Abstract
Injection attacks are at the top of Open Web Application Security Project's Top 10 Application Security Risks list almost every year. SQL Injection (SQLI) is one such attack that presents the adversaries an opportunity to access personally identifiable information and commit identity theft, putting breach victims at risk. An intrusion detection and prevention system is a system or software application that continuously monitors a network for possible malicious activity or policy violations. A signature-based Intrusion Detection System (IDS) relies on predefined signatures to detect an attack. The signatures used are usually released periodically by the company who owns the IDS software or by the admin. Writing these signatures manually or waiting on the releases of new rules can take up significant time, effort, and knowledge. In this paper, we develop a system that monitors traffic in real time, performs deep packet inspection on each incoming packet, and looks for possible SQLI patterns to form rules in Snort (IDS) database. Our method increases the baseline IDS performance by 4.7x, with only 23% of the resources required by the baseline, while performing in the order of a few milliseconds, suitable for real-time edge networks.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call