Transcript SQL injection attacked

TCP/IP Malicious Packet Detection
(SQL Injection Detection)
Ashok Parchuri
Recent Examples
• Tk Maxx (TK Maxx Admitted that over 45.7
Million credit and debit cards were stolen from
the database)
• Microsoft Defaced (On 3rd May 2007 Microsoft is
defaced Using SQL injection attacked attack.
The attacker used simple keyword like or, =.)
• Autoweb.co.uk (Injected a 30 characters to over
write the content, by this hacker gained access
against the website and defaced the website. )
Attack Types
•
•
•
•
SQL Manipulation
Code Injection
Function Call Injection
Buffer Overflow
• Requirements: Web Browser
• Previous Technologies :
Defensive Programming
Anomoly Detection
Application Processing
Sample Attack
Intrusion Detection System Design
Considerations
• The application monitors the URL strings for
SQL keywords and reports any maliciousness
• SQL injection attacks normally done by using
keywords like SELECT, DELETE, FROM, OR, =.
• The intrusion system should effectively scan the
URL requests that is coming from the end-user.
Evaluation
• The application is evaluated for setting the
threshold value for detecting the maliciousness.
• For detecting the application threshold level it is
the application is performed against more than
1700 URL strings.
• The results are evaluated and it is found that
threshold value 40 could effectively detect the
malicious Packets.
Evaluation
Result
• The application is designed to alert the
administrator when it founds an injection attack.
Future Work
• Analysis of threshold level.
• Implementing the application in web server to
evaluate effectiveness.
• Implementing more SQL injection keyword for
detection.
• Reducing the unwanted results
Thank you