explores and provides details of SQL injection, operating system command injection, path traversal, and cross-site scripting vulnerabilities through dynamic and static approaches. It also examines various security measures in web applications and selected five tools based on their features for scanning PHP, and JAVA code focuses on SQL injection, cross-site scripting, Path Traversal, operating system command. Moreover, this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.

show abstract

“…To raise the tenants' awareness of the seriousness of SQLIAs. [34]introduce a novel tra c-based SQLIA detection and vulnerability analysis framework named DIAVA, which can proactively send warnings to tenants promptly.…”

Section: Developing a Web-based Frameworkmentioning

confidence: 99%

Attacks on SQL Injection and Developing Compressive Framework Using a Hybrid and Machine Learning Approach

Deriba¹,

Kassa²,

Demilie³

2022

Preprint

View full text Add to dashboard Cite

Web applications play an important role in everyday life. Various Web applications are used to carry out billions of online transactions. These applications are vulnerable to attacks due to their extensive use. The most prevalent attack is SQL injection, which accepts user input and runs queries in the backend based on the user's input, returning desired results. To counter the SQL injection attack, various approaches have been offered; however, the majority of them either fail to cover the full breadth of the problem. This research paper looks into frequent SQL injection attack forms, their mechanisms, and a way of identifying them based on the SQL query's existence. We propose a comprehensive framework for determining the effectiveness of techniques that address certain issues following the essence of the attack, using hybrid (Statistic and dynamic) and machine learning. An extensive examination of the model based on a test set indicates that the Hybrid and ANN approaches outperform Naive Bayes, SVM, and Decision trees in terms of accuracy in classifying injected Queries. However, when it came to web loading time during testing, Nave Bayes outperformed. The Hybrid Method improved the accuracy of SQL injection attack prevention, according to the test findings. Although we used a limited dataset for training and testing in our study, it is advised that the dataset be expanded and the model be tested in a real-world setting.

show abstract

DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data

Cited by 42 publications

References 18 publications

A Systematic Review of the Criminogenic Potential of Synthetic Biology and Routes to Future Crime Prevention

A Systematic Review of the Criminogenic Potential of Synthetic Biology and Routes to Future Crime Prevention

Web Security: Emerging Threats and Defense

Attacks on SQL Injection and Developing Compressive Framework Using a Hybrid and Machine Learning Approach

Contact Info

Product

Resources

About