Abstract: Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks. In this paper we propose a framework based on misuse and anomaly detection techniques to detect SQL injection attack. The main idea of this framework is to create a profile for legitimate database behavior extracted from applying association rules on XML file containing queries submitted from application to the database. As a second step in the detection process, the structure of the query under observation will be compared against the legitimate queries stored in the XML file thus minimizing false positive alarms.

Shaimaa Ezzat Salama, Mohamed I. Marie, Laila M. El-Fangary and Yehia K. Helmy, “Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection” International Journal of Advanced Computer Science and Applications(IJACSA), 3(3), 2012. http://dx.doi.org/10.14569/IJACSA.2012.030321

@article{Salama2012,
title = {Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2012.030321},
url = {http://dx.doi.org/10.14569/IJACSA.2012.030321},
year = {2012},
publisher = {The Science and Information Organization},
volume = {3},
number = {3},
author = {Shaimaa Ezzat Salama and Mohamed I. Marie and Laila M. El-Fangary and Yehia K. Helmy}
}