Proceedings of the 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)

The research of an AOP-based approach to the detection and defense of SQL injection attack

Authors
Wang Qing, Chengwan He
Corresponding Author
Wang Qing
Available Online November 2016.
DOI
https://doi.org/10.2991/aest-16.2016.98How to use a DOI?
Keywords
SQL injection attack; AOP; attack characteristic; logical structure.
Abstract
As the availability of web application services grows, we are witnessing an increase in the number and sophistication of attacks that target them. The SQL injection attack has been the most dangerous way of web-based attacks. In this paper, according to the characteristics of the SQLIAs, we presented a new method for detecting and preventing SQL injection attacks by using AOP. On the one hand, we solve these SQLIAs which have attack characteristics by defining aspect and pointcut, then doing some validations in the function of before(). On the other hand, we use a model-based way for other attacks, which uses the program analysis technique to automatically build a model of legitimate SQL queries, and the model is compared with the SQL queries obtained dynamically by AOP. We illustrate the method through a case study- a simple user login page. The results show the effectiveness of our approach.
Open Access
This is an open access article distributed under the CC BY-NC license.

Download article (PDF)

Proceedings
2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)
Part of series
Advances in Intelligent Systems Research
Publication Date
November 2016
ISBN
978-94-6252-257-2
DOI
https://doi.org/10.2991/aest-16.2016.98How to use a DOI?
Open Access
This is an open access article distributed under the CC BY-NC license.

Cite this article

TY  - CONF
AU  - Wang Qing
AU  - Chengwan He
PY  - 2016/11
DA  - 2016/11
TI  - The research of an AOP-based approach to the detection and defense of SQL injection attack
BT  - 2016 International Conference on Advanced Electronic Science and Technology (AEST 2016)
PB  - Atlantis Press
UR  - https://doi.org/10.2991/aest-16.2016.98
DO  - https://doi.org/10.2991/aest-16.2016.98
ID  - Qing2016/11
ER  -