Skip to Main content Skip to Navigation
Conference papers

Hybrid Approach to Detect SQLi Attacks and Evasion Techniques

Abstract : —Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules.
Complete list of metadatas

Cited literature [10 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01138604
Contributor : Abdelhamid Makiou <>
Submitted on : Thursday, April 2, 2015 - 12:05:20 PM
Last modification on : Friday, July 31, 2020 - 10:44:08 AM
Long-term archiving on: : Friday, July 3, 2015 - 10:26:42 AM

File

Hybrid SQLi_Clo2014_Short_Pape...
Files produced by the author(s)

Identifiers

Collections

Citation

Abdelhamid Makiou, Youcef Begriche, Ahmed Serhrouchni. Hybrid Approach to Detect SQLi Attacks and Evasion Techniques. Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014, Oct 2014, Miami, United States. pp.452-456, ⟨10.4108/icst.collaboratecom.2014.257568⟩. ⟨hal-01138604⟩

Share

Metrics

Record views

348

Files downloads

1230