The research of an AOP-based approach to the detection and defense of SQL injection attack
Wang Qing, Chengwan He
Available Online November 2016.
- https://doi.org/10.2991/aest-16.2016.98How to use a DOI?
- SQL injection attack; AOP; attack characteristic; logical structure.
- As the availability of web application services grows, we are witnessing an increase in the number and sophistication of attacks that target them. The SQL injection attack has been the most dangerous way of web-based attacks. In this paper, according to the characteristics of the SQLIAs, we presented a new method for detecting and preventing SQL injection attacks by using AOP. On the one hand, we solve these SQLIAs which have attack characteristics by defining aspect and pointcut, then doing some validations in the function of before(). On the other hand, we use a model-based way for other attacks, which uses the program analysis technique to automatically build a model of legitimate SQL queries, and the model is compared with the SQL queries obtained dynamically by AOP. We illustrate the method through a case study- a simple user login page. The results show the effectiveness of our approach.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Wang Qing AU - Chengwan He PY - 2016/11 DA - 2016/11 TI - The research of an AOP-based approach to the detection and defense of SQL injection attack BT - 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016) PB - Atlantis Press SP - 731 EP - 737 SN - 1951-6851 UR - https://doi.org/10.2991/aest-16.2016.98 DO - https://doi.org/10.2991/aest-16.2016.98 ID - Qing2016/11 ER -