Runtime Monitoring Framework for SQL Injection Attacks

Ramya Dharam, Sajjan G. Shiva
2014 International Journal of Engineering and Technology  
The increasing use of web applications to provide reliable online services, such as banking, shopping, etc., and to store sensitive user data has made them vulnerable to attacks that target them. In particular, SQL injection, which allows attackers to gain unauthorized access to the database by injecting specially crafted input strings, is one of the most serious threats to web applications. Although researchers and practitioners have proposed various methods to address the SQL injection
more » ... , organizations continue to be its victim, as attackers are successfully able to circumvent the employed techniques. In this paper, we present and evaluate Runtime Monitoring Framework to detect and prevent SQL Injection Attacks on web applications. At its core, the framework leverages the knowledge gained from pre-deployment testing of web applications to identify valid/legal execution paths. Monitors are then developed and instrumented to observe the application's behavior and check it for compliance with the valid/legal execution paths obtained; any deviation in the application's behavior is identified as a possible SQL Injection Attack. We conducted an extensive evaluation of the framework by targeting subject applications with a large number of both legitimate and malicious inputs, and assessed its ability to detect and prevent SQL Injection Attacks. The framework successfully allowed all the legitimate inputs to access the database without generating any false positives, and was able to effectively detect and prevent attacks without generating any false negatives. Moreover, the framework imposed a low runtime overhead on the subject applications compared to other techniques.
doi:10.7763/ijet.2014.v6.731 fatcat:kyorw26dgvf3jgrk6v34jbs76i