SQL Injection Attack Discovery and Defending Mechanism for

International Journal of Applied Engineering Research ISSN 0973-4562 Volume 15, Number 4 (2020) pp. 405-408

© Research India Publications. http://www.ripublication.com

405

SQL Injection Attack Discovery and Defending Mechanism for Multi-Tier

Web Applications

Dr.M.Jagadeesan1, Dr.P.A.Selvaraj2, V.Sanchana3

1Assistant professor, Department of Computer Applications, Kongu Engineering College, Erode – 638060, Tamilnadu, India.

2Assistant professor, Department of Computer Applications, Kongu Engineering College, Erode – 638060, Tamilnadu, India.

3PG Scholar, Department of Computer Applications, Kongu Engineering College, Erode – 638060, Tamilnadu, India.

Abstract

Three tier web applications are build under web server,

interface and database server elements. The database server

operations are initiated by the online server application. The

user data values are passed to the database server through

the online server. Query responses are prepared by the

online server application and redirected to the client.

Multitier anomaly detection systems are wont to secure the

online server and database servers. The multi-tier web

applications are build with Active Server Pages, Java Server

Pages, Hypertext Preprocessor (PHP) and Java Servlets.

The PHP applications are susceptible to the SQL injection

and code injection attacks.

The attack discovery operations are administered in three

methods. They’re etiological, symptomatic and hybrid

models. The Hybrid Injection Attack Discovery (HIAD)

scheme is build with the etiological and symptomatic

combination model. The parse tree analysis and taint

discovery process are initiated to get the SQL injection

attacks within the web applications. The attack discovery

and control model is build with the Collaborative Injection

Attack Discovery (CIAD) scheme. The Collaborative

Injection Attack Discovery (CIAD) scheme consists with

HTTP response verification and Taint Tracking Systems.

The abnormal entries within the HTTP response are verified

and faraway from the execution model. The SQL query

values are validated within the taint tracking process. The

system achieves high accuracy rate within the SQL injection

discovery and control process.

Keywords: Web attacks, SQL injection attacks, Etiological

method, Symptomatic method, Hybrid method and Taint

tracking systems.

1. INTRODUCTION

Web-delivered services and applications have inflated in every

quality and quality over the past few years. Daily tasks, like

banking, travel, and social networking, unit of menstruation

all done via worldwide net. Such services usually use a web

server front that runs the appliance interface logic, besides as

a back-end server that consists of associate info or machine.

Attributable to their gift use for private and/or company data,

internet services have invariably been the target of attacks.

These attacks have recently become tons of varied, as

attention has shifted from offensive the front to exploiting

vulnerabilities of worldwide net applications order to corrupt

the back-end system. An embarrassment of Intrusion

Detection Systems (IDSs) presently examine network packets

on a personal basis among every the web server then the data

system. There’s little or no or no work being performed on

multitier Anomaly Detection (AD) systems that generate

models of web work behavior for every internet and data

network interactions. In such multitier architectures, the back-

end info server is typically protected behind a firewall

whereas the online servers unit of mensuration remotely

accessible over Infobahn. They secure from direct remote

attacks the rear -end systems unit of measure susceptible to

attacks use internet requests because the thanks to want

advantage of the behind. Intrusion discovering systems unit of

mensuration wide wont to discover familiar with attacks by

matching exploited traffic patterns or signatures for defend

multitier internet services.

A category of IDS that leverages machine learning may

discover unknown attacks by characteristic abnormal network

traffic that deviates from the supposed “normal” behavior

previously profiled throughout the IDS work [*fr1]. Singly,

world-wide net IDS then the data IDS can discover abnormal

network traffic sent to either of them. The IDSs cannot

discover cases whereby ancient traffic is used to attack the

webserver then the data server. As associate example, if

associate someone with nonadmin privileges can log in to a

webserver pattern normal-user access credentials, he/she can

understand the because of issue a privileged info question by

exploiting vulnerabilities among the webserver. Neither

worldwide net IDS nor the data IDS would discover this sort

of attack since worldwide net IDS would just see typical user

login traffic then the data IDS would see entirely the normal

traffic of a privileged user. This sort of attack unit of

mensuration sometimes promptly detected if the data IDS can

verify that a privileged request from the webserver isn't

related to user-privileged access. This multithreaded

webserver vogue, it is not potential to hunt out or profile such

abortifacient mapping between webserver traffic and unit of

mensuration server traffic since traffic cannot be clearly

attributed to user sessions.

2. RELATED WORK

Johannes Dahse [2014] build associate automatic POP chain

generation model to analysis Code use attacks in PHP.

