The Experts below are selected from a list of 48 Experts worldwide ranked by ideXlab platform
Xiaohu Yang - One of the best experts on this subject based on the ideXlab platform.
-
a reference model and system architecture for Database Firewall
Systems Man and Cybernetics, 2005Co-Authors: Xiaohu YangAbstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional Firewalls, used for protecting the Database, only prevent attacks searching for vulnerabilities. Database Firewalls take defense deep into the organization by providing full syntax control and audit of the SQL API stream before it reaches the Database, and enforcing content-driven access to Database. This paper proposes a layered reference model for Database Firewalls by enhancing the capability of COAST Laboratorys model. It separates a Database Firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a Database Firewall product had been prototyped. It can greatly improve the Database security by introducing self-controlled authentication, principal mapping, object mapping, and mandatory access control modules.
-
SMC - A reference model and system architecture for Database Firewall
2005 IEEE International Conference on Systems Man and Cybernetics, 2005Co-Authors: Xiaohu YangAbstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional Firewalls, used for protecting the Database, only prevent attacks searching for vulnerabilities. Database Firewalls take defense deep into the organization by providing full syntax control and audit of the SQL API stream before it reaches the Database, and enforcing content-driven access to Database. This paper proposes a layered reference model for Database Firewalls by enhancing the capability of COAST Laboratorys model. It separates a Database Firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a Database Firewall product had been prototyped. It can greatly improve the Database security by introducing self-controlled authentication, principal mapping, object mapping, and mandatory access control modules.
Suvasini Panigrahi - One of the best experts on this subject based on the ideXlab platform.
-
SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM
Computers & Security, 2016Co-Authors: Suvasini Panigrahi, Srikanth SundararajanAbstract:Abstract SQL injection attacks have been predominant on web Databases since the last 15 years. Exploiting input validation flaws, attackers inject SQL code through the front-end of websites and steal data from the back-end Databases. Detection of SQL injection attacks has been a challenging problem due to extreme heterogeneity of the attack vectors. In this paper, we present a novel approach to detect injection attacks by modeling SQL queries as graph of tokens and using the centrality measure of nodes to train a Support Vector Machine (SVM). We explore different methods of creating token graphs and propose alternative designs of the system comprising of single and multiple SVMs. The system is designed to work at the Database Firewall layer and can protect multiple web applications in a shared hosting scenario. Though we focus primarily on web applications developed with PHP and MySQL, the approach can be easily ported to other platforms. The experimental results demonstrate that this technique can effectively identify malicious SQL queries with negligible performance overhead.
-
Detection of SQL injection attacks using Hidden Markov Model
2016 IEEE International Conference on Engineering and Technology (ICETECH), 2016Co-Authors: Khushboo Agarwal, Ajit Kumar Sahoo, Suvasini PanigrahiAbstract:SQL Injection Attack (SQLIA) has been consistently ranked among the top security threats against web applications for more than a decade. Nowadays, attackers use sophisticated tools to launch automated injection attacks. The problem of prevention and detection of SQLIA has been long attended by the research community, but hardly any solution exists for protecting multiple websites in a shared hosting environment. In this paper, we present a novel method to detect malicious queries using a twin Hidden Markov Model (HMM) ensemble and validate it with large set of benign and malicious queries collected from five sample web applications written in PHP and MySQL. Following the Multiple Classifier System (MCS) paradigm, we combine the output of individual HMMs to arrive at the final decision, which provides better accuracy and lower false alarms. The system is intended to work at the Database Firewall layer, therefore it can protect multiple web applications hosted on a shared server. The initial experimental results are very encouraging and indicate that the approach can effectively identify wide varieties of SQLIA with negligible impact on performance. The technique can be easily ported to other languages and Database platforms without requiring major modifications.
-
Learning to detect SQLIA using node centrality with feature selection
2016 International Conference on Computing Analytics and Security Trends (CAST), 2016Co-Authors: Ajit Kumar Sahoo, Khushboo Agarwal, Suvasini PanigrahiAbstract:Web applications hosted on the Internet are naturally exposed to a variety of attacks and constantly probed by hackers for vulnerabilities. SQL Injection Attack (SQLIA) has been a major security threat on web applications since over 15 years. Detecting SQLIA at runtime is a challenging problem because of extreme heterogeneity of the attack vectors. This paper explores application of node centrality metrics to train a Support Vector Machine (SVM) for identifying malicious queries containing SQL injection attacks. The WHERE clause portion of SQL queries are first normalized into a sequence of tokens and then modeled as interaction networks, from which centrality of the nodes are computed. After applying feature selection by information gain method, the centrality scores of high ranking nodes are used to train the SVM classifier. We experiment with four centrality measures popularly used in Social Network Analysis (SNA). The results on five sample web applications built with PHP/MySQL show that this technique can effectively detect SQLIA with minimal performance overhead. Designed for the Database Firewall layer, the approach can protect multiple websites on a shared server, which is another advantage.
