We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Defeating SQL injection attack in authentication security: an experimental study.
- Authors
Das, Debasish; Sharma, Utpal; Bhattacharyya, D. K.
- Abstract
Whenever web-application executes dynamic SQL statements it may come under SQL injection attack. To evaluate the existing practices of its detection, we consider two different security scenarios for the web-application authentication that generates dynamic SQL query with the user input data. Accordingly, we generate two different datasets by considering all possible vulnerabilities in the run-time queries. We present proposed approach based on edit-distance to classify a dynamic SQL query as normal or malicious using web-profile prepared with the dynamic SQL queries during training phase. We evaluate the dataset using proposed approach and some well-known supervised classification approaches. Our proposed method is found more effective in detecting SQL injection attack under both the scenarios of authentication security.
- Subjects
SQL; WEB-based user interfaces; SUPPORT vector machines; JAVA programming language; HTML (Document markup language); SCRIPTING languages (Computer science); NAIVE Bayes classification
- Publication
International Journal of Information Security, 2019, Vol 18, Issue 1, p1
- ISSN
1615-5262
- Publication type
Article
- DOI
10.1007/s10207-017-0393-x