Code-based Analysis Approach to Detect and Prevent SQL Injection Attacks
| Title | Code-based Analysis Approach to Detect and Prevent SQL Injection Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Jana, Angshuman, Maity, Dipendu |
| Conference Name | 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) |
| Date Published | July 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-6851-7 |
| Keywords | Collaboration, Complex Number System, Databases, encoding, Human Behavior, human factors, Input clustering, Metrics, policy-based governance, Programming, pubcrawl, resilience, Resiliency, Safe Coding, security, SQL Injection, SQL Injection attacks, Structured Query Language, Tools |
| Abstract | Now-a-days web applications are everywhere. Usually these applications are developed by database program which are often written in popular host programming languages such as C, C++, C\#, Java, etc., with embedded Structured Query Language (SQL). These applications are used to access and process crucial data with the help of Database Management System (DBMS). Preserving the sensitive data from any kind of attacks is one of the prime factors that needs to be maintained by the web applications. The SQL injection attacks is one of the important security threat for the web applications. In this paper, we propose a code-based analysis approach to automatically detect and prevent the possible SQL Injection Attacks (SQLIA) in a query before submitting it to the underlying database. This approach analyses the user input by assigning a complex number to each input element. It has two part (i) input clustering and (ii) safe (non-malicious) input identification. We provide a details discussion of the proposal w.r.t the literature on security and execution overhead point of view. |
| URL | https://ieeexplore.ieee.org/document/9225575 |
| DOI | 10.1109/ICCCNT49239.2020.9225575 |
| Citation Key | jana_code-based_2020 |