A weight-based symptom correlation approach to SQL injection attacks

Proceedings - 2009 4th Latin-American Symposium on Dependable Computing, LADC 2009

Volumn , Issue , 2009, Pages 9-16

  Ficco, Massimo ^a,b   Coppolino, Luigi ^a,b   Romano, Luigi ^a,b,c  

^a Laboratorio ITeM C Savy   (Italy)

^b UNIVERSITY OF NAPLES PARTHENOPE   (Italy)

^c ICAR CNR   (Italy)

Author keywords

Anomaly detection; Correlation; Information diversity; Intrusion detection; SQL injection attacks

Indexed keywords

ANOMALY DETECTION; ANOMALY DETECTION MODELS; ARCHITECTURAL LAYERS; CORRELATION; DETECTION COVERAGE; DETECTION MODELS; DETECTION PERFORMANCE; FALSE POSITIVE; INFORMATION DIVERSITY; SECURITY THREATS; SINGLE SOURCE; SQL INJECTION; SQL INJECTION ATTACKS; WEB APPLICATION; WEB-BASED APPLICATIONS;

COMPUTER CRIME; COMPUTER SCIENCE; FAULT TOLERANT COMPUTER SYSTEMS; WORLD WIDE WEB;

INTRUSION DETECTION;

EID: 70350759684     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/LADC.2009.14     Document Type: Conference Paper

References (24)

1. The OWASP Top 10 Web attacks, Sep. 2008., http://www.owasp.org/index.php/ Top-10-2007
2. C. Anley, Advanced SQL Injection In SQL Server Applications, An NGSSoftware Insight Security Research (NISR) Publication, vol.2005, 2002.
3. F. S. Rietta, Application Layer Intrusion Detection for SQL Injection, in proc. of the 44th annual Southeast regional conference, pp. 531-536 Mar. 2006, ACM Press.
4. C. Kruegel and G. Vigna, Anomaly detection of web based attacks, in proc. of the 10th ACM conference on Computer and Communication Security (CCS'03), pp. 251-261, Oct. 2003, ACM Press.
5. F. Valeur, G. Vigna, C. Kruegel, R.A. Kemmerer, Comprehensive approach to intrusion detection alert correlation, in IEEE Tranaction on Dependable and Secure Computing, vol.1, no.3, pp. 146-169, 2004. IEEE CS Press.
6. W. G. Halfond, J. Viegas, and A. Orso, A Classification of SQL-Injection Attacks and Countermeasures, in proc. of the International Symposium on Secure Software Engineering, pp. 795-798, Mar. 2006, ACM Press.
7. M. Haibin, and G. Jian, Intrusion Alert Correlation based on D-S Evidence Theory, in the Second International Conference on Communications and Networking (CHINACOM '07), pp. 377-381, Aug. 2007, IEEE CS Press.
8. A. Valdes and K. Skinner, Adaptive, Model-based Monitoring for Cyber Attack Detection, in proc. of International Conference on Recent Advances in Intrusion Detection (RAID), LNCS no. 1907, pp. 80-92, Oct. 2000. Springer-Verlag, Berlin Heidelberg.
9. A. Bondavalli, A. Ceccarelli, L. Falai, Assuring Resilient Time Synchronization, in proc. of IEEE Symposium on Reliable Distributed Systems (SRDS'08), pp. 3-12, Oct. 2008, IEEE CS Press.
10. The Chi-Square Probabilities Table, Dec. 2008, at http://people.richland. edu/james/lecture/m170/tbl-chi.html
11. A MySQL server monitor for Unix and Windows, Dec.2008, MySQL Proxy v.6.0.1, at: http://forge.mysql.com/wiki/MySQLProxy
12. A network protocol analyzer for Unix and Windows, Feb. 2009, Wireshark 1.0.6, at: http://www.wireshark.org/
13. F. Campanile, A. Cilardo, L. Coppolino, and L. Romano, Adaptable Parsing of Real-Time Data Streams, in proc. of the EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing(PDP '07), pp. 412-418, Feb. 2007.
14. A hybrid Intrusion Detection system. Prelude, at: http://www.preludeids. com/, Jul. 2008.
15. A Distributed Stream Processing Engine. Borealis, at: http://www.cs.brown.edu/research/borealis/public/.
16. D. Scott and R. Sharp, Abstracting Application-Level Web Security, in proc. of the 11th international conference on World Wide Web, pp. 396-407, May 2002, ACM Press.
17. W.G. Halfond and A. Orso, AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks, in proc. of the 28th international conference on Software engineering, pp. 174-183, Nov. 2005, ACM Press.
18. A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans, Automatically Hardening Web Applications Using Precise, in proc. of 20th IFIP International Conference on Information Security Tainting Information, vol.181, pp. 295-307, May 2005.
19. W.G. Halfond, A. Orso, P. Manolios, WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation, in IEEE Transactions on Software Engineering, vol.34, no.1, pp. 65-81, Jan.-Feb. 2008.
20. K. Wang and S. Stolfo, Anomalous Payload-based Network Intrusion Detection, in proc. of of the Seventh International Symposium on Recent Advance in Intrusion Detection (RAID), pp. 203-222, Sept. 2004.
21. J. B. D. Cabrera, L. Lewis, and R. K. Mehra, Detection and classification of intrusions and faults using sequences of system calls, in Special section on data mining for intrusion detection and threat analysis, vol.30, no.4, pp. 25-34, 2001, ACM Press.
22. M. Kiani, A. Clark, G. Mohay, Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks, in proc. of Third International Conference on Availability, Reliability and Security (ARES 2008), pp. 47-55, Mar. 2008, ACM Press.
23. F. Valeur, D. Mutz, and G. Vigna, A Learning-Based Approach to the Detection of SQL Attacks, in proc. of the Detectiion of Intrusions and Malware and Vulnerability Assessment (DIMVA), LNCS no. 3548, pp. 123-140, Jul. 2005, Springer-Verlag, Berlin Heidelberg.
24. M. Kaaniche, M. Martinello, K. Kanoun, C.A. Melchor, Modeling user perceived unavailability due to long response times, in proc. of the 20th International Symposium on Parallel and Distributed Processing, pp. 1-8, Apr. 2005, IEEE CS Press.