Abstract
Web applications are emerging as a new platform for representing data and services offered by all kinds of business models and organisations and are therefore more vulnerable to security threats. Most of the organisations rely largely on intrusion detection systems to identify threats to their data. SQL injection is one of the most prevalent and widely used web attack but the ability of intrusion detection systems in detecting it is limited. For different variants of SQL injection attacks, new signatures need to be identified and incorporated in signature-based intrusion detection systems for effective detection. In this paper, five new rules are proposed for signature-based intrusion detection system, Snort including signatures that cover a wider range of SQL injection attacks. The rules also consider the issue of hexadecimal values, white spaces and comment introduced by the attacker in the SQL injection attacks. The proposed rules are tested on self-made dataset of SQL injected websites and normal websites. The proposed rules show a very good recall rate thereby depicting the good performance of the proposed approach in detecting SQL injection attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
C. Kubecka, State of the Internet/ Security Report, Akamai, Q4 2017.
Web Application Attack Statistics, Positive technologies, 2017.
T. Armerding, The 17 biggest data breaches of the 21st century, CSO, 2018.
S. Anwar, J.M. Zain, M.F. Zolkipli, Z. Inayat, S. Khan, B. Anthony, V. Chang, From intrusion detection to an intrusion response system: fundamentals, requirements and future directions. MDPI Algorithms 10(2), 1–24 (2017)
W. Park, S. Ahn, Performance comparison and detection analysis in snort and suricata environment. Wirel. Pers. Commun. 94(2), 241–252 (2017)
H. Alnabulsi, M. R. Islam and Q. Mamun, Detecting SQL Injection Attacks Using SNORT IDS, in Asia-Pacific World Congress on Computer Science and Engineering, Nadi, 2014.
R. Silva, R. Barbosa and J. Bernardino, Testing snort with SQL injection attacks. In Proceedings of the 9th International C* Conference on Computer Science & Software Engineering, 2016.
G. Kumar, Evaluation metrics for intrusion detection systems—a study. Int. J. Comput. Sci. Mobile Appl. 2(11), 11–17 (2014)
M. Dabbour, I. Alsmadi, E. Alsukhni, Efficient assessment and evaluation for websites vulnerabilities using SNORT. Int. J. Secur. Appl. 7(1), 1 (2013)
K. K. Mookhey and N. Burghate, Detection of SQL Injection and Cross-site Scripting Attacks, SecurityFocus.com, 17 March 2004. [Online]. [Accessed 2018].
B. Warneck, Defeating SQL Injection IDS Evasion, Global Information Assurance Certification, 2007.
G. Veerman and R. Oprea, Database SQL Injections Detection And Protection, Universiteit van Amsterdam, May 30, 2012.
L. Etienne, Malicious Traffic Detection in Local Networks with Snort, EPFL, 2009.
J. Clarke, Sql injection using UNION, in SQL Injection Attacks and Defence, Syngress, 2009.
V. Luong, Intrusion Detection and Prevention System: SQL Injection Attacks, San José State University, 2010.
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have not disclosed any competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix 1
Appendix 1
Rights and permissions
About this article
Cite this article
Gupta, A., Sharma, L.S. A Novel Approach for Detecting SQL Injection Attacks Using Snort. J. Inst. Eng. India Ser. B 103, 1443–1451 (2022). https://doi.org/10.1007/s40031-022-00749-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40031-022-00749-z