Memory corruption vulnerabilities cause control-flow

hijacking attacks unit of measurement a customary balk for

mailto:[email protected]



406

binary executables. The code use attacks initiates associate

individual does not need to inject her own code throughout the

exploitation 0.5. The user reuses existing code fragments to

make a code chain to perform malicious computations.

Return- oriented programming (ROP) would possibly even be

a bypasses several existing defenses. Code use attacks unit of

measurement a viable attack vector against net applications.

The code use attacks unit of measurement analyzed at

intervals the context of PHP-based net applications. The PHP

object injection (POI) vulnerabilities unit of measurement

usually exploited via property-oriented programming (POP).

The analysis is conducted on gadgets in common PHP

applications. The automatic approach is applied to statically

notice dish vulnerabilities in object-oriented PHP code. The

approach is else capable of generating POP chains in associate

automatic methodology. K. S. McKinley [2013] composed

Diglossia theme for work code injection attacks with truth and

potency. Code injection attacks still plague applications

incorporate user input into potential programs.

The DIGLOSSIA would possibly even be a tool builds to

precisely and efficiently detects code injection attacks on

server-side net applications generating SQL and NoSQL

queries. The foremost issues in work injected code unit of

measurement recognizing code at intervals the generated

question and deciding that components of the question unit of

measurement tainted by user input. DIGLOSSIA dynamically

maps all application- generated characters to shadow

characters that do not occur in user input and computes

shadow values for all input-dependent strings. Any original

characters throughout a shadow worth unit of measurement

thus exactly the taint from user input. The key technical

innovation is twin parsing to look out injected code

throughout a generated question. DIGLOSSIA parses the

question in bike with its shadow. It checks the two analyze

trees unit of measurement syntactically similarity and each

one code at intervals the shadow question is in shadow

characters. DIGLOSSIA accurately detects each SQL and

NoSQL code injection attacks whereas avoiding the false

positives and false negatives rate of varied ways that within

which. Michael Backes [2017] initiated associate economical

and versatile model for Discovery of PHP Application

Vulnerabilities. Cyber web these days would possibly even be

a growing universe of pages and applications abundant with

interactive content. The security of net applications will have

a devastating impact on personal and economic levels. The

PHP is that the favorite communication in net applications.

It’s prone to differing kinds of vulnerabilities, like SQL

Injection or Cross-Site Scripting. The lay to rest procedural

analysis technique is built for PHP applications supported

code property graphs. It scales well to giant amounts of code

and is unbelievably pliant in its nature. The graph knowledge

is used to store code property graphs for PHP.

The programmable graph traversals is applied establish

differing kinds of net application vulnerabilities. Insha Altaf

[2015] delineate ways that within which for Vulnerability

Assessment and mend Management. The vulnerability

assessment is that the manoeuvre of distinctive, quantifying

and prioritizing the vulnerabilities throughout a system. The

vulnerability assessment is conducted to figure out the

weaknesses inherent at intervals the data systems which is

able to be exploited, leading to information system breach.

The automatic testing approaches unit of measurement

primarily targeted on up the accurateness and truth of

vulnerability testing. The SQL-injection attacks consider some

weak validation of text based file unit of measurement place

to use for building knowledge queries. Malignantly crafted

input might enfeeble the confidentiality and together the

security ways that of websites looking forward to the data to

the store and recover information. The distinctive

methodology is built to consequently acknowledge statements

in PHP applications which can be defenseless to SQL-

injection activated by either vindictive input or vindictive

code. Miguel Beatriz [2017] created a Tool for Injection

Attack hindrance in MySQL. Vulnerabilities in net

applications unit of measurement usually created thanks to

inconsistencies at intervals the manoeuvre SQL queries unit of

measurement believed to be run so the manoeuvre they are

very dead by a management System (DBMS). The SEPTIC

mechanism detects and blocks injection attacks among the pc

code package. The demonstration considers a state of affairs

of a non-trivial PHP net application backed by a MySQL code

package. It’s changed to include SEPTIC. It presents however

SEPTIC blocks injection attacks whereas not compromising

the appliance correctness and performance. SEPTIC is

compared to various approaches, like sanitizations

administered with customary functions provided language and

an online application firewall.

3. WEB ATTACKS METHODS

The web attacks square measure initiated with a ramification

of mechanisms. The injection attacks square measure

generated with code and SQL queries. The data attacks related

to cyber web applications square measure classified into two

models. They are SQL injection attacks and direct information

attacks.

