SQL injection attack detection in network flow data

[EN] SQL injections rank in the OWASP Top 3. The literature shows that analyzing network datagrams allows for detecting or preventing such attacks. Unfortunately, such detection usually implies studying all packets flowing in a computer network. Therefore, routers in charge of routing significant traffic loads usually cannot apply the solutions proposed in the literature. This work demonstrates that detecting SQL injection attacks on flow data from lightweight protocols is possible. For this purpose, we gathered two datasets collecting flow data from several SQL injection attacks on the most popular database engines. After evaluating several machine learning-based algorithms, we get a detection rate of over 97% with a false alarm rate of less than 0.07% with a Logistic Regression-based model.SIInstituto Nacional de Ciberseguridad de España (INCIBE)Universidad de Leó

A STUDY ON DETECTION MTHOD OF SLOW HTTP DoS ATTACK USING ENTROPY

Slow HTTP DoS Attack, a type of low-bandwidth DoS attack, is a threat to services because it requires less resources for the attacker and is harder to be detected than conventional DoS attacks. In this paper, we show the feasibility of an attack detection method based on the entropy of the data arrival interval to the server and its average value. From the results of the verification of the proposed method, it is shown that it is possible to separate the normal state and the attack state in the experimental environment by setting threshold values for the two types of measured parameters, We also show that by narrowing the upper limit of the arrival interval of the acquired data, it is possible to separate the normal state from the attack state even when the ratio of attacks is reduced