Improving Web Application Firewalls to detect advanced SQL injection attacks

2014 10th International Conference on Information Assurance and Security, IAS 2014

Volumn , Issue , 2014, Pages 35-40

  Makiou, Abdelhamid ^a   Begriche, Youcef ^a   Serhrouchni, Ahmed ^a  

^a TELECOM PARISTECH   (France)

Author keywords

HTTP dissection; machine learning; Security rules; SQL injection; Web Application Firewall

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; COMPUTER SYSTEM FIREWALLS; COMPUTER VIRUSES; INSPECTION; LEARNING SYSTEMS; MOBILE SECURITY; NETWORK SECURITY; PATTERN MATCHING; SOCIAL NETWORKING (ONLINE); WORLD WIDE WEB;

DETECTION PERFORMANCE; INSPECTION ENGINES; INSPECTION PROCESS; PREVENTION SYSTEMS; SECURITY RULES; SQL INJECTION; SQL INJECTION ATTACKS; WEB APPLICATION FIREWALLS;

HTTP;

EID: 84946689903     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISIAS.2014.7064617     Document Type: Conference Paper

References (13)

1. The Open Web Application Security Project (OWASP) considers, in its 2013 top ten list. Available: https://www.owasp.org/index.php/ToPI02013-TOPIO
2. Sid Ansari et al. SQL Injection in Oracle: An exploration of vulnerabilities International Journal on Computer Science and Engineering (IJCSE), pp. 522-531, April 2012
3. A. Tajpour, M. Massrum and M.Z. Heydari, Comparison of SQL Injection Detection and Prevention Techniques, 2nd International Conforence on Education Technology and Computer (ICETC), 2010
4. C. Kruegel and G. Vigna. Anomaly detection of web-based attacks. 10th ACM Conference on Computer and Communication Security (CCS 03), pages 251261. ACM Press, October 2003
5. w.G. Halfond and A. Orso, AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks, Proc. 20th IEEE and ACM Inti Conf. Automated Software Eng., pp. 174-183, Nov. 2005
6. S. W. Boyd and A. D. Keromytis. SQ Lrand: Preventing SQL Injection Attacks. In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference, pages 292-302. June 2004
7. Ivan Ristic: ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall, 2010 Feisty Duck Ltd Edition ISBN: 1907117024
8. The IronBee Project May 2014. Available: http//www.ironbee.com/
9. Naxsi project (Nginx Anti Xss Sqllnjection) May 2014. Available: https://www.owasp.org/index.php/OWASPNAXSlproject
10. Kevin Denis, Pierre Sylvain Desse et Mehdi Taibi (Arkoon Network Security), un langage orient rseaux et scurit, Symposium sur la scurit des technologies de l'information et des communications, Confrence francophone sur Ie thme de la scurit de I'information, 2014.
11. C.P. Robert, Le choix Baysien. Principes et pratiques, Ed. Springer, 2006
12. Androutsopoulos L., J. Koutsias, K.Y. Chandrinos, G. Paliouras, and C.D. Spyropoulos.2000a. An Evaluation of Naive Bayesian Anti-Spam Filtering. Proceedings of the Workshop on Machine Learning in the New Information Age, 11th European Conference on Machine Learning, Barcelona, Spain, pages 917.
13. Komiya, R. Incheon Paik Hisada, M.C Jassification of malicious web code by machine learning. Awareness Science and Technology (iCAST), OII 3rd International Conference. Sept 2011.