New approach to detect and prevent SQL injection attacks
مقدم أطروحة جامعية
مشرف أطروحة جامعية
أعضاء اللجنة
Ujan, Arafat
Umar, Khamis
al-Sakran, Hasan
الجامعة
جامعة الأميرة سمية للتكنولوجيا
الكلية
كلية الملك الحسين لعلوم الحوسبة
القسم الأكاديمي
قسم علم الحاسوب
دولة الجامعة
الأردن
الدرجة العلمية
ماجستير
تاريخ الدرجة العلمية
2013
الملخص الإنجليزي
SQL injection is type of attacks used to gain, manipulate, or delete the information of any data-driven system whether this system is online or offline and whether this system is a web or non-web-based, and it distinguished by the multiplicity of its performing methods, so defense techniques could not detect or prevent all these methods.
The main objective of this thesis is to create a reliable and accurate technique thatsecure any system from being exploited bySQL injection attacks.
This techniquecombined the static and runtime SQL queries analysis to create a defense technique that can detect and prevent various types of SQL injection attack. The major criteria that make this technique more effective than others is that it has to be deployed in the data tier, that makes it more accurate and effective than the techniques which use the logic tier to apply their defense methods.
The suggested technique depends on tracking behaviors of the SQL queries execution process and compare them with prepared behaviors database to detect the changes that executions have made and then make decisions if there areSQL injection attaks or not and prevent them if shown that they are existed.
To evaluate this suggested approach, a large set of SQL queries have been executed through a simulation that has been developed to simulate our proposed system, and the results indicates that the suggested technique is reliable and more effective in capturing more SQL injection types compared to other SQL injection detection methods.
The simulation has been tested with 250 different SQL queries, 150 of them are injected by SQLIA, and the simulation process results that all the injected queries have been completely detected and prevented.
التخصصات الرئيسية
تكنولوجيا المعلومات وعلم الحاسوب
الموضوعات
عدد الصفحات
102
قائمة المحتويات
Table of contents.
Abstract.
Chapter One : Introduction.
Chapter Two : SQL injection attack.
Chapter Three : Literature review.
Chapter Four : The suggested approach.
Chapter Five : Evaluation and discussion.
Chapter Six : Conclusion and future work.
References.
نمط استشهاد جمعية علماء النفس الأمريكية (APA)
Qaralleh, Amir Jibril. (2013). New approach to detect and prevent SQL injection attacks. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-413850
نمط استشهاد الجمعية الأمريكية للغات الحديثة (MLA)
Qaralleh, Amir Jibril. New approach to detect and prevent SQL injection attacks. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology. (2013).
https://search.emarefa.net/detail/BIM-413850
نمط استشهاد الجمعية الطبية الأمريكية (AMA)
Qaralleh, Amir Jibril. (2013). New approach to detect and prevent SQL injection attacks. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-413850
لغة النص
الإنجليزية
نوع البيانات
رسائل جامعية
رقم السجل
BIM-413850
قاعدة معامل التأثير والاستشهادات المرجعية العربي "ارسيف Arcif"
أضخم قاعدة بيانات عربية للاستشهادات المرجعية للمجلات العلمية المحكمة الصادرة في العالم العربي
تقوم هذه الخدمة بالتحقق من التشابه أو الانتحال في الأبحاث والمقالات العلمية والأطروحات الجامعية والكتب والأبحاث باللغة العربية، وتحديد درجة التشابه أو أصالة الأعمال البحثية وحماية ملكيتها الفكرية. تعرف اكثر