Suscripción a Biblioteca: Guest
Portal Digitalde Biblioteca Digital eLibros Revistas Referencias y Libros de Ponencias Colecciones
Journal of Automation and Information Sciences
SJR: 0.232 SNIP: 0.464 CiteScore™: 0.27

ISSN Imprimir: 1064-2315
ISSN En Línea: 2163-9337

Volumes:
Volumen 51, 2019 Volumen 50, 2018 Volumen 49, 2017 Volumen 48, 2016 Volumen 47, 2015 Volumen 46, 2014 Volumen 45, 2013 Volumen 44, 2012 Volumen 43, 2011 Volumen 42, 2010 Volumen 41, 2009 Volumen 40, 2008 Volumen 39, 2007 Volumen 38, 2006 Volumen 37, 2005 Volumen 36, 2004 Volumen 35, 2003 Volumen 34, 2002 Volumen 33, 2001 Volumen 32, 2000 Volumen 31, 1999 Volumen 30, 1998 Volumen 29, 1997 Volumen 28, 1996

Journal of Automation and Information Sciences

DOI: 10.1615/JAutomatInfScien.v51.i7.40
pages 47-54

Automatic Vulnerability Detection Algorithm for the SQL-Injection

Askar T. Rakhmanov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan
Rustam Kh. Khamdamov
Scientific Innovation Center of Information and Communication Technologies of Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan
Komil F. Kerimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan
Shukhrat K. Kamalov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan

SINOPSIS

Attacks to web applications are a relatively new type of attack. If the web application does not filter incoming parameters properly, then attackers can get the opportunity to falsify the database using the form on the web page or by changing other incoming data. Mathematical modeling and identification of information objects play an important role in solving problems of pattern recognition. One of these tasks is to detect attacks or normal requests for web applications. Studies on the detection of attacks or normal requests for web applications began relatively recently. Nevertheless, there is a lot of research in this direction. Attack of the SQL-injection is a common way of hacking web applications that have a database. Our paper proposes a mathematical method for identifying SQL-injection attacks using a function bounded below that depends on the input string. To build such function, we used special characters and key words that are often found in the construction of attacks by intruders. In our proposed method, we can detect SQL-injection attacks using a single character. Nevertheless, we experimentally have shown that the proposed detection method using a set of numerous symbols allows us to determine the vulnerability of the SQL-injection type more accurately. In the proposed method, we created a character set that combines both attack and normal detections, and the previously known threshold, using the approximate data of the attackers and normal strings. According to experiments with artificial data, the set contains a space, semicolon and right bracket that are most suitable for detecting an attack or normal request.

REFERENCIAS

  1. KerimovK.F., Model for identifying vulnerabilities to information security in electronic resources, Perspektivy razvitiya tekhniki i tekhnologii i dostizheniya gorno-metallurgicheskoy otrasli za gody nezavisimosti Respubliki Uzbekistan: Tezisy dokladov Respublikanskoy nauchnoy konferentsii, May 12-14, Navoi, 2011, 339-340. .

  2. KozlovD.D., Petukhov A.A., Methods for detecting vulnerabilities in web applications, Programmnyye sistemy i instrumenty, 2006, No. 7, 156-166. .

  3. RyabkoD.M., An approach to testing the vulnerability of web applications from SQL-injection attacks, Problemy programmirovaniya, 2006, No. 2-3, 585-591. .

  4. KerimovK.F., Mukhsinov Sh.Sh., Ismatullaev S.O., Database firewall based on anomaly detection, Problemy informatiki i energetiki, 2016. No. 1, 89-95. .

  5. Opanasenko V.N., Kryvyi S.L., Synthesis of adaptive logical networks on the basis of Zhegalkin polynomials, Cybernetics and Systems Analysis, 2015, 51, No. 6, 969-977, DOI: 10.1007/sl0559-015-9790-1. .


Articles with similar content:

Method of Iterative Identification of Multidimensional Systems by Uncertain Data.
Part I. Theoretical Aspects

Journal of Automation and Information Sciences, Vol.38, 2006, issue 9
Vyacheslav F. Gubarev
A TECHNIQUE FOR MEASURING COORDINATES OF MOVABLE OBJECTS BY VIDEO PULSE RADARS
Telecommunications and Radio Engineering, Vol.77, 2018, issue 15
G. P. Pochanin, P. V. Kholod, S. A. Masalov, V. P. Ruban, Oleg Sytnik
Noise Radar Technology
Telecommunications and Radio Engineering, Vol.55, 2001, issue 12
K. A. Lukin
BAYESIAN NONPARAMETRIC GENERAL REGRESSION
International Journal for Uncertainty Quantification, Vol.6, 2016, issue 3
Gilberto A. Ortiz, Ka Veng Yuen
CORRECTION OF RADIOMETRIC DISTORTIONS IN IMAGES IN THE CASE OF SAR PROCESSING USING THE RANGE-DOPPLER ALGORITHM
Telecommunications and Radio Engineering, Vol.73, 2014, issue 2
Dmitry M. Vavriv, Ye. M. Gorovyi, O. O. Bezvesilniy