Intrusion Detection Framework for SQL Injection (2009.13868v1)

Abstract: In this era of internet, E-Business and e-commerce applications are using Databases as their integral part. These Databases irrespective of the technology used are vulnerable to SQL injection attacks. These Attacks are considered very dangerous as well as very easy to use for attackers and intruders. In this paper, we are proposing a new approach to detect intrusion from attackers by using SQL injection. The main idea of our proposed solution is to create trusted user profiles fetched from the Queries submitted by authorized users by using association rules. After that we will use a hybrid (anomaly + misuse) detection model which will depend on data mining techniques to detect queries that deviates from our normal behavior profile. The normal behavior profile will be created in XML format. In this way we can minimize false positive alarms.