-
ICDCIT - SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity
Distributed Computing and Internet Technology, 2015Co-Authors: Suvasini Panigrahi, Srikanth SundararajanAbstract:SQL Injection Attack has been a major security threat to web applications since last 15 years. Nowadays, hackers use automated tools to discover vulnerable websites and launch mass injection attacks. Accurate run-time detection of SQL injection has been a challenge in spite of extensive research in this area. This paper presents a novel approach for real-time detection of SQL injection attacks using query transformation and document similarity measure. Acting as a Database Firewall, the proposed system named SQLiDDS, can protect multiple web applications using the Database server. With additional inputs from human expert, SQLiDDS can also become more robust over time. Our experimental results confirm that this approach can effectively detect and prevent all types of SQL injection attacks with good accuracy yet negligible impact on system performance. The approach was tested on web applications built using PHP and MySQL, however it can be easily adopted in other platforms with minimal changes.
Anjali Sardana - One of the best experts on this subject based on the ideXlab platform.
-
protecting web applications from sql injection attacks by using framework and Database Firewall
Advances in Computing and Communications, 2012Co-Authors: Yakkala Naga V Manikanta, Anjali SardanaAbstract:SQL Injection attacks are the costly and critical attacks on web applications: it is a code injection technique that allows attackers to obtain unrestricted access to the Databases and potentially sensitive information like usernames, passwords, email ids, credit card details present in them. Various techniques have been proposed to address the problem of SQL Injection attack such as defense coding practices, detection and prevention techniques, and intrusion detection systems. However most of these techniques have one or more disadvantages such as requirement for code modification, applicable to limited type of attacks and web applications. In this paper, we discuss a secure mechanism for protecting web applications from SQL Injection attacks by using framework and Database Firewall. This mechanism uses combined static and dynamic analysis technique. In static analysis, we list URLs, forms, injection points, and vulnerable parameters of web application. Thus, we identify valid queries that could be generated by the application. In dynamic analysis, we use Database Firewall to monitor runtime generated queries and check them against the whitelist of queries. The experimental setup makes use of real web applications and two open source tools namely Web Application Attack and Audit Framework (w3af) and GreenSQL. We used w3af for listing all the valid queries and GreenSQL as Database Firewall. The results show that implemented mechanism is capable of detecting all types of SQL Injection attacks without requiring any code modification to the existing web application but with an additional element of deploying a proxy.
-
ICACCI - Protecting web applications from SQL injection attacks by using framework and Database Firewall
Proceedings of the International Conference on Advances in Computing Communications and Informatics - ICACCI '12, 2012Co-Authors: Yakkala Naga V Manikanta, Anjali SardanaAbstract:SQL Injection attacks are the costly and critical attacks on web applications: it is a code injection technique that allows attackers to obtain unrestricted access to the Databases and potentially sensitive information like usernames, passwords, email ids, credit card details present in them. Various techniques have been proposed to address the problem of SQL Injection attack such as defense coding practices, detection and prevention techniques, and intrusion detection systems. However most of these techniques have one or more disadvantages such as requirement for code modification, applicable to limited type of attacks and web applications. In this paper, we discuss a secure mechanism for protecting web applications from SQL Injection attacks by using framework and Database Firewall. This mechanism uses combined static and dynamic analysis technique. In static analysis, we list URLs, forms, injection points, and vulnerable parameters of web application. Thus, we identify valid queries that could be generated by the application. In dynamic analysis, we use Database Firewall to monitor runtime generated queries and check them against the whitelist of queries. The experimental setup makes use of real web applications and two open source tools namely Web Application Attack and Audit Framework (w3af) and GreenSQL. We used w3af for listing all the valid queries and GreenSQL as Database Firewall. The results show that implemented mechanism is capable of detecting all types of SQL Injection attacks without requiring any code modification to the existing web application but with an additional element of deploying a proxy.
Yakkala Naga V Manikanta - One of the best experts on this subject based on the ideXlab platform.
