Hybrid Approach to Detect SQLi Attacks and Evasion Techniques - Equipe Cybersecurity for Communication and Networking Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

Hybrid Approach to Detect SQLi Attacks and Evasion Techniques

Résumé

—Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules.
Fichier principal
Vignette du fichier
Hybrid SQLi_Clo2014_Short_Paper.pdf (332.65 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01138604 , version 1 (02-04-2015)

Identifiants

Citer

Abdelhamid Makiou, Youcef Begriche, Ahmed Serhrouchni. Hybrid Approach to Detect SQLi Attacks and Evasion Techniques. Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014, Oct 2014, Miami, United States. pp.452-456, ⟨10.4108/icst.collaboratecom.2014.257568⟩. ⟨hal-01138604⟩
278 Consultations
773 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More