SQL Injection Attack Classification through the Feature Extraction of SQL Query strings using a Gap-Weighted String Subsequence Kernel

SQL Injection Attacks are one of the most common methods behind data security breaches. Previous research has attempted to produce viable detection solutions in order to filter SQL Injection Attacks from regular queries. Unfortunately it has proven to be a challenging problem with many solutions suffering from disadvantages such as being unable to process in real time as a preventative solution, a lack of adaptability to differing types of attack and the requirement for access to difficult-to-obtain information about the source application. This paper presents a novel solution of classifying SQL queries purely on the features of the initial query string. A Gap-Weighted String Subsequence Kernel algorithm is implemented to identify subsequences of shared characters between query strings for the output of a similarity metric. Finally a Support Vector Machine is trained on the similarity metrics between known query strings which are then used to classify unknown test queries. By gathering all feature data from the query strings, additional information from the source application is not required. The probabilistic nature of the learned models allows the solution to adapt to new threats whilst in operation. The proposed solution is evaluated using a number of test datasets derived from the Amnesia testbed datasets. The demonstration software achieved 97.07% accuracy for Select type queries and 92.48% accuracy for Insert type queries. This limited success rate is due to unsanitised quotation marks within legitimate inputs confusing the feature extraction. Using a test dataset that denies legitimate queries the use of unsanitised quotation marks, the Select and Insert query accuracy rose

Análisis de amenazas presentes en los entornos computacionales, vinculando sistemas operativos, redes y bases de datos como estrategia defensiva ante ciber-ataques sobre plataforma Windows.

La presente propuesta monográfica dentro del área de estudio de seguridad informática parte de la necesidad que existe en el entorno computacional, de las empresas y organizaciones gubernamentales de ofrecer una descripción completa de las amenazas más importantes que atentan contra los conjuntos de datos, de redes y sistemas operativos. Los cuales se encuentran en varios documentos de forma particular enfatizando en muchos casos fenómenos aislados sin sus posibles estrategias de escudo ante cada una de las eventualidades que puedan llegar a presentarse, es labor del especialista en seguridad informática tener un repositorio con las herramientas necesarias ante los ataques o posibles casos de violación de la seguridad de cada uno de los entornos trabajados, en el mayor de los casos la información que se trabaja a través de estas plataformas tienen un valor no calculable debido a que la información personal que no se puede cualificar pero si establecer su grado de importancia. Este tipo de amenazas diferentes para cada uno de los entornos es una desventaja notable, debido a que en el mayor de los casos existe un atraso significativo en el control, lo que genera demoras y hasta la perdida de estos datos. Las vulnerabilidades presentes en las bases de datos son tan importantes como las presentes en los sistemas operativo, pero con la diferencia notable que en las bases de datos la inyección SQL ha estado presente desde hace mucho tiempo con estrategias que se han establecido pero que de una u otra forma no se implementan.The present monographic proposal within the area of study of computer security is based on the need that exists in the computational environment of companies and governmental organizations to offer a complete description of the most important threats that threaten data sets, networks and operating systems. Which are found in several documents in a particular way emphasizing in many cases isolated phenomena without their possible strategies of shield before each one of the eventualities that can come to appear, it is work of the specialist in computer security to have a repository with the necessary tools before the attacks or possible cases of violation of the security of each one of the worked environments, in the greater of the cases the information that is worked through these platforms have a not calculable value due to the personal information that cannot be qualified but if to establish its degree of importance. This type of different threats for each of the environments is a notable disadvantage, due to the fact that in most cases there is a significant delay in the control, which generates delays and even the loss of this data. The vulnerabilities present in databases are as important as those present in operating systems, but with the notable difference that in databases SQL injection has been present for a long time with strategies that have been established but are not implemented in one way or another