Intrusion Detection Systems for Mitigating SQL Injection Attacks

2020 ◽  
Vol 14 (2) ◽  
pp. 20-40 ◽  
Author(s):  
Rui Filipe Silva ◽  
Raul Barbosa ◽  
Jorge Bernardino
Keyword(s):  
Intrusion Detection ◽  
The State ◽  
Intrusion Detection Systems ◽  
Sql Injection ◽  
Detection Systems ◽  
Injection Attacks ◽  
Security Infrastructure ◽  
State Of Practice ◽  
Sql Injection Attacks ◽  
Database Protection

Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.

Host–Based Intrusion Detection Systems

2014 ◽  
pp. 184-213
Author(s):  
Vít Bukač ◽  
Vashek Matyáš
Keyword(s):  
Intrusion Detection ◽  
Detection Method ◽  
State Of The Art ◽  
Research Trends ◽  
The State ◽  
Intrusion Detection Systems ◽  
Future Directions ◽  
Detection Systems ◽  
Research Findings ◽  
Art Research

In this chapter, the reader explores both the founding ideas and the state-of-the-art research on host-based intrusion detection systems. HIDSs are categorized by their intrusion detection method. Each category is thoroughly investigated, and its limitations and benefits are discussed. Seminal research findings and ideas are presented and supplied with comments. Separate sections are devoted to the protection against tampering and to the HIDS evasion techniques that are employed by attackers. Existing research trends are highlighted, and possible future directions are suggested.

scholarly journals Analysis of the defending possibilities against SQL Injection attacks

2019 ◽  
Vol 13 ◽  
pp. 339-344
Author(s):  
Chrystian Byzdra ◽  
Grzegorz Kozieł
Keyword(s):  
Sensitive Data ◽  
Sql Injection ◽  
Injection Attacks ◽  
Simulation Results ◽  
Effectiveness And Efficiency ◽  
Sql Injection Attacks ◽  
Database Protection

The article describes various protection methods of database and types of SQL Injection attacks. These are extremely dangerous attacks because they threaten the confidentiality of sensitive data. In order to analyze in detail protection methods and methods of attacks, simulations of attacks and defence were performed in the following languages: C #, PHP, Java. Based on the simulation results for particular languages, the effectiveness and efficiency of database protection methods were compared.

Disadvantages of Modern Intrusion Detection Systems

2006 ◽  
Vol 65 (10) ◽  
pp. 929-936
Author(s):  
A. V. Agranovskiy ◽  
S. A. Repalov ◽  
R. A. Khadi ◽  
M. B. Yakubets
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Detection Systems
Sign in / Sign up

Export Citation Format

Share Document