摘要:Background and Objective: Data is one of the most valuable assets as it is the core for any organization website. SQL Injection Attack (SQLIA) is the way by which hackers gain access to data. An approach was proposed in this paper to efficiently detect SQLIA. Methodology: One of the most powerful algorithms, Parsing Tree validation (PT), depends only on accurate detection but takes much time so combining it with a fast dynamic algorithm with the purpose of learning and storing the malicious input patterns to compare with the next coming inputs will be a great achievement. An algorithm was proposed that is based on the combination of two of the existing detection algorithms: pattern matching algorithm using Aho-Corasick (AC) and PT. Results: Experiments showed that the proposed approach guarantees high accuracy of 99.9%, reasonable time which was 53.6% of PT's time and less memory usage. Conclusion: SQLIA is one of the most severe threats to the database. In general, the approaches that provide the best guard for the database against SQLIA are those that make use of a mix of primitive approaches as this leads to strengthening their merits and improving their weaknesses.
Loading...
