期刊名称:International Journal of Database Management Systems
印刷版ISSN:0975-5985
电子版ISSN:0975-5705
出版年度:2014
卷号:6
期号:1
页码:21
DOI:10.5121/ijdms.2014.6102
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:SQL injection is a type of attacks used to gain, manipulate, or delete information in any data-driven systemwhether this system is online or offline and whether this system is a web or non-web-based. It isdistinguished by the multiplicity of its performing methods, so defense techniques could not detect orprevent such attacks. The main objective of this paper is to create a reliable and accurate hybrid techniquethat secure systems from being exploited by SQL injection attacks. This hybrid technique combines staticand runtime SQL queries analysis to create a defense strategy that can detect and prevent various types ofSQL injection attacks. To evaluate this suggested technique, a large set of SQL queries have been executedthrough a simulation that had been developed. The results indicate that the suggested technique is reliableand more effective in capturing more SQL injection types compared to other SQL injection detectionmethods.
