期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2014
卷号:2
期号:3
出版社:S&S Publications
摘要:With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of kno wledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generall y consist of a three tier architecture where database is in the third pole, which is th e most valuable asset in any organization. SQL injection is an attack technique used to exploit code by altering back - end SQL statements through manipulating input. An attacker can directl y compromise the database, that's why this is a most threatening att ack.SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project[12]. It is probably the most common Website vulnerability today! Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can't be implemented in all platforms or do not cover all types of SQL injection attacks. In this work we implement Detection Block model against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC of static and dynamic query which is derived from entropy is compared to detect an attack.
关键词:S ; QL injection; information theory; entropy; web attacks; system security
