Solomon Uwagbole
Numerical encoding to tame SQL injection attacks
Uwagbole, Solomon; Buchanan, William J.; Fan, Lu
Abstract
Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations’ databases. Intruders becoming smarter in obfuscating web requests to evade detection combined with increasing volumes of web traffic from the Internet of Things (IoT), cloud-hosted and on-premise business applications have made it evident that the existing approaches of mostly static signature lack the ability to cope with novel signatures. A SQLIA detection and prevention solution can be achieved through exploring an alternative bio-inspired supervised learning approach that uses input of labelled dataset of numerical attributes in classifying true positives and negatives. We present in this paper a Numerical Encoding to Tame SQLIA (NETSQLIA) that implements a proof of concept for scalable numerical encoding of features to a dataset attributes with labelled class obtained from deep web traffic analysis. In the numerical attributes encoding: the model leverages proxy in the interception and decryption of web traffic. The intercepted web requests are then assembled for front-end SQL parsing and pattern matching by applying traditional Non-Deterministic Finite Automaton (NFA). This paper is intended for a technique of numerical attributes extraction of any size primed as an input dataset to an Artificial Neural Network (ANN) and statistical Machine Learning (ML) algorithms implemented using Two-Class Averaged Perceptron (TCAP) and Two-Class Logistic Regression (TCLR) respectively. This methodology then forms the subject of the empirical evaluation of the suitability of this model in the accurate classification of both legitimate web requests and SQLIA payloads.
Citation
Uwagbole, S., Buchanan, W. J., & Fan, L. (2016, April). Numerical encoding to tame SQL injection attacks. Presented at 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 2ND IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT) |
Start Date | Apr 29, 2016 |
End Date | Apr 29, 2016 |
Acceptance Date | Apr 29, 2016 |
Publication Date | Jul 4, 2016 |
Deposit Date | Jul 7, 2016 |
Publicly Available Date | Jul 7, 2016 |
Publisher | Institute of Electrical and Electronics Engineers |
Peer Reviewed | Peer Reviewed |
Series ISSN | 2374-9709 |
Book Title | 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS), |
ISBN | 978-1-5090-0223-8 |
DOI | https://doi.org/10.1109/NOMS.2016.7502997 |
Keywords | NETSQLIA; SQLIA; numerical attributes encoding; SQL Injection; SQLIA neurons; |
Public URL | http://researchrepository.napier.ac.uk/id/eprint/10414 |
Contract Date | Jul 7, 2016 |
Files
Numerical encoding to Tame SQL injection attacks
(927 Kb)
PDF
Copyright Statement
© © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works
You might also like
Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains
(2024)
Journal Article
Chaotic Quantum Encryption to Secure Image Data in Post Quantum Consumer Technology
(2024)
Journal Article
Detection of Ransomware
(2024)
Patent
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search