Welcome to the InfoSci Platform
Reference Hub2
Intrusion Detection Systems for Mitigating SQL Injection Attacks: Review and State-of-Practice

Intrusion Detection Systems for Mitigating SQL Injection Attacks: Review and State-of-Practice

Rui Filipe Silva, Raul Barbosa, Jorge Bernardino
Copyright: © 2020 |Volume: 14 |Issue: 2 |Pages: 21
ISSN: 1930-1650|EISSN: 1930-1669|EISBN13: 9781799805366|DOI: 10.4018/IJISP.2020040102
Cite Article Cite Article

MLA

Silva, Rui Filipe, et al. "Intrusion Detection Systems for Mitigating SQL Injection Attacks: Review and State-of-Practice." IJISP vol.14, no.2 2020: pp.20-40. http://doi.org/10.4018/IJISP.2020040102

APA

Silva, R. F., Barbosa, R., & Bernardino, J. (2020). Intrusion Detection Systems for Mitigating SQL Injection Attacks: Review and State-of-Practice. International Journal of Information Security and Privacy (IJISP), 14(2), 20-40. http://doi.org/10.4018/IJISP.2020040102

Chicago

Silva, Rui Filipe, Raul Barbosa, and Jorge Bernardino. "Intrusion Detection Systems for Mitigating SQL Injection Attacks: Review and State-of-Practice," International Journal of Information Security and Privacy (IJISP) 14, no.2: 20-40. http://doi.org/10.4018/IJISP.2020040102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.