The research of an AOP-based approach to the detection and defense of SQL injection attack

DOI

10.2991/aest-16.2016.98How to use a DOI?

Keywords

SQL injection attack; AOP; attack characteristic; logical structure.

Abstract

As the availability of web application services grows, we are witnessing an increase in the number and sophistication of attacks that target them. The SQL injection attack has been the most dangerous way of web-based attacks. In this paper, according to the characteristics of the SQLIAs, we presented a new method for detecting and preventing SQL injection attacks by using AOP. On the one hand, we solve these SQLIAs which have attack characteristics by defining aspect and pointcut, then doing some validations in the function of before(). On the other hand, we use a model-based way for other attacks, which uses the program analysis technique to automatically build a model of legitimate SQL queries, and the model is compared with the SQL queries obtained dynamically by AOP. We illustrate the method through a case study- a simple user login page. The results show the effectiveness of our approach.

Copyright

© 2016, the Authors. Published by Atlantis Press.

Open Access

This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

TY  - CONF
AU  - Wang Qing
AU  - Chengwan He
PY  - 2016/11
DA  - 2016/11
TI  - The research of an AOP-based approach to the detection and defense of SQL injection attack
BT  - Proceedings of the 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)
PB  - Atlantis Press
SP  - 731
EP  - 737
SN  - 1951-6851
UR  - https://doi.org/10.2991/aest-16.2016.98
DO  - 10.2991/aest-16.2016.98
ID  - Qing2016/11
ER  -