Biblio

With the rapid development of Internet technology, the era of big data is coming. SQL injection attack is the most common and the most dangerous threat to database. This paper studies the working mode and workflow of the GreenSQL database firewall. Based on the analysis of the characteristics and patterns of SQL injection attack command, the input model of GreenSQL learning is optimized by constructing the patterned input and optimized whitelist. The research method can improve the learning efficiency of GreenSQL and intercept samples in IPS mode, so as to effectively maintain the security of background database.

Stealing confidential information from a database has become a severe vulnerability issue for web applications. The attacks can be prevented by defining a whitelist of SQL queries issued by web applications and detecting queries not in list. For large-scale web applications, automated generation of the whitelist is conducted because manually defining numerous query patterns is impractical for developers. Conventional methods for automated generation are unable to detect attacks immediately because of the long time required for collecting legitimate queries. Moreover, they require application-specific implementations that reduce the versatility of the methods. As described herein, we propose a method to generate a whitelist automatically using queries issued during web application tests. Our proposed method uses the queries generated during application tests. It is independent of specific applications, which yields improved timeliness against attacks and versatility for multiple applications.

Universal serial bus (USB) devices have widespread use in different computing platforms, including IoT gadgets, but this popularity makes them attractive targets for exploits and being used as an attack vector by malicious software. During recent years, several reports [17] ranked USB-based malware among top 10 popular malware. This security flaw can slow down the increasing penetration rate of IoT devices since most of those devices have USB ports. The research community and industry has tried to address USB security problem by implementing authentication protocols to protect users' private information and also scanning USB's storage space for any malicious software using their own repository of malware signatures, or simply disallowing use of USB devices on desktops. The new generation of USB malware does not hide in storage space, which means they are not detectable by conventional anti-malware. BadUSB is a malware recently introduced by security researchers. BadUSB modifies USB firmware and can attack all the systems which the infected USB is plugged in. The only applicable solution against this new generation of malware is whitelisting. However, generating a unique fingerprint for USB devices is challenging. In this paper, we propose an accurate USB feature based fingerprinting approach which helps us to create a list of trusted USBs as device whitelist. Our solution prevents and detects BadUSB and similar attacks by generating fingerprint from trusted USB devices' features and their primary usage. We verified the uniqueness of our generated fingerprints by analyzing real data which is collected from USB drives used by students in academic computer labs over one year. Our results indicate that our feature based whitelisting approach with an accuracy of 98.5% can identify USB whitelist members.

With the development of smart grid, information and energy integrate deeply. For remote monitoring and cluster management, SCADA system of wind farm should be connected to Internet. However, communication security and operation risk put forward a challenge to data network of the wind farm. To address this problem, an active security defense strategy combined whitelist and security situation assessment is proposed. Firstly, the whitelist is designed by analyzing the legitimate packet of Modbus on communication of SCADA servers and PLCs. Then Knowledge Automation is applied to establish the Decision Requirements Diagram (DRD) for wind farm security. The D-S evidence theory is adopted to assess operation situation of wind farm and it together with whitelist offer the security decision for wind turbine. This strategy helps to eliminate the wind farm owners' security concerns of data networking, and improves the integrity of the cyber security defense for wind farm.