Figure 1.1. Injection attack

Attacker

Injection

Web

Server Database

Server

User

Request

DB

Query

Privileged Privileged



407

Attacks like SQL injection do not would like compromising

the webserver. Attackers can use existing vulnerabilities

among the webserver logic to inject {the information|the

data|the information} or string content that contains the

exploits then use the webserver to relay these exploits to

attack the back-end info. The approach provides a two-tier

detection, even so the exploits square measure accepted by the

webserver, the relayed contents to the DBserver would not be

able to combat the expected structure for the given webserver

request. The SQL injection attack changes the structure of the

SQL queries, albeit the injected data were to travel through

the webserver aspect, it'd generate SQL queries throughout a

singular structure which can be detected as a deviation from

the SQL question structure that may sometimes follow such

an internet request. Fig.1.1 illustrates matters of a SQL

injection attack.

The bad person square measure sometimes ready to bypass the

webserver or firewalls and connect on to {the information|the

data|the information} among the direct info attack model.

Associate in Nursing bad person could even have already

taken over the netserver and be submitting such queries from

the internetserver whereas not effort web requests. whereas

not matched web requests for such queries, a webserver IDS

could discover neither. If the unit of measurement queries

were among the set of allowed queries, then the data IDS

itself wouldn't discover it either. The attack square measure

sometimes caught with the approach since it cannot match any

web requests with these queries.

4. PROBLEM STATEMENT

The web attacks square measure initiated with a ramification

of mechanisms. The injection attacks square measure

generated with code and SQL queries. The data attacks related

to cyber web applications square measure classified into two

models. They are SQL injection attacks and direct information

attacks. The online application injection attack defenses area

unit handled with 3 varieties of models. They are etiological,

symptomatic and hybrid. The etiological class involves

mechanisms designed to dam attacks supported their causes

and origins. The symptomatic class incorporates a diffusion of

schemes that examine the behavior of applications and find

attacks supported their undesirable symptoms. Hybrid

mechanisms borrow characteristics from each classes. The

precise mechanisms classified per the subcategories and for

each mechanism offer the following data variety of citations

of the corresponding publications, accuracy and procedure

overhead measurements and varieties of attacks handled.

Recall that the aim of operation for each mechanism is

provided. The etiological approaches uses 3 class of strategies

to protect net applications against injection attacks: Parse-Tree

Validation, Policy social control and Instruction set

organization. Symptomatic techniques follow 2 main

approaches. They each track untrusted input and ban sure

operations on that , or they initial learn what code to trust then

approve for execution code that they acknowledge as safe.

The hybrid approach class includes mechanisms that borrow

characteristics from each etiological and symptomatic

approaches. 5 of them specialize in the detection of XSS

attacks and one focuses on line code injection attacks.

5. SQL INJECTION ATTACK CONTROLLER

The taint chase theme marks untrusted information, sort of a

variable set by a field throughout an online type, and traces its

propagation throughout the program. If the variable is used in

associate expression that sets another variable, that variable is

in addition marked as untrusted then on. If any of these

variables is used throughout a probably risky operation, the

theme might act consequently. Taint chase is provided as a

feature in some programming languages, like Perl and Ruby.

By sanctionative this feature, Perl would refuse to run code

vulnerable Attacker Injection We b Server Database Server

User request with Injection Privileged information DB queries

with injection Privileged Replies to associate SQL injection

attack think about a tainted variable obtaining used throughout

a question and would exit with a slip-up message. All taint

chase schemes involves the matter of maintaining correct

taints. In such cases, certain, tainted inputs will escape the

chase mechanism. Keeping track of such input may even be

impractical not solely because of the numerous technical

difficulties, however additionally as a result of it'd raise false

alarms. The cooperative Injection Attack Discovery (CIAD)

theme is initiated to notice and management the SQL injection

attacks at intervals the net applications.

The web applications square measure build with the PHP

code. The communications protocol response analyzer and so

the Hybrid approaches square measure integrated at intervals

the cooperative Injection Attack Discovery (CIAD) theme.

The communications protocol response header and question

string square measure the mediums used to take over the

shopper information values into the web server atmosphere.

The middleware atmosphere uses he shopper input to method

all the server aspect activities. The SQL command verification

on the communications protocol header and question string

primarily based input medium controls the SQL injections

higher than the other ways. The question keyword and

unauthorized information components square measure filtered

underneath the initial stage. The SQL commands square

measure filtered at intervals the first stage of the net

applications. The net appl9cation swiftness hyperbolic with

the initial validation and verification method. The attack

discovery method accuracy level is additionally hyperbolic in

a very goodly level.

6. PERFORMANCE ANALYSIS

The online applications area unit build with middleware or

business logic code beneath the net sites. The middleware is

that the most space among the multi-tier internet applications.

