REGULAR EXPRESSIONS BASED SQL INJECTION DETECTION

Abstract

SQL Injection Attacks (SQLIA) are among the most significant threats for Database Management Systems (DBMS) and Web applications. SQL Injection is a technique where an attacker attaches malicious SQL statements in one of many possible forms as input for a query in the DBMS. The DBMS is tricked into executing this malicious code while processing the original query. Insufficient validation of user input is the leading cause of SQL injection vulnerabilities. Detection of SQL injection using regular expression is one among many solutions for this problem. However, the effectiveness of regular expressions in detecting all types of SQL injection attacks has not yet been established, and this work attempts such a study. By analysing the literature on SQLIAs and a data set of 318 queries (293 malicious and 25 benign), four cases of patterns of malicious queries were identified. Furthermore, regular expressions created for the four cases could correctly identify 90% of SQLIA queries with low resources and execution time.