Article

Obfuscation-based analysis of SQL injection attacks

Authors:

Raju Halder,

Agostino CortesiAuthors Info & Claims

ISCC '10: Proceedings of the The IEEE symposium on Computers and Communications

Pages 931 - 938

https://doi.org/10.1109/ISCC.2010.5546750

Published: 22 June 2010 Publication History

Publisher Site

Abstract

In this paper, we propose an obfuscation/ deobfuscation based technique to detect the presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a DBMS. This technique combines static and dynamic analysis. In the static phase, the queries in the application are replaced by queries in obfuscated form. The main idea behind obfuscation is to isolate all the atomic formulas from other control elements of the query. During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas, and the dynamic verifier analysis the presence of possible SQLIA at atomic formula level. Finally, a deobfuscation step is performed to recover the original query before submitting it to the DBMS.

Cited By

View all

Shen JRinard M(2021)Active Learning for Inference and Regeneration of Applications that Access DatabasesACM Transactions on Programming Languages and Systems10.1145/343095242:4(1-119)Online publication date: 22-Jan-2021
https://dl.acm.org/doi/10.1145/3430952
Shen JRinard MMcKinley KFisher K(2019)Using active learning to synthesize models of applications that access databasesProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314591(269-285)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314591
Perkins JEikenberry JCoglio AWillenson DSidiroglou-Douskos SRinard M(2016)AutoRandProceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 972110.1007/978-3-319-40667-1_3(37-57)Online publication date: 7-Jul-2016
https://dl.acm.org/doi/10.1007/978-3-319-40667-1_3
Show More Cited By

Index Terms

Obfuscation-based analysis of SQL injection attacks
1. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Database query processing and optimization (theory)

Index terms have been assigned to the content through auto-classification.

Recommendations

High-Interaction Honeypot System for SQL Injection Analysis
ICM '11: Proceedings of the 2011 International Conference of Information Technology, Computer Engineering and Management Sciences - Volume 03

In order to solve the problems that IDSs and firewalls cannot efficiently detect new SQL injection and too much time is wasted when the security personnel reads log files to analyze attacks, we proposed and implemented a high-interaction web honey pot ...
Testing Snort with SQL Injection Attacks
C3S2E '16: Proceedings of the Ninth International C* Conference on Computer Science & Software Engineering

Currently, information security is a significant challenge in the information era because businesses store critical information in databases. Therefore, databases need to be a secure component of an enterprise. Organizations use Intrusion Detection ...
Obfuscation: The Hidden Malware

A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ISCC '10: Proceedings of the The IEEE symposium on Computers and Communications

June 2010

1227 pages

ISBN:9781424477548

Publisher

IEEE Computer Society

United States

Publication History

Published: 22 June 2010

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Shen JRinard M(2021)Active Learning for Inference and Regeneration of Applications that Access DatabasesACM Transactions on Programming Languages and Systems10.1145/343095242:4(1-119)Online publication date: 22-Jan-2021
https://dl.acm.org/doi/10.1145/3430952
Shen JRinard MMcKinley KFisher K(2019)Using active learning to synthesize models of applications that access databasesProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314591(269-285)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314591
Perkins JEikenberry JCoglio AWillenson DSidiroglou-Douskos SRinard M(2016)AutoRandProceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 972110.1007/978-3-319-40667-1_3(37-57)Online publication date: 7-Jul-2016
https://dl.acm.org/doi/10.1007/978-3-319-40667-1_3
Costantini GFerrara PCortesi A(2015)A suite of abstract domains for static analysis of string valuesSoftware—Practice & Experience10.1002/spe.221845:2(245-287)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.1002/spe.2218
Halder RCortesi AShin SMaldonado J(2013)Abstract program slicing of database query languagesProceedings of the 28th Annual ACM Symposium on Applied Computing10.1145/2480362.2480524(838-845)Online publication date: 18-Mar-2013
https://dl.acm.org/doi/10.1145/2480362.2480524
Costantini GFerrara PCortesi A(2011)Static analysis of string valuesProceedings of the 13th international conference on Formal methods and software engineering10.5555/2075089.2075132(505-521)Online publication date: 26-Oct-2011
https://dl.acm.org/doi/10.5555/2075089.2075132

Abstract

Cited By

Index Terms

Recommendations

High-Interaction Honeypot System for SQL Injection Analysis

Testing Snort with SQL Injection Attacks

Obfuscation: The Hidden Malware

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations