Approach to detecting SQL injection behaviors in network environment

Yu-fei ZHAO; Gang XIONG; Long-tao HE; Zhou-jun LI

Tongxin xuebao (Feb 2016)

Approach to detecting SQL injection behaviors in network environment

Yu-fei ZHAO,
Gang XIONG,
Long-tao HE,
Zhou-jun LI

Affiliations

Yu-fei ZHAO
Gang XIONG
Long-tao HE
Zhou-jun LI

Journal volume & issue: Vol. 37
pp. 89 – 98

Abstract

Read online

SQL injection attack is one of the main threats that many Web applications faced with. The traditional detection method depended on the clients or servers. Firstly the process of SQL injection attack was analyzed, and then the differences between attack traffic and normal traffic HTTP request length, HTTP connections and feature string were discovered. Based on the request length, request frequency and feature string, a new method, LFF (length-frequency-feature), was proposed to detect SQL injection behaviors from network traffic. The results of experiments indicated that in simulation environments the recall of LFF approach reach up to 95%, and in real network traffic the LFF approach also get a good detection result.

Web security;SQL injection;network traffic;outlier detection

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords