Profiling Database Application to Detect SQL Injection Attacks

Get BibTex-formatted data

Author

Elisa Bertino, Ashish Kamra, James P. Early

Entry type

conference

Abstract

Countering threats to an organization's internal databases from database applications is an important area of research. In this paper, we propose a novel framework based on anomaly detection techniques, to detect malicious behaviour of database application programs. Specifically, we create a fingerprint of an application program based on SQL queries submitted by it to a database. We then use association rule mining techniques on this fingerprint to extract useful rules. These rules succinctly represent the normal behaviour of the database application. We then apply an anomaly detection algorithm to detect queries that do not conform to these rules. We further demonstrate how this model can be used to detect SQL Injection attacks on databases. We show the validity and usefulness of our approach on synthetically generated datasets and SQL Injected queries. Experimental results show that our techniques are effective in addressing various types of SQL Injection threat scenarios.

Date

2007 – 04

URL

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4197962

Booktitle

Performance, Computing, and Communications Conference, 2007.

Key alpha

Bertino

Pages

1097-2641

Affiliation

Purdue University

Publication Date

2007-04-00

Isbn

1-4244-1138-6

Issn

1097-2641

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Conference{ Bertino,
	title = "Profiling Database Application to Detect SQL Injection Attacks",
	author = "Elisa Bertino, Ashish Kamra, James P. Early",
	year = "2007",
	month = "04",
	booktitle = "Performance, Computing, and Communications Conference, 2007.",
	pages = "1097-2641",
	abstract = "Countering threats to an organization's internal databases from database applications is an important area of research. In this paper, we propose a novel framework based on anomaly detection techniques, to detect malicious behaviour of database application programs. Specifically, we create a fingerprint of an application program based on SQL queries submitted by it to a database. We then use association rule mining techniques on this fingerprint to extract useful rules. These rules succinctly represent the normal behaviour of the database application. We then apply an anomaly detection algorithm to detect queries that do not conform to these rules. We further demonstrate how this model can be used to detect SQL Injection attacks on databases. We show the validity and usefulness of our approach on synthetically generated datasets and SQL Injected queries. Experimental results show that our techniques are effective in addressing various types of SQL Injection threat scenarios.",
	affiliation = "Purdue University",
	isbn = "1-4244-1138-6",
	issn = "1097-2641",
	url = "http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4197962",
}