TY  - JOUR
T1  - A Flexible and Extendable Data Mining Based Generic Framework for
Preventing SQL Injection Attacks
AU - Pradeep Kumar, J. AU - Udaya Kumar, A. AU - Ravi, T. 
JO  - Asian Journal of Information Technology
VL  - 16
IS  - 6
SP  - 451
EP  - 457
PY  - 2017
DA  - 2001/08/19
SN  - 1682-3915
DO  - ajit.2017.451.457
UR  - https://makhillpublications.co/view-article.php?doi=ajit.2017.451.457
KW  - Database
KW  -data mining
KW  -SQL injection attack
KW  -classification
KW  -applications
KW  -pluggable mechanisms
AB  - As the contemporary applications are database-driven, SQL Injection Attacks (SQLIAs) have been
capable of causing potential risk to businesses across the globe. Most of the existing solutions focused on SQL
and its structure at application level which is doomed to fail when stored procedures are targeted. In this study,
we propose a framework for detecting SQLIAs at database level. We exploit kernel level functions and data
mining techniques such as classification to have basis for detection of such attacks. The framework provides
placeholders to have flexible mechanisms that help in using different approaches in future. Thus, the framework
provides pluggable mechanisms, so as to support future techniques as well at database level. We implemented
the functionality of the framework using PostgreSQL. The kernel functions of the RDBMS are exploited in order
to have integrated functionality to detect SQLIAs. The empirical results revealed that the proposed framework
is able to provide 99% probability of protecting applications from SQLIAs. The framework also achieve
100% true positives in detecting SQLIAs.
ER  - 