• May 03, 2016 News! Vol.7, No.5 has been indexed by EI(Inspec)!   [Click]
  • May 03, 2016 News! Vol.7, No.4 has been indexed by EI(Inspec)!   [Click]
  • May 03, 2016 News! Vol.7, No.3 has been indexed by EI(Inspec)!   [Click]
General Information
Editor-in-chief
Prof. T. Hikmet Karakoc
Anadolu University, Faculty of Aeronautics and Astronautics, Turkey

IJET 2014 Vol.6(5): 392-401 ISSN: 1793-8236
DOI: 10.7763/IJET.2014.V6.731

Runtime Monitoring Framework for SQL Injection Attacks

Ramya Dharam and Sajjan G. Shiva
Abstract—The increasing use of web applications to provide reliable online services, such as banking, shopping, etc., and to store sensitive user data has made them vulnerable to attacks that target them. In particular, SQL injection, which allows attackers to gain unauthorized access to the database by injecting specially crafted input strings, is one of the most serious threats to web applications. Although researchers and practitioners have proposed various methods to address the SQL injection problem, organizations continue to be its victim, as attackers are successfully able to circumvent the employed techniques. In this paper, we present and evaluate Runtime Monitoring Framework to detect and prevent SQL Injection Attacks on web applications. At its core, the framework leverages the knowledge gained from pre-deployment testing of web applications to identify valid/legal execution paths. Monitors are then developed and instrumented to observe the application’s behavior and check it for compliance with the valid/legal execution paths obtained; any deviation in the application’s behavior is identified as a possible SQL Injection Attack. We conducted an extensive evaluation of the framework by targeting subject applications with a large number of both legitimate and malicious inputs, and assessed its ability to detect and prevent SQL Injection Attacks. The framework successfully allowed all the legitimate inputs to access the database without generating any false positives, and was able to effectively detect and prevent attacks without generating any false negatives. Moreover, the framework imposed a low runtime overhead on the subject applications compared to other techniques.

Index Terms—The increasing use of web applications to provide reliable online services, such as banking, shopping, etc., and to store sensitive user data has made them vulnerable to attacks that target them. In particular, SQL injection, which allows attackers to gain unauthorized access to the database by injecting specially crafted input strings, is one of the most serious threats to web applications. Although researchers and practitioners have proposed various methods to address the SQL injection problem, organizations continue to be its victim, as attackers are successfully able to circumvent the employed techniques. In this paper, we present and evaluate Runtime Monitoring Framework to detect and prevent SQL Injection Attacks on web applications. At its core, the framework leverages the knowledge gained from pre-deployment testing of web applications to identify valid/legal execution paths. Monitors are then developed and instrumented to observe the application’s behavior and check it for compliance with the valid/legal execution paths obtained; any deviation in the application’s behavior is identified as a possible SQL Injection Attack. We conducted an extensive evaluation of the framework by targeting subject applications with a large number of both legitimate and malicious inputs, and assessed its ability to detect and prevent SQL Injection Attacks. The framework successfully allowed all the legitimate inputs to access the database without generating any false positives, and was able to effectively detect and prevent attacks without generating any false negatives. Moreover, the framework imposed a low runtime overhead on the subject applications compared to other techniques.

The authors are with the Department of Computer Science, University of Memphis, Memphis, TN 38152 USA (e-mail: rdharam@memphis.edu, sshiva@memphis.edu).

[PDF]

Cite: Ramya Dharam and Sajjan G. Shiva, "Runtime Monitoring Framework for SQL Injection Attacks," International Journal of Engineering and Technology vol. 6, no. 5, pp. 392-401, 2014.

Copyright © 2008-2015. International Journal of Engineering and Technology. All rights reserved. 
E-mail: ijet@vip.163.com