体育赛事投注记录

体育赛事投注记录advertisement

Prevention and Detection of SQL Injection Attacks Using Generic Decryption

  • R. Archana DeviEmail author
  • D. Hari Siva Rami Reddy
  • T. Akshay Kumar
  • P. Sriraj
  • P. Sankar
  • N. Harini
Conference paper
  • 48 Downloads
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 127)

Abstract

today, internet services have become an indispensable part of everyone’s life. with internet becoming platform to offer services, traditional core services like banking and ecommerce are now being provided in internet platform, and making security for these services have become necessary. the openness of internet has increased risk. in certain huge organization’s cyber security, it is usual to notice major issues because of vulnerabilities in their system or software. by performing a depth analysis, it has come to know that the cause of vulnerabilities is either the developers or the design process. research studies suggest that more than 80% of the active web sites are vulnerable to sql injection. the web sites that unnecessarily expose server information have been recorded as nearly 67%. the web sites that does not secure session cookies is approximately 50%. about 30% of the websites secure their communications, for sending sensitive information of users. hence, a study on mitigation of attacks is compelling. sql injection targets interactive internet services that employ database and aims to exploit vulnerability occurring at database layer in the three-tier architecture. this paper proposes a solution to detect and prevent sql injection attacks using a model which is inspired from the concept of generic decryption. results obtained confirm the extraordinary performance of the proposed scheme against the existing prevention techniques.

Keywords

SQL injection Database security Mitigation Prevention Generic decryption 

References

  1. 1.
    Jespersen MS, Hargreaves FP (2012) Malicious software. University of Southern Denmark, Denmark
  2. 2.
    Radhika N, Vanitha A (2014) Multidimensional analysis of SQL injection attacks in web applications. Int J Innovative Sci Eng Technol 1(3)
  3. 3.
    Buehrer G, Weide, BW, Sivilotti PA (2005) Using parse tree validation to prevent SQL injection attacks. SEM
  4. 4.
    Kosuga Y, Kono K, Hanaoka M, Hishiyama M, Takahama Y (2007) Sania: syntactic and semantic analysis for automated testing against SQL injection. In: 23rd annual computer security applications conference, IEEE Computer Society, pp 107–117
  5. 5.
    Common Vulnerability and Exposures,
  6. 6.
    Jovanovic N, Kruegel C, Kirda E. (2006). Precise alias analysis for static detection of web application vulnerabilities. In: Proceedings of the 2006 workshop on programming languages and analysis for security
  7. 7.
    Fonseca J, Vieira M, Madeira H (2007). Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim international symposium on dependable computing (PRDC 2007)
  8. 8.
    McClure RA, Kruger IH (2005) SQL DOM: compile time checking of dynamic SQL statements. in software engineering, 2005. In: Proceedings. 27th International Conference on ICSE 2005
  9. 9.
    Bulusu P, Shahriar H, Haddad HM (2015) Classification of lightweight directory access protocol query injection attacks and mitigation techniques. In: 2015 international conference on collaboration technologies and systems (CTS), IEEE
  10. 10.
    Harini N, Padmanaban TR (2016) 3CAuth: a new scheme for enhancing security. Int J Netw Secure 18(1):143–150
  11. 11.
    Pearson III E, Bethel CL (2016) A design review: concepts for mitigating SQL injection attacks. Little Rock, AR
  12. 12.
    Wang X, Wang L, Wei G, Zhang D, Yang Y (2015) Hidden web crawling for SQL injection detection. Beging, China
  13. 13.
    Raghavan S, Garcia-Molina H (2001) Crawling the hidden web. In: Proceedings of 27th international conference on very large data bases. Morgan Kaufmann, Roma, Italy
  14. 14.
    Bergman MK (2000) The deep web: Surfacing hidden value. Technical report. BrightPlanet LLC, Dubai
  15. 15.
    Fonseca J, Vieira M, Madeira H (2009) Vulnerability & attack injection for web applications. In: IEEE/IFIP international conference on dependable systems & networks, 2009. DSN’09. IEEE
  16. 16.
    Fonseca J, Vieira M, Madeira H (2014) Evaluation of web security mechanisms using vulnerability & attack injection
  17. 17.
    Available:

Copyright information

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021

Authors and Affiliations

  • R. Archana Devi
    • 1
    Email author
  • D. Hari Siva Rami Reddy
    • 1
  • T. Akshay Kumar
    • 1
  • P. Sriraj
    • 1
  • P. Sankar
    • 1
  • N. Harini
    • 1
  1. 1.Department of Computer Science and EngineeringAmrita School of Engineering, CoimbatoreCoimbatoreIndia

Personalised recommendations