REGULAR EXPRESSIONS BASED SQL INJECTION DETECTION

Show simple item record

dc.contributor.author Senthan, R.
dc.contributor.author Charles, E.Y.A.
dc.contributor.author Kodituwakku, S.R.
dc.date.accessioned 2022-08-25T05:11:05Z
dc.date.available 2022-08-25T05:11:05Z
dc.date.issued 2021-10-15
dc.identifier.issn 2815-0163
dc.identifier.uri http://drr.vau.ac.lk/handle/123456789/494
dc.description.abstract SQL Injection Attacks (SQLIA) are among the most significant threats for Database Management Systems (DBMS) and Web applications. SQL Injection is a technique where an attacker attaches malicious SQL statements in one of many possible forms as input for a query in the DBMS. The DBMS is tricked into executing this malicious code while processing the original query. Insufficient validation of user input is the leading cause of SQL injection vulnerabilities. Detection of SQL injection using regular expression is one among many solutions for this problem. However, the effectiveness of regular expressions in detecting all types of SQL injection attacks has not yet been established, and this work attempts such a study. By analysing the literature on SQLIAs and a data set of 318 queries (293 malicious and 25 benign), four cases of patterns of malicious queries were identified. Furthermore, regular expressions created for the four cases could correctly identify 90% of SQLIA queries with low resources and execution time. en_US
dc.language.iso en en_US
dc.publisher University of Vavuniya en_US
dc.source.uri https://vau.ac.lk/VUIRC-2021/ en_US
dc.subject Database management system en_US
dc.subject Web application en_US
dc.subject SQL injection attack en_US
dc.subject Regular expression en_US
dc.title REGULAR EXPRESSIONS BASED SQL INJECTION DETECTION en_US
dc.type Conference paper en_US
dc.identifier.proceedings Vavuniya University International Research Conference (VUIRC) 2021 en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search


Browse

My Account