Authors : J. Pradeep Kumar, A. Udaya Kumar and T. Ravi
Abstract: As the contemporary applications are database-driven, SQL Injection Attacks (SQLIAs) have been capable of causing potential risk to businesses across the globe. Most of the existing solutions focused on SQL and its structure at application level which is doomed to fail when stored procedures are targeted. In this study, we propose a framework for detecting SQLIAs at database level. We exploit kernel level functions and data mining techniques such as classification to have basis for detection of such attacks. The framework provides placeholders to have flexible mechanisms that help in using different approaches in future. Thus, the framework provides pluggable mechanisms, so as to support future techniques as well at database level. We implemented the functionality of the framework using PostgreSQL. The kernel functions of the RDBMS are exploited in order to have integrated functionality to detect SQLIAs. The empirical results revealed that the proposed framework is able to provide 99% probability of protecting applications from SQLIAs. The framework also achieve 100% true positives in detecting SQLIAs.
J. Pradeep Kumar, A. Udaya Kumar and T. Ravi, 2017. A Flexible and Extendable Data Mining Based Generic Framework for Preventing SQL Injection Attacks. Asian Journal of Information Technology, 16: 451-457.