Abstract
Today, Internet services have become an indispensable part of everyone’s life. With Internet becoming platform to offer services, traditional core services like banking and ecommerce are now being provided in Internet platform, and making security for these services have become necessary. The openness of Internet has increased risk. In certain huge organization’s cyber security, it is usual to notice major issues because of vulnerabilities in their system or software. By performing a depth analysis, it has come to know that the cause of vulnerabilities is either the developers or the design process. Research studies suggest that more than 80% of the active Web sites are vulnerable to SQL injection. The Web sites that unnecessarily expose server information have been recorded as nearly 67%. The Web sites that does not secure session cookies is approximately 50%. About 30% of the Websites secure their communications, for sending sensitive information of users. Hence, a study on mitigation of attacks is compelling. SQL injection targets interactive Internet services that employ database and aims to exploit vulnerability occurring at database layer in the three-tier architecture. This paper proposes a solution to detect and prevent SQL injection attacks using a model which is inspired from the concept of generic decryption. Results obtained confirm the extraordinary performance of the proposed scheme against the existing prevention techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jespersen MS, Hargreaves FP (2012) Malicious software. University of Southern Denmark, Denmark
Radhika N, Vanitha A (2014) Multidimensional analysis of SQL injection attacks in web applications. Int J Innovative Sci Eng Technol 1(3)
Buehrer G, Weide, BW, Sivilotti PA (2005) Using parse tree validation to prevent SQL injection attacks. SEM
Kosuga Y, Kono K, Hanaoka M, Hishiyama M, Takahama Y (2007) Sania: syntactic and semantic analysis for automated testing against SQL injection. In: 23rd annual computer security applications conference, IEEE Computer Society, pp 107–117
Common Vulnerability and Exposures, http://www.cve.com
Jovanovic N, Kruegel C, Kirda E. (2006). Precise alias analysis for static detection of web application vulnerabilities. In: Proceedings of the 2006 workshop on programming languages and analysis for security
Fonseca J, Vieira M, Madeira H (2007). Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim international symposium on dependable computing (PRDC 2007)
McClure RA, Kruger IH (2005) SQL DOM: compile time checking of dynamic SQL statements. in software engineering, 2005. In: Proceedings. 27th International Conference on ICSE 2005
Bulusu P, Shahriar H, Haddad HM (2015) Classification of lightweight directory access protocol query injection attacks and mitigation techniques. In: 2015 international conference on collaboration technologies and systems (CTS), IEEE
Harini N, Padmanaban TR (2016) 3CAuth: a new scheme for enhancing security. Int J Netw Secure 18(1):143–150
Pearson III E, Bethel CL (2016) A design review: concepts for mitigating SQL injection attacks. Little Rock, AR
Wang X, Wang L, Wei G, Zhang D, Yang Y (2015) Hidden web crawling for SQL injection detection. Beging, China
Raghavan S, Garcia-Molina H (2001) Crawling the hidden web. In: Proceedings of 27th international conference on very large data bases. Morgan Kaufmann, Roma, Italy
Bergman MK (2000) The deep web: Surfacing hidden value. Technical report. BrightPlanet LLC, Dubai
Fonseca J, Vieira M, Madeira H (2009) Vulnerability & attack injection for web applications. In: IEEE/IFIP international conference on dependable systems & networks, 2009. DSN’09. IEEE
Fonseca J, Vieira M, Madeira H (2014) Evaluation of web security mechanisms using vulnerability & attack injection
Available: https://en.wikipedia.org/wiki/View_(SQL)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Archana Devi, R., Hari Siva Rami Reddy, D., Akshay Kumar, T., Sriraj, P., Sankar, P., Harini, N. (2021). Prevention and Detection of SQL Injection Attacks Using Generic Decryption. In: Tripathy, A., Sarkar, M., Sahoo, J., Li, KC., Chinara, S. (eds) Advances in Distributed Computing and Machine Learning. Lecture Notes in Networks and Systems, vol 127. Springer, Singapore. https://doi.org/10.1007/978-981-15-4218-3_16
Download citation
DOI: https://doi.org/10.1007/978-981-15-4218-3_16
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-4217-6
Online ISBN: 978-981-15-4218-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)