The week's pick
Random Articles
Reseach Article
SQL injection attack Detection using SVM
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 42 - Number 13 |
| Year of Publication: 2012 |
| Authors: Romil Rawat, Shailendra Kumar Shrivastav |
10.5120/5750-7043
|
Romil Rawat, Shailendra Kumar Shrivastav . SQL injection attack Detection using SVM. International Journal of Computer Applications. 42, 13 ( March 2012), 1-4. DOI=10.5120/5750-7043
Abstract
Web application has various input functions which are susceptible to SQL-Injection attack. SQL-Injection occurs by injecting suspicious code or data fragments in a web application. Personal information disclosure ,loss of authenticity, data theft and site fishing falls under this attack category. It is impossible to check original data code and suspicious data code using available algorithms and approaches because of inefficient and proper training techniques of dataset or design aspects. In this paper we will use SVM (Support Vector Machine) for classification and prediction of SQL-Injection attack. In our propose algorithm, SQL-Injection attack detection accuracy is (96. 47% and which is the highest among the existing SQL-Injection detection Techniques.
References
- A Classification of SQL Inject ion At tacks and Countermeasures: William G. J. Hal Fond and Alessandro Orso, Col lege of Computing, Georgia Institute of Technology. Gatech. edu.
- D. Scott and R. Sharp, "Abstracting Application-level Web Security", In Proceedings of the 11th International Conference on the World Wide Web (WWW 2002), Pages 396–407, 2002. Y. Huang, F. Yu, C. Hang, C. H. Tsai, D. T. Lee, and S. Y. Kuo.
- "Securing Web Application Code by Static Analysis and Runtime Protection", In Proceedings of the 12th International World Wide Web Conference (WWW 04), May 2004.
- SQL Injection Attack Examples based on the Taxonomy of Orso et al.
- Xiang Fu, Xin Lu, Boris Peltsverger , Shijun Chen, "A Static Analysis Framework For Detecting SQL Injection Vulnerabilities", IEEE Transaction of computer software and application conference, 2007.
- Konstantinos Kemalis and Theodoros Tzouramanis, "Specification based approach on SQL Injection detection", ACM, 2008.
- G. T. Buehrer, B. W. Weide and P. A. . G. Sivilotti, "Using Parse tree validation to prevent SQL Injection attacks", In proc. Of the 5th International Workshop on Software Engineering and Middleware(SEM '056), Pages 106-113, Sep. 2005.
- V. B. Livshits and M. S. Lam, "Finding Security vulnerability in java applications with static analysis", In proceedings of the 14th Usenix Security Symposium, Aug 2005.
- William G. J. Halfond, Alessandro Orso, Panagiotis Manolios, "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", IEEE Transaction of Software Engineering Vol34Nol, January/February 2008.
- W. G. J. Halfond and A. Orso, "Combining Static Analysis and Run time monitoring to counter SQL Injection attacks", 3rd International workshop on Dynamic Analysis, St. Louis, Missouri, 2005, pp. 1.
- Marco Cova, Davide Balzarotti , Viktoria Felmetsger, and Giovanni vigna, " Swaddler: An approach for the anamoly based character distribution models in the detection of SQL Injection attacks", Recent Advances in Intrusion Detection System, Pages 63-86, Springerlink, 2007.
- NTAGW ABIRA Lambert and KANG Song Lin ," Use of Query Tokenization to detect and prevent SQL Injection Attacks", IEEE,2010.
- Vipin Das 1, Vijaya Pathak2, Sattvik Sharma3,Sreevathsan4,MVVNS. Srikanth5,Gireesh Kumar T," NETWORK INTRUSION DETECTION SYSTEM BASED ON MACHINE LEARNING ALGORITHMS", International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010.
Index Terms
Keywords