Intrusion Detection Framework for SQL Injection
Israr Ali, Syed Hasan Adil, Mansoor Ebrahim
TL;DR
This paper proposes a hybrid intrusion detection framework for SQL injection attacks that builds trusted user profiles using data mining and association rules to improve detection accuracy and reduce false positives.
Contribution
It introduces a novel approach combining data mining, association rules, and hybrid detection models to identify SQL injection attacks more effectively.
Findings
Effective detection of SQL injection attacks using user profiles
Reduction in false positive alarms
Enhanced security for database-driven applications
Abstract
In this era of internet, E-Business and e-commerce applications are using Databases as their integral part. These Databases irrespective of the technology used are vulnerable to SQL injection attacks. These Attacks are considered very dangerous as well as very easy to use for attackers and intruders. In this paper, we are proposing a new approach to detect intrusion from attackers by using SQL injection. The main idea of our proposed solution is to create trusted user profiles fetched from the Queries submitted by authorized users by using association rules. After that we will use a hybrid (anomaly + misuse) detection model which will depend on data mining techniques to detect queries that deviates from our normal behavior profile. The normal behavior profile will be created in XML format. In this way we can minimize false positive alarms.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Network Security and Intrusion Detection · Digital and Cyber Forensics