Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks. In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. The main idea of this framework is to create a profile for legitimate database behavior extracted from applying association rules on XML file containing queries submitted from application to the database. As a second step in the detection process, the structure of the query under observation will be compared against the legitimate queries stored in the XML file thus minimizing false positive alarms.
%0 Journal Article
%1 IJACSA.2012.030321
%A Shaimaa Ezzat Salama Mohamed I. Marie, Laila M El-Fangary Yehia K Helmy
%D 2012
%J International Journal of Advanced Computer Science and Applications(IJACSA)
%K SQL anomaly association detection. detection; injection; intrusion rule;
%N 3
%T Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection
%U http://ijacsa.thesai.org/
%V 3
%X Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks. In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. The main idea of this framework is to create a profile for legitimate database behavior extracted from applying association rules on XML file containing queries submitted from application to the database. As a second step in the detection process, the structure of the query under observation will be compared against the legitimate queries stored in the XML file thus minimizing false positive alarms.
@article{IJACSA.2012.030321,
abstract = {Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks. In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. The main idea of this framework is to create a profile for legitimate database behavior extracted from applying association rules on XML file containing queries submitted from application to the database. As a second step in the detection process, the structure of the query under observation will be compared against the legitimate queries stored in the XML file thus minimizing false positive alarms.
},
added-at = {2014-02-21T08:00:08.000+0100},
author = {{Shaimaa Ezzat Salama Mohamed I. Marie}, Laila M El-Fangary Yehia K Helmy},
biburl = {https://www.bibsonomy.org/bibtex/2e0e877c6c05f09013534c2beaa0c9f8a/thesaiorg},
interhash = {ebc3d3ca686ed008f05543dc2c768c02},
intrahash = {e0e877c6c05f09013534c2beaa0c9f8a},
journal = {International Journal of Advanced Computer Science and Applications(IJACSA)},
keywords = {SQL anomaly association detection. detection; injection; intrusion rule;},
number = 3,
timestamp = {2014-02-21T08:00:08.000+0100},
title = {{Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection}},
url = {http://ijacsa.thesai.org/},
volume = 3,
year = 2012
}