Abstract
Large parts of attacks targeting the web are aiming at the weak point of web application. Even though SQL injection, which is the form of XSS (Cross Site Scripting) attacks, is not a threat to the system to operate the web site, it is very critical to the places that deal with the important information because sensitive information can be obtained and falsified. In this paper, the method to detect themalicious SQL injection script code which is the typical XSS attack using n-Gram indexing and SVM (Support Vector Machine) is proposed. In order to test the proposed method, the test was conducted after classifying each data set as normal code and malicious code, and the malicious script code was detected by applying index term generated by n-Gram and data set generated by code dictionary to SVM classifier. As a result, when the malicious script code detection was conducted using n-Gram index term and SVM, the superior performance could be identified in detecting malicious script and the more improved results than existing methods could be seen in the malicious script code detection recall.
Highlights
With the development of wireless network and internet, many parts of offline services have been converted into online services and currently most parts of online service are occupied by web services
Large parts of attacks targeting the web are aiming at the weak point of web application and SQL injection attack which is the form of XSS (Cross Site Scripting) attacks is not a threat to the system that uses or operates the web applications compared to other attacks, but it is very critical to the places that deal with the important information because sensitive information can be obtained and falsified
When the malicious script code detection was conducted using n-Gram index term and SVM as above, the superior performance could be identified in detecting malicious script code and the more improved results than existing methods could be seen in the malicious script code detection recall
Summary
With the development of wireless network and internet, many parts of offline services have been converted into online services and currently most parts of online service are occupied by web services. Due to the merit of being available in anytime and anywhere, the importance of the web has been increased more and more everyday and the attacks aiming it has been increased. Various techniques have been studied in different fields to detect and prevent this critical SQL injection attack, including typically web framework, static and dynamic analysis and method using machine learning [7]. The web framework in a wireless network provides the filtering methods for input values but it is only filtering the special characters entered, so there are many obfuscate techniques using XSS. The static analysis analyzes the types of user input so it is more effective than simple filtering method, but it has the disadvantage that the attacks matching with the input type can’t be detected. The static and dynamic analysis method which complements the disadvantages of both static analysis and dynamic
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
