Behind an Application Firewall, Are We Safe from SQL Injection Attacks?

Appelt, Dennis; Nguyen, Duy Cu; Briand, Lionel

doi:10.1109/ICST.2015.7102581

Reference : Behind an Application Firewall, Are We Safe from SQL Injection Attacks?


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/19703

Title :	Behind an Application Firewall, Are We Safe from SQL Injection Attacks?
Language :	English
Author, co-author :	Appelt, Dennis [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Nguyen, Duy Cu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Briand, Lionel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
Publication date :	2015
Main document title :	2015 IEEE 8th International Conference on Software Testing, Verification, and Validation (ICST)
Peer reviewed :	Yes
Audience :	International
ISBN :	978-1-4799-7124-4
Event name :	8th International Conference on Software Testing, Verification, and Validation
Event date :	13-17 April 2015
Keywords :	[en] Security Testing ; SQL Injection ; Machine Learning
Abstract :	[en] Web application firewalls are an indispensable layer to protect online systems from attacks. However, the fast pace at which new kinds of attacks appear and their sophistication require that firewalls be updated and tested regularly as otherwise they will be circumvented. In this paper, we focus our research on web application firewalls and SQL injection attacks. We present a machine learning-based testing approach to detect holes in firewalls that let SQL injection attacks bypass. At the beginning, the approach can automatically generate diverse attack payloads, which can be seeded into inputs of web-based applications, and then submit them to a system that is protected by a firewall. Incrementally learning from the tests that are blocked or passed by the firewall, our approach can then select tests that exhibit characteristics associated with bypassing the firewall and mutate them to efficiently generate new bypassing attacks. In the race against cyber attacks, time is vital. Being able to learn and anticipate more attacks that can circumvent a firewall in a timely manner is very important in order to quickly fix or fine-tune the firewall. We developed a tool that implements the approach and evaluated it on ModSecurity, a widely used application firewall. The results we obtained suggest a good performance and efficiency in detecting holes in the firewall that could let SQLi attacks go undetected.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust ; University of Luxembourg: High Performance Computing - ULHPC
Funders :	Fonds National de la Recherche - FnR
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/19703
DOI :	10.1109/ICST.2015.7102581

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	main.pdf		Author preprint	634.01 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices