Fixed Attribute Value Removal Method and Anomaly Based Profiled Method, An SQLi Detection Effectiveness Study
In this work, performance of two existing SQL injection detection methods is compared and analysed together. The first existing method uses removal of SQL query attribute values method, and the other one uses database profiling technique in detecting malicious SQL query in SQL injection attacks. Bot...
Saved in:
| Published in | 2021 International Conference on Data Science and Its Applications (ICoDSA) pp. 72 - 78 |
|---|---|
| Main Authors | , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
06.10.2021
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.1109/ICoDSA53588.2021.9617523 |
Cover
| Abstract | In this work, performance of two existing SQL injection detection methods is compared and analysed together. The first existing method uses removal of SQL query attribute values method, and the other one uses database profiling technique in detecting malicious SQL query in SQL injection attacks. Both detection method algorithms are implemented and tested using SQL query log generated from DVWA and Mutillidae web applications. Analysis and evaluation from results of the experiment showed that detection method based on the considered database profiling method is found to be much flexible and more effective. Nevertheless, it was found that the former method still has some room of improvement that could be done. Therefore, improvement on the former method is proposed that increase the effectiveness of the method to distinguish non-malicious query and the malicious query during the SQL injection detection process. |
|---|---|
| AbstractList | In this work, performance of two existing SQL injection detection methods is compared and analysed together. The first existing method uses removal of SQL query attribute values method, and the other one uses database profiling technique in detecting malicious SQL query in SQL injection attacks. Both detection method algorithms are implemented and tested using SQL query log generated from DVWA and Mutillidae web applications. Analysis and evaluation from results of the experiment showed that detection method based on the considered database profiling method is found to be much flexible and more effective. Nevertheless, it was found that the former method still has some room of improvement that could be done. Therefore, improvement on the former method is proposed that increase the effectiveness of the method to distinguish non-malicious query and the malicious query during the SQL injection detection process. |
| Author | Isnin, Ismail Fauzi Kamaruzman, Shamsul Alam Din, Mazura Mat |
| Author_xml | – sequence: 1 givenname: Shamsul Alam surname: Kamaruzman fullname: Kamaruzman, Shamsul Alam email: shamsulkamaruzman@gmail.com organization: University of Technology Malaysia,School of Computing, Faculty of Engineering,Skudai,Malaysia – sequence: 2 givenname: Ismail Fauzi surname: Isnin fullname: Isnin, Ismail Fauzi email: ismailfauzi@utm.my organization: University of Technology Malaysia,School of Computing, Faculty of Engineering,Skudai,Malaysia – sequence: 3 givenname: Mazura Mat surname: Din fullname: Din, Mazura Mat email: mazuramd@gmail.com organization: Universiti Teknologi MARA (UiTM),Faculty of Computer and Mathematical Science,Merbok,Malaysia |