-
protecting web applications from sql injection attacks by using framework and Database Firewall
Advances in Computing and Communications, 2012Co-Authors: Yakkala Naga V Manikanta, Anjali SardanaAbstract:SQL Injection attacks are the costly and critical attacks on web applications: it is a code injection technique that allows attackers to obtain unrestricted access to the Databases and potentially sensitive information like usernames, passwords, email ids, credit card details present in them. Various techniques have been proposed to address the problem of SQL Injection attack such as defense coding practices, detection and prevention techniques, and intrusion detection systems. However most of these techniques have one or more disadvantages such as requirement for code modification, applicable to limited type of attacks and web applications. In this paper, we discuss a secure mechanism for protecting web applications from SQL Injection attacks by using framework and Database Firewall. This mechanism uses combined static and dynamic analysis technique. In static analysis, we list URLs, forms, injection points, and vulnerable parameters of web application. Thus, we identify valid queries that could be generated by the application. In dynamic analysis, we use Database Firewall to monitor runtime generated queries and check them against the whitelist of queries. The experimental setup makes use of real web applications and two open source tools namely Web Application Attack and Audit Framework (w3af) and GreenSQL. We used w3af for listing all the valid queries and GreenSQL as Database Firewall. The results show that implemented mechanism is capable of detecting all types of SQL Injection attacks without requiring any code modification to the existing web application but with an additional element of deploying a proxy.
-
ICACCI - Protecting web applications from SQL injection attacks by using framework and Database Firewall
Proceedings of the International Conference on Advances in Computing Communications and Informatics - ICACCI '12, 2012Co-Authors: Yakkala Naga V Manikanta, Anjali SardanaAbstract:SQL Injection attacks are the costly and critical attacks on web applications: it is a code injection technique that allows attackers to obtain unrestricted access to the Databases and potentially sensitive information like usernames, passwords, email ids, credit card details present in them. Various techniques have been proposed to address the problem of SQL Injection attack such as defense coding practices, detection and prevention techniques, and intrusion detection systems. However most of these techniques have one or more disadvantages such as requirement for code modification, applicable to limited type of attacks and web applications. In this paper, we discuss a secure mechanism for protecting web applications from SQL Injection attacks by using framework and Database Firewall. This mechanism uses combined static and dynamic analysis technique. In static analysis, we list URLs, forms, injection points, and vulnerable parameters of web application. Thus, we identify valid queries that could be generated by the application. In dynamic analysis, we use Database Firewall to monitor runtime generated queries and check them against the whitelist of queries. The experimental setup makes use of real web applications and two open source tools namely Web Application Attack and Audit Framework (w3af) and GreenSQL. We used w3af for listing all the valid queries and GreenSQL as Database Firewall. The results show that implemented mechanism is capable of detecting all types of SQL Injection attacks without requiring any code modification to the existing web application but with an additional element of deploying a proxy.
Hao Chen - One of the best experts on this subject based on the ideXlab platform.
-
PDCAT - A New Database Firewall Based on Anomaly Detection
2010 International Conference on Parallel and Distributed Computing Applications and Technologies, 2010Co-Authors: Hao ChenAbstract:We present here a data-base Firewall to prevent from attacks against MySQL back-end data-base of web applications. It works as a data-base connection proxy, which means that the web applications connect to the DB-FW rather than the original MySQL server directly. The Firewall listens SQL query requests from the client as well as analyzes them, and then if they are safe, will call the original MySQL server to execute the queries, else will block the queries and return an empty result to the client. It can be configured to work under different ways. Here we use a special method to analyze the SQL queries, not only analyzes the structure of the queries but also the user inputs with some models, all of which allow for the detection of known and unknown attacks with low false positives and false negatives. From the experiments, we can see that it has a low performance overhead.
-
A New Database Firewall Based on Anomaly Detection
2010 International Conference on Parallel and Distributed Computing Applications and Technologies, 2010Co-Authors: Hao ChenAbstract:We present here a data-base Firewall to prevent from attacks against MySQL back-end data-base of web applications. It works as a data-base connection proxy, which means that the web applications connect to the DB-FW rather than the original MySQL server directly. The Firewall listens SQL query requests from the client as well as analyzes them, and then if they are safe, will call the original MySQL server to execute the queries, else will block the queries and return an empty result to the client. It can be configured to work under different ways. Here we use a special method to analyze the SQL queries, not only analyzes the structure of the queries but also the user inputs with some models, all of which allow for the detection of known and unknown attacks with low false positives and false negatives. From the experiments, we can see that it has a low performance overhead.
