Evaluation of anomaly based character distribution models in the detection of SQL injection attacks

Kiani, Mehdi, Clark, Andrew J., & Mohay, George M. (2008) Evaluation of anomaly based character distribution models in the detection of SQL injection attacks. In Third International Conference on Availability, Reliability and Security, 4-7 March, 2008, Barcelona, Spain.

View at publisher


The ubiquity of Web applications has led to an increased focus on the development of attacks targeting these applications. One particular type of attack that has recently become prominent is the SQL injection attack. SQL injection attacks can potentially result in unauthorized access to confidential information stored in a backend database. In this paper we describe an anomaly based approach which utilizes the character distribution of certain sections of HTTP requests to detect previously unseen SQL injection attacks. Our approach requires no user interaction, and no modification of or access to, either the backend database or the source code of the web application itself. Our practical results suggest that the model proposed in this paper is superior to existing models at detecting SQL injection attacks. We also evaluate the effectiveness of our model at detecting different types of SQL injection attacks.

Impact and interest:

10 citations in Scopus
Search Google Scholar™
5 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

803 since deposited on 21 May 2009
325 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 20575
Item Type: Conference Paper
Refereed: Yes
Additional URLs:
Keywords: sql injection attack, anomaly detection, intrusion detection system
DOI: 10.1109/ARES.2008.123
ISBN: 9780769531021
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2008 IEEE
Copyright Statement: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Deposited On: 21 May 2009 02:59
Last Modified: 29 Feb 2012 13:46

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page