An improved SQL injection detection model in signature based IDS using tree structure

Abstract

While online services usage on the Internet increases every day, the number of security threats also grows dramatically. One of the most serious and dangerous web application attacks is SQL injection (SQLI). This attack took place by inserting portion of malicious SQL query through a non-validated input from the user into the legitimate query statement and consequently database management system will execute these commands and eventually leads to an SQL injection. A successful SQL injection attack interfere confidentiality,integrity and availability of information in the database. Based on statistical researches, this type of attack had a high impact on business, so it is necessary to find the proper solution to stop or mitigate the attack. One of the most used solutions to detect SQLI attack is using Intrusion Detection Systems (IDS). IDSs use many techniques to detect potential attacks but signature based techniques is likely to be more successful in aspect of correct detection. The main drawback of this technique is that they need many rule sets or signatures to compare the input data against them and this can be time and resource consuming. Even though the SQL request is legitimate it needs to be compared against all the signatures. In this research all types of SQL injection attacks studied, and current techniques and tools for detection and prevention of the SQL injection reviewed. This research reviewed the most relevant solutions for improving signature based IDSs performance. An improved model of SQL injection detection by using a tree structure is proposed. Finally the performance of proposed model tested and evaluated by making a prototype.