改进Web应用防火墙以检测高级SQL注入攻击

2014 10th International Conference on Information Assurance and Security Pub Date : 2014-11-01 DOI:10.1109/ISIAS.2014.7064617

Abdelhamid Makiou, Y. Begriche, A. Serhrouchni

{"title":"改进Web应用防火墙以检测高级SQL注入攻击","authors":"Abdelhamid Makiou, Y. Begriche, A. Serhrouchni","doi":"10.1109/ISIAS.2014.7064617","DOIUrl":null,"url":null,"abstract":"Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules. Our Web Application Firewall architecture aims to optimize detection performances by using a prediction module that excludes legitimate requests from the inspection process.","PeriodicalId":146781,"journal":{"name":"2014 10th International Conference on Information Assurance and Security","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":"{\"title\":\"Improving Web Application Firewalls to detect advanced SQL injection attacks\",\"authors\":\"Abdelhamid Makiou, Y. Begriche, A. Serhrouchni\",\"doi\":\"10.1109/ISIAS.2014.7064617\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules. Our Web Application Firewall architecture aims to optimize detection performances by using a prediction module that excludes legitimate requests from the inspection process.\",\"PeriodicalId\":146781,\"journal\":{\"name\":\"2014 10th International Conference on Information Assurance and Security\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"39\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 10th International Conference on Information Assurance and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISIAS.2014.7064617\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 10th International Conference on Information Assurance and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISIAS.2014.7064617","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 39

摘要

注入漏洞(包括SQL注入)是影响Web应用程序的最普遍的安全威胁[1]。为了减轻这些攻击，Web应用防火墙(waf)应用安全规则来检查HTTP数据流和检测恶意HTTP事务。然而，攻击者可以通过使用复杂的SQL注入技术绕过WAF的规则。在本文中，我们介绍了一种新的方法来剖析HTTP流量和检测复杂的SQL注入攻击。我们的模型是一个混合注入预防系统(HIPS)，它使用机器学习分类器和基于简化安全规则集的模式匹配检查引擎。我们的Web应用防火墙架构旨在通过使用一个预测模块来优化检测性能，该模块将合法请求排除在检查过程之外。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Improving Web Application Firewalls to detect advanced SQL injection attacks

Injections flaws which include SQL injection are the most prevalent security threats affecting Web applications[1]. To mitigate these attacks, Web Application Firewalls (WAFs) apply security rules in order to both inspect HTTP data streams and detect malicious HTTP transactions. Nevertheless, attackers can bypass WAF's rules by using sophisticated SQL injection techniques. In this paper, we introduce a novel approach to dissect the HTTP traffic and inspect complex SQL injection attacks. Our model is a hybrid Injection Prevention System (HIPS) which uses both a machine learning classifier and a pattern matching inspection engine based on reduced sets of security rules. Our Web Application Firewall architecture aims to optimize detection performances by using a prediction module that excludes legitimate requests from the inspection process.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 10th International Conference on Information Assurance and Security

自引率

0.00%

发文量