Abstract—The increasing use of web applications to provide
reliable online services, such as banking, shopping, etc., and to
store sensitive user data has made them vulnerable to attacks
that target them. In particular, SQL injection, which allows
attackers to gain unauthorized access to the database by
injecting specially crafted input strings, is one of the most
serious threats to web applications. Although researchers and
practitioners have proposed various methods to address the
SQL injection problem, organizations continue to be its victim,
as attackers are successfully able to circumvent the employed
techniques. In this paper, we present and evaluate Runtime
Monitoring Framework to detect and prevent SQL Injection
Attacks on web applications. At its core, the framework
leverages the knowledge gained from pre-deployment testing of
web applications to identify valid/legal execution paths.
Monitors are then developed and instrumented to observe the
application’s behavior and check it for compliance with the
valid/legal execution paths obtained; any deviation in the
application’s behavior is identified as a possible SQL Injection
Attack. We conducted an extensive evaluation of the framework
by targeting subject applications with a large number of both
legitimate and malicious inputs, and assessed its ability to detect
and prevent SQL Injection Attacks. The framework successfully
allowed all the legitimate inputs to access the database without
generating any false positives, and was able to effectively detect
and prevent attacks without generating any false negatives.
Moreover, the framework imposed a low runtime overhead on
the subject applications compared to other techniques.
Index Terms—The increasing use of web applications to provide
reliable online services, such as banking, shopping, etc., and to
store sensitive user data has made them vulnerable to attacks
that target them. In particular, SQL injection, which allows
attackers to gain unauthorized access to the database by
injecting specially crafted input strings, is one of the most
serious threats to web applications. Although researchers and
practitioners have proposed various methods to address the
SQL injection problem, organizations continue to be its victim,
as attackers are successfully able to circumvent the employed
techniques. In this paper, we present and evaluate Runtime
Monitoring Framework to detect and prevent SQL Injection
Attacks on web applications. At its core, the framework
leverages the knowledge gained from pre-deployment testing of
web applications to identify valid/legal execution paths.
Monitors are then developed and instrumented to observe the
application’s behavior and check it for compliance with the
valid/legal execution paths obtained; any deviation in the
application’s behavior is identified as a possible SQL Injection
Attack. We conducted an extensive evaluation of the framework
by targeting subject applications with a large number of both
legitimate and malicious inputs, and assessed its ability to detect
and prevent SQL Injection Attacks. The framework successfully
allowed all the legitimate inputs to access the database without
generating any false positives, and was able to effectively detect
and prevent attacks without generating any false negatives.
Moreover, the framework imposed a low runtime overhead on
the subject applications compared to other techniques.
The authors are with the Department of Computer Science, University of
Memphis, Memphis, TN 38152 USA (e-mail: rdharam@memphis.edu,
sshiva@memphis.edu).
[PDF]
Cite: Ramya Dharam and Sajjan G. Shiva, "Runtime Monitoring Framework for SQL Injection
Attacks," International Journal of Engineering and Technology vol. 6, no. 5, pp. 392-401, 2014.