Equipe Cybersecurity for Communication and Networking collection |
 |
Conference papers
Hybrid Approach to Detect SQLi Attacks and Evasion Techniques
Abstract : —Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules.
Cited literature [10 references]
https://hal.archives-ouvertes.fr/hal-01138604
Contributor : Abdelhamid Makiou <>
Submitted on : Thursday, April 2, 2015 - 12:05:20 PM
Last modification on : Friday, July 31, 2020 - 10:44:08 AM
Long-term archiving on: : Friday, July 3, 2015 - 10:26:42 AM
Contributor : Abdelhamid Makiou <>
Submitted on : Thursday, April 2, 2015 - 12:05:20 PM
Last modification on : Friday, July 31, 2020 - 10:44:08 AM
Long-term archiving on: : Friday, July 3, 2015 - 10:26:42 AM
File
Hybrid SQLi_Clo2014_Short_Pape...
Files produced by the author(s)