| BookMark | eNotkMtOwzAURI0ECyj9Ajb-AFp8_Yq9LH1RKYhHgW3lJNfCUhKjxK3o3xPUrmakOTOLuSGXbWyREApsCsDsw2YeF9uZEsqYKWccplZDpri4IGObGdBaSSmY0NekWYVfrOgspS4U-4T0y9V7pO_YxIOr6TOm71hR1w5IGxtXH-mj64fCaxd9qAdzIu6HmG7f8kAXmLBMIbZ06f2_O2CLfU-3aV8db8mVd3WP47OOyOdq-TF_muQv6818lk8CgEkTtM4yqEoHsvASjOdlprlSzFjtCpUxKL0XYHSBUHCnUJZKWJsJqSX3FsSI3J12AyLufrrQuO64O58g_gAqp1c2 |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ICoDSA53588.2021.9617523 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781665443036 1665443030 |
| EndPage | 78 |
| ExternalDocumentID | 9617523 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i118t-e9a901dca14bf418f2c762550896ab5701cff3186be1b2a5e4c5399734642f913 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:37:48 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i118t-e9a901dca14bf418f2c762550896ab5701cff3186be1b2a5e4c5399734642f913 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_9617523 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-Oct.-6 |
| PublicationDateYYYYMMDD | 2021-10-06 |
| PublicationDate_xml | – month: 10 year: 2021 text: 2021-Oct.-6 day: 06 |
| PublicationDecade | 2020 |
| PublicationTitle | 2021 International Conference on Data Science and Its Applications (ICoDSA) |
| PublicationTitleAbbrev | ICODSA |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.7750058 |
| Snippet | In this work, performance of two existing SQL injection detection methods is compared and analysed together. The first existing method uses removal of SQL... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 72 |
| SubjectTerms | Data science database security detection method effectiveness Error analysis Security SQL injection |
| Title | Fixed Attribute Value Removal Method and Anomaly Based Profiled Method, An SQLi Detection Effectiveness Study |
| URI | https://ieeexplore.ieee.org/document/9617523 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PT8IwFG6Qkyc1YPydHjyyse5H2x0RJGjEqIjhRtr1NSHCZsyWiH-97TYwGg_emvZlXdrtfXvd976H0CXngQgINV9uEIVOGAF3OBeeA4LpCBhVhNhs5PE9HU3D21k0a6DONhcGAEryGbi2Wf7LV1lS2KOybmzg1gROO2iHcVrlam3IOV7cvelng0kvCiJuKVs-cWvzH3VTStgY7qHxZsKKLfLqFrl0k89fWoz_vaN91P5O0MMPW-g5QA1IW2g1XHyAwr28KmIF-EUsC8BPsMrM44THZa1oLFJjkmYrsVzjKwNhyl7IqjOp2qJjhvHk8W6BB5CXRK0UVxrHtWPElnu4bqPp8Pq5P3LqagrOwgQRuQOxMNivEkFCqUPCtZ8YR2gCFB5TISPmkURr84ZTCUT6IoIwsaq1LAhNiKJjEhyiZpqlcIQw9WSgGZVcUGXVbUSgOfP92HhWJpmSx6hll2r-VglmzOtVOvm7-xTt2u0qGXL0DDXz9wLODdLn8qLc4i-Gj6ma |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PT8IwFG4QD3pSA8bf9uCRAd3arjsiSECBqIDhRtrtLSHCZsyWiH-97TYwGg_elq5dm3Z7X1_3ve8hdCOEIx3C9c4NGLUoA2EJIZsWSDdk4PKAEBONPBzx3pTez9ishGrbWBgAyMhnUDeX2b_8IPZTc1TW8DTcasdpB-0ySinLo7U29Jym1-i34864xRwmDGnLJvWiwY_MKRlwdA_QcNNlzhd5raeJqvufv9QY_zumQ1T9DtHDj1vwOUIliCpo1V18QIBbSZ7GCvCLXKaAn2EV6xcKD7Ns0VhGukoUr-RyjW81iAXmQUafKShq1PRtPH4aLHAHkoyqFeFc5bgwjdiwD9dVNO3eTdo9q8inYC20G5FY4EmN_oEvCVUhJSK0fW0KtYsiPC4Vc5vED0P9jXMFRNmSAfWNbq3rUO2khB5xjlE5iiM4QZg3lRO6XAnJA6NvI51QuLbtadvqKjdQp6hipmr-lktmzItZOvu7-Brt9SbDwXzQHz2co32zdBlfjl-gcvKewqXG_URdZcv9BZYurOc |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2021+International+Conference+on+Data+Science+and+Its+Applications+%28ICoDSA%29&rft.atitle=Fixed+Attribute+Value+Removal+Method+and+Anomaly+Based+Profiled+Method%2C+An+SQLi+Detection+Effectiveness+Study&rft.au=Kamaruzman%2C+Shamsul+Alam&rft.au=Isnin%2C+Ismail+Fauzi&rft.au=Din%2C+Mazura+Mat&rft.date=2021-10-06&rft.pub=IEEE&rft.spage=72&rft.epage=78&rft_id=info:doi/10.1109%2FICoDSA53588.2021.9617523&rft.externalDocID=9617523 |