10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Research Article

Hybrid Approach to Detect SQLi Attacks and Evasion Techniques

Download695 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2014.257568,
        author={Abdelhamid MAKIOU and Youcef BEGRICHE and Ahmed SERHROUCHNI},
        title={Hybrid Approach to Detect SQLi Attacks and Evasion Techniques},
        proceedings={10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2014},
        month={11},
        keywords={sql injection web application firewall http dissection machine learning security rules},
        doi={10.4108/icst.collaboratecom.2014.257568}
    }
    
  • Abdelhamid MAKIOU
    Youcef BEGRICHE
    Ahmed SERHROUCHNI
    Year: 2014
    Hybrid Approach to Detect SQLi Attacks and Evasion Techniques
    COLLABORATECOM
    IEEE
    DOI: 10.4108/icst.collaboratecom.2014.257568
Abdelhamid MAKIOU1,*, Youcef BEGRICHE2, Ahmed SERHROUCHNI1
  • 1: Télécom ParisTech
  • 2: IEEE
*Contact email: abdelhamid.makiou@telecom-paristech.fr

Abstract

Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF’s rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention ystem (HIPS) which uses both a machine learning lassifier and a pattern matching inspection engine based on reduced sets of security rules.