Publicou 12 edições por ano
ISSN Imprimir: 1064-2315
ISSN On-line: 2163-9337
Indexed in
Automatic Vulnerability Detection Algorithm for the SQL-Injection
Get access
RESUMO
Attacks to web applications are a relatively new type of attack. If the web application does not filter incoming parameters properly, then attackers can get the opportunity to falsify the database using the form on the web page or by changing other incoming data. Mathematical modeling and identification of information objects play an important role in solving problems of pattern recognition. One of these tasks is to detect attacks or normal requests for web applications. Studies on the detection of attacks or normal requests for web applications began relatively recently. Nevertheless, there is a lot of research in this direction. Attack of the SQL-injection is a common way of hacking web applications that have a database. Our paper proposes a mathematical method for identifying SQL-injection attacks using a function bounded below that depends on the input string. To build such function, we used special characters and key words that are often found in the construction of attacks by intruders. In our proposed method, we can detect SQL-injection attacks using a single character. Nevertheless, we experimentally have shown that the proposed detection method using a set of numerous symbols allows us to determine the vulnerability of the SQL-injection type more accurately. In the proposed method, we created a character set that combines both attack and normal detections, and the previously known threshold, using the approximate data of the attackers and normal strings. According to experiments with artificial data, the set contains a space, semicolon and right bracket that are most suitable for detecting an attack or normal request.
-
�K�e�r�i�m�o�v�K�.�F�.�,� �M�o�d�e�l� �f�o�r� �i�d�e�n�t�i�f�y�i�n�g� �v�u�l�n�e�r�a�b�i�l�i�t�i�e�s� �t�o� �i�n�f�o�r�m�a�t�i�o�n� �s�e�c�u�r�i�t�y� �i�n� �e�l�e�c�t�r�o�n�i�c� �r�e�s�o�u�r�c�e�s�,� �P�e�r�s�p�e�k�t�i�v�y� �r�a�z�v�i�t�i�y�a� �t�e�k�h�n�i�k�i� �i� �t�e�k�h�n�o�l�o�g�i�i� �i� �d�o�s�t�i�z�h�e�n�i�y�a� �g�o�r�n�o�-�m�e�t�a�l�l�u�r�g�i�c�h�e�s�k�o�y� �o�t�r�a�s�l�i� �z�a� �g�o�d�y� �n�e�z�a�v�i�s�i�m�o�s�t�i� �R�e�s�p�u�b�l�i�k�i� �U�z�b�e�k�i�s�t�a�n�:� �T�e�z�i�s�y� �d�o�k�l�a�d�o�v� �R�e�s�p�u�b�l�i�k�a�n�s�k�o�y� �n�a�u�c�h�n�o�y� �k�o�n�f�e�r�e�n�t�s�i�i�,� �M�a�y� �1�2�-�1�4�,� �N�a�v�o�i�,� �2�0�1�1�,� �3�3�9�-�3�4�0�.� �.
-
�K�o�z�l�o�v�D�.�D�.�,� �P�e�t�u�k�h�o�v� �A�.�A�.�,� �M�e�t�h�o�d�s� �f�o�r� �d�e�t�e�c�t�i�n�g� �v�u�l�n�e�r�a�b�i�l�i�t�i�e�s� �i�n� �w�e�b� �a�p�p�l�i�c�a�t�i�o�n�s�,� �P�r�o�g�r�a�m�m�n�y�y�e� �s�i�s�t�e�m�y� �i� �i�n�s�t�r�u�m�e�n�t�y�,� �2�0�0�6�,� �N�o�.� �7�,� �1�5�6�-�1�6�6�.� �.
-
�R�y�a�b�k�o�D�.�M�.�,� �A�n� �a�p�p�r�o�a�c�h� �t�o� �t�e�s�t�i�n�g� �t�h�e� �v�u�l�n�e�r�a�b�i�l�i�t�y� �o�f� �w�e�b� �a�p�p�l�i�c�a�t�i�o�n�s� �f�r�o�m� �S�Q�L�-�i�n�j�e�c�t�i�o�n� �a�t�t�a�c�k�s�,� �P�r�o�b�l�e�m�y� �p�r�o�g�r�a�m�m�i�r�o�v�a�n�i�y�a�,� �2�0�0�6�,� �N�o�.� �2�-�3�,� �5�8�5�-�5�9�1�.� �.
-
�K�e�r�i�m�o�v�K�.�F�.�,� �M�u�k�h�s�i�n�o�v� �S�h�.�S�h�.�,� �I�s�m�a�t�u�l�l�a�e�v� �S�.�O�.�,� �D�a�t�a�b�a�s�e� �f�i�r�e�w�a�l�l� �b�a�s�e�d� �o�n� �a�n�o�m�a�l�y� �d�e�t�e�c�t�i�o�n�,� �P�r�o�b�l�e�m�y� �i�n�f�o�r�m�a�t�i�k�i� �i� �e�n�e�r�g�e�t�i�k�i�,� �2�0�1�6�.� �N�o�.� �1�,� �8�9�-�9�5�.� �.
-
�O�p�a�n�a�s�e�n�k�o� �V�.�N�.�,� �K�r�y�v�y�i� �S�.�L�.�,� �S�y�n�t�h�e�s�i�s� �o�f� �a�d�a�p�t�i�v�e� �l�o�g�i�c�a�l� �n�e�t�w�o�r�k�s� �o�n� �t�h�e� �b�a�s�i�s� �o�f� �Z�h�e�g�a�l�k�i�n� �p�o�l�y�n�o�m�i�a�l�s�,� �C�y�b�e�r�n�e�t�i�c�s� �a�n�d� �S�y�s�t�e�m�s� �A�n�a�l�y�s�i�s�,� �2�0�1�5�,� �5�1�,� �N�o�.� �6�,� �9�6�9�-�9�7�7�,� �D�O�I�:� �1�0�.�1�0�0�7�/�s�l�0�5�5�9�-�0�1�5�-�9�7�9�0�-�1�.� �.