Proceedings of the 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)

The research of an AOP-based approach to the detection and defense of SQL injection attack

Authors
Wang Qing, Chengwan He
Corresponding Author
Wang Qing
Available Online November 2016.
DOI
10.2991/aest-16.2016.98How to use a DOI?
Keywords
SQL injection attack; AOP; attack characteristic; logical structure.
Abstract

As the availability of web application services grows, we are witnessing an increase in the number and sophistication of attacks that target them. The SQL injection attack has been the most dangerous way of web-based attacks. In this paper, according to the characteristics of the SQLIAs, we presented a new method for detecting and preventing SQL injection attacks by using AOP. On the one hand, we solve these SQLIAs which have attack characteristics by defining aspect and pointcut, then doing some validations in the function of before(). On the other hand, we use a model-based way for other attacks, which uses the program analysis technique to automatically build a model of legitimate SQL queries, and the model is compared with the SQL queries obtained dynamically by AOP. We illustrate the method through a case study- a simple user login page. The results show the effectiveness of our approach.

Copyright
© 2016, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)
Series
Advances in Intelligent Systems Research
Publication Date
November 2016
ISBN
978-94-6252-257-2
ISSN
1951-6851
DOI
10.2991/aest-16.2016.98How to use a DOI?
Copyright
© 2016, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Wang Qing
AU  - Chengwan He
PY  - 2016/11
DA  - 2016/11
TI  - The research of an AOP-based approach to the detection and defense of SQL injection attack
BT  - Proceedings of the 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)
PB  - Atlantis Press
SP  - 731
EP  - 737
SN  - 1951-6851
UR  - https://doi.org/10.2991/aest-16.2016.98
DO  - 10.2991/aest-16.2016.98
ID  - Qing2016/11
ER  -