The attacks area unit raised beneath the middleware execution

atmosphere. The PHP could also be a wide used middleware

atmosphere. The SQL injection attack is that the foremost

downside among the net applications. The Hybrid Injection

Attack Discovery (HIAD) theme is built with the mixture of

the etiological and symptomatic attack discovery models. The

cooperative Injection Attack Discovery (CIAD) theme

integrates the hybrid approach with the hypertext transfer

protocol response verification and question string analysis

mechanism.



408

The attack data area unit filtered at the entry level of the net

page execution method. The SQL injection attack discovery

method is verified with accuracy level analysis. The accuracy

level analysis between the Hybrid Injection Attack Discovery

(HIAD) theme and so the cooperative Injection Attack

Discovery (CIAD) theme area unit shown in figure six.1. And

table six.1... The cooperative Injection Attack Discovery

(CIAD) theme will increase the accuracy level five-hitter than

the Hybrid Injection Attack Discovery (HIAD) theme. The

SQL injection attack discovery and management operations

area unit completed with minimum machine overheads.

Table 6.1: SQL Injection Attack Discovery Accuracy Level

Analysis between HIAD scheme and CIAD scheme

Requests HIAD CIAD

100 86.33 92.21

200 87.15 92.09

300 86.96 91.85

400 88.12 92.05

500 87.74 91.82

Figure 6.1: SQL Injection Attack Discovery Accuracy Level

Analysis between HIAD scheme and CIAD scheme

7. CONCLUSION

The SQL injection attack management model for the PHP

includes the protocol header response verification and

question parsing analysis strategies. The response verification

is run to spot the irrelevant things among the response entry.

The model controls the SQL injection attacks throughout a

considerable approach with high accuracy levels. The

cooperative Injection Attack Discovery (CIAD) theme square

measure usually increased with script injection attack

management and redirection attack operations.

REFERENCES

[01] Dimitris Mitropoulos, Michalis Polychronakis and

Angelos D. Keromytis, “Defending Against Web

Application Attacks: Approaches, Challenges and

Implications”, Transactions on Dependable and Secure

Computing. April 2019.

[02] D. Hedin, A. Birgisson, L. Bello and A. Sabelfeld,

“JSFlow: Tracking information flow in javascript and

its APIs,” in Proceedings of the 29th Annual ACM

Symposium on Applied Computing, 2014, pp. 1663–

1671.

[03] D. Stefan, E. Z. Yang, A. Russo, B. Karp and D.

Mazi`eres, “Protecting users by confining javascript

with COWL,”, 2014, pp. 131–146.

[04] J. Dahse, N. Krein and T. Holz, “Code reuse attacks in

PHP: Automated POP chain generation,” in

Proceedings of the 21st ACM Conference on Computer

and Communications Security, 2014, pp. 42–53.

[05] Yaohui Wang, Wenbing Zhao and Yuan Liu,

“Detecting SQL Vulnerability Attack based on the

Dynamic and Static Analysis Technology”, IEEE 39th

Annual International Computers, Software &

Applications Conference, 2015.

[06] Voitovych O.P. and Yuvkovetskyi O.S, “SQL Injection

prevention system”, International Conference "Radio

Electronics & Info Communications", 2016.

[07] Diallo Abdoulaye Kindy and Al-Sakib Khan Pathan,

“A Survey On Sql Injection: Vulnerabilities, Attacks

and Prevention Techniques”, IEEE 15th International

Symposium on Consumer Electronics, 2011.

[08] Atefeh Tajpour and Mohammad JorJor zade

Shooshtari, “Evaluation of SQL Injection Detection and

Prevention Techniques”, Second International

Conference on Computational Intelligence,

Communication Systems and Networks, 2010.

[09] Michael Backes, Malte Skoruppa, Ben Stock and

Fabian Yamaguch, “Efficient and Flexible Discovery of

PHP Application Vulnerabilities”, IEEE European

Symposium on Security and Privacy, 2017.

[10] Insha Altaf, Jawad Ahmad Dar, Firdous ul Rashid and

Mohd. Rafiq, “Vulnerability Assessment and Patching

Management”, International Conference on Soft

Computing Techniques and Implementations, 2015.

[11] Iberia Medeiros, “Demonstrating a Tool for Injection

Attack Prevention in MySQL”, 47th Annual IEEE/IFIP

International Conference on Dependable Systems and

Networks, 2017.

[12] S. Son, K. S. McKinley and V. Shmatikov, “Diglossia:

detecting code injection attacks with precision and

efficiency,” in CCS ’13’, 2013.

[13] B. Stock, S. Lekies, P. Spiegel and Johns, “Precise

client-side protection against DOM-based cross-site

scripting,” in 23rd USENIX Security, 2014, pp. 655–

670.

Documents

SQL Injection Attack Discovery and Defending Mechanism for