Intrusion Detection Framework for SQL Injection
This addresses security vulnerabilities in e-business and e-commerce databases, though it appears incremental as it builds on existing hybrid detection methods.
The paper tackles SQL injection attacks on databases by proposing a hybrid detection framework that creates trusted user profiles using association rules and combines anomaly and misuse detection with data mining techniques, aiming to minimize false positive alarms.
In this era of internet, E-Business and e-commerce applications are using Databases as their integral part. These Databases irrespective of the technology used are vulnerable to SQL injection attacks. These Attacks are considered very dangerous as well as very easy to use for attackers and intruders. In this paper, we are proposing a new approach to detect intrusion from attackers by using SQL injection. The main idea of our proposed solution is to create trusted user profiles fetched from the Queries submitted by authorized users by using association rules. After that we will use a hybrid (anomaly + misuse) detection model which will depend on data mining techniques to detect queries that deviates from our normal behavior profile. The normal behavior profile will be created in XML format. In this way we can minimize false positive alarms.