一种利用Knuth-Morris-Pratt字符串匹配算法防止SQL注入和跨站脚本攻击的新技术

IF 2.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS EURASIP Journal on Information Security Pub Date : 2020-08-18 DOI:10.1186/s13635-020-00113-y
Oluwakemi Christiana Abikoye, Abdullahi Abubakar, Ahmed Haruna Dokoro, Oluwatobi Noah Akande, Aderonke Anthonia Kayode
{"title":"一种利用Knuth-Morris-Pratt字符串匹配算法防止SQL注入和跨站脚本攻击的新技术","authors":"Oluwakemi Christiana Abikoye, Abdullahi Abubakar, Ahmed Haruna Dokoro, Oluwatobi Noah Akande, Aderonke Anthonia Kayode","doi":"10.1186/s13635-020-00113-y","DOIUrl":null,"url":null,"abstract":"Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"19 3-4 1","pages":""},"PeriodicalIF":2.5000,"publicationDate":"2020-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm\",\"authors\":\"Oluwakemi Christiana Abikoye, Abdullahi Abubakar, Ahmed Haruna Dokoro, Oluwatobi Noah Akande, Aderonke Anthonia Kayode\",\"doi\":\"10.1186/s13635-020-00113-y\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks\",\"PeriodicalId\":46070,\"journal\":{\"name\":\"EURASIP Journal on Information Security\",\"volume\":\"19 3-4 1\",\"pages\":\"\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2020-08-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EURASIP Journal on Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1186/s13635-020-00113-y\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EURASIP Journal on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s13635-020-00113-y","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 24

摘要

结构化查询语言(SQL)注入和跨站点脚本仍然是数据驱动的web应用程序的主要威胁。黑客可以不受限制地访问web应用程序的后端数据库,从而窃取、编辑和破坏机密数据的情况越来越多。因此,必须采取适当的措施来减少与日俱增的SQL注入和XSS攻击的威胁。本研究提出了一种使用Knuth-Morris-Pratt (KMP)字符串匹配算法检测和预防这些威胁的技术。该算法将用户输入的字符串与存储的注入字符串模式进行匹配,从而检测出恶意代码。使用PHP脚本语言和Apache XAMPP服务器实现。使用SQL注入、跨站点脚本(XSS)和编码注入攻击的不同测试用例测量了该技术的安全级别。结果表明,该技术能够成功地检测和阻止攻击,将攻击条目记录在数据库中,并使用其mac地址阻止系统,并生成警告消息。因此,所提出的技术在检测和防止SQL注入和XSS攻击方面更为有效
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm
Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
EURASIP Journal on Information Security
EURASIP Journal on Information Security COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
8.80
自引率
0.00%
发文量
6
审稿时长
13 weeks
期刊介绍: The overall goal of the EURASIP Journal on Information Security, sponsored by the European Association for Signal Processing (EURASIP), is to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. Topics relevant to the journal include, but are not limited to: • Multimedia security primitives (such digital watermarking, perceptual hashing, multimedia authentictaion) • Steganography and Steganalysis • Fingerprinting and traitor tracing • Joint signal processing and encryption, signal processing in the encrypted domain, applied cryptography • Biometrics (fusion, multimodal biometrics, protocols, security issues) • Digital forensics • Multimedia signal processing approaches tailored towards adversarial environments • Machine learning in adversarial environments • Digital Rights Management • Network security (such as physical layer security, intrusion detection) • Hardware security, Physical Unclonable Functions • Privacy-Enhancing Technologies for multimedia data • Private data analysis, security in outsourced computations, cloud privacy
期刊最新文献
Access control for trusted data sharing DQ-NN and phantom routing for enhanced source location privacy for IoT under multiple source and destination Trajectory-aware privacy-preserving method with local differential privacy in crowdsourcing Enhancing internet of things security using entropy-informed RF-DNA fingerprint learning from Gabor-based images Cover-source mismatch in steganalysis: systematic review
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1