• DocumentCode
    3308109
  • Title

    A Weight-Based Symptom Correlation Approach to SQL Injection Attacks

  • Author

    Ficco, Massimo ; Coppolino, Luigi ; Romano, Luigi

  • Author_Institution
    Lab. ITeM "C. Savy", Consorzio Interuniversitario Naz. per l\´\´lnformatica (CINI), Naples, Italy
  • fYear
    2009
  • fDate
    1-4 Sept. 2009
  • Firstpage
    9
  • Lastpage
    16
  • Abstract
    Web applications are vulnerable to a variety of new security threats. SQL injection attacks (SQLIAs) are one of the most significant of such threats. Researchers have proposed a wide variety of anomaly detection techniques to address SQLIAs, but all existing solutions have limitations in terms of effectiveness and practicality. %In particular, We claim that the main cause of such limitations is reliance on a single detection model and/or on information generated by a single source. Correlation of information from diverse sources has been proven to be an effective approach for improving detection performance, i.e. reducing both the rate of false positives and the percentage of undetected intrusions. In order to do so, we collect symptoms of attacks against web-based applications at different architectural layers, and correlate them via a systematic approach that applies a number of different anomaly detection models to combine data from multiple feeds, which are located in different locations within the system, and convey information which is diverse in nature. Preliminary experimental results show that, by rearranging alerts based on knowledge about the ability of individual security probes of spotting a specific malicious action, the proposed approach does indeed reduce false positives rates and increase the detection coverage.
  • Keywords
    security of data; Web applications; false positives; individual security probes; security threats; single detection model; specific malicious action; symptom correlation approach; undetected intrusions; weight-based symptom correlation approach; Cryptography; Data security; Encapsulation; Encoding; Feeds; Information resources; Information security; Intrusion detection; Laboratories; Probes; Anomaly Detection; Correlation; Information Diversity; Intrusion Detection; SQL Injection Attacks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable Computing, 2009. LADC '09. Fourth Latin-American Symposium on
  • Conference_Location
    Joao Pessoa
  • Print_ISBN
    978-1-4244-4678-0
  • Electronic_ISBN
    978-0-7695-3760-3
  • Type

    conf

  • DOI
    10.1109/LADC.2009.14
  • Filename
    5234325