Anomaly-based detection of SQL injection attacks

Anomaly-based detection of SQL injection attacks

A method for detecting a SQL injection attack comprises a training phase and a detection phase. In the training phase, a plurality of SQL queries is transformed into a respective plurality of SQL token domain queries which are processed using a n-gram analysis to provide a threshold and an averaging...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SHMUELI AVIRAM, AVERBUCH AMIR, DAVID GIL
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for detecting a SQL injection attack comprises a training phase and a detection phase. In the training phase, a plurality of SQL queries is transformed into a respective plurality of SQL token domain queries which are processed using a n-gram analysis to provide a threshold and an averaging vector. In the detection phase, each newly arrived SQL query is transformed into a new SQL token domain query, and the n-gram analysis is applied together with the averaging vector and the threshold to each new SQL token domain query to determine if the new SQL query is normal or abnormal. The detection may be online or offline.