New approach to detect and prevent SQL injection attacks
Dissertant
Thesis advisor
Comitee Members
Ujan, Arafat
Umar, Khamis
al-Sakran, Hasan
University
Princess Sumaya University for Technology
Faculty
King Hussein Faculty for Computing Sciences
Department
Department of Computer Sciences
University Country
Jordan
Degree
Master
Degree Date
2013
English Abstract
SQL injection is type of attacks used to gain, manipulate, or delete the information of any data-driven system whether this system is online or offline and whether this system is a web or non-web-based, and it distinguished by the multiplicity of its performing methods, so defense techniques could not detect or prevent all these methods.
The main objective of this thesis is to create a reliable and accurate technique thatsecure any system from being exploited bySQL injection attacks.
This techniquecombined the static and runtime SQL queries analysis to create a defense technique that can detect and prevent various types of SQL injection attack. The major criteria that make this technique more effective than others is that it has to be deployed in the data tier, that makes it more accurate and effective than the techniques which use the logic tier to apply their defense methods.
The suggested technique depends on tracking behaviors of the SQL queries execution process and compare them with prepared behaviors database to detect the changes that executions have made and then make decisions if there areSQL injection attaks or not and prevent them if shown that they are existed.
To evaluate this suggested approach, a large set of SQL queries have been executed through a simulation that has been developed to simulate our proposed system, and the results indicates that the suggested technique is reliable and more effective in capturing more SQL injection types compared to other SQL injection detection methods.
The simulation has been tested with 250 different SQL queries, 150 of them are injected by SQLIA, and the simulation process results that all the injected queries have been completely detected and prevented.
Main Subjects
Information Technology and Computer Science
Topics
No. of Pages
102
Table of Contents
Table of contents.
Abstract.
Chapter One : Introduction.
Chapter Two : SQL injection attack.
Chapter Three : Literature review.
Chapter Four : The suggested approach.
Chapter Five : Evaluation and discussion.
Chapter Six : Conclusion and future work.
References.
American Psychological Association (APA)
Qaralleh, Amir Jibril. (2013). New approach to detect and prevent SQL injection attacks. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-413850
Modern Language Association (MLA)
Qaralleh, Amir Jibril. New approach to detect and prevent SQL injection attacks. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology. (2013).
https://search.emarefa.net/detail/BIM-413850
American Medical Association (AMA)
Qaralleh, Amir Jibril. (2013). New approach to detect and prevent SQL injection attacks. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-413850
Language
English
Data Type
Arab Theses
Record ID
BIM-413850
