Work place: Jawaharlal Nehru University/School of Computer & Systems Sciences, New Delhi, 110067, India
E-mail: pankajkumar.scss.jnu@gmail.com
Website:
Research Interests: Computer systems and computational processes, Computer Networks, Information Security, Network Architecture, Network Security
Biography
Pankaj Kumar is PhD scholar in School of Computer and Systems sciences, Jawaharlal Nehru University (JNU), New Delhi, India. He received B.E degree in Information Technology from Sant Longowal Institute of Engineering and Technology, Sangrur, Punjab, India in 2011 and degree of M.Tech in Computer Science and Technology from JNU in 2014. His research area is Computer Network Security and Cryptography.
DOI: https://doi.org/10.5815/ijieeb.2016.02.08, Pub. Date: 8 Mar. 2016
An SQL injection attack compromises the interactive web based applications, running database in the backend. The applications provide a form to accept user input and convert it into the SQL statement and fire the same to the database. The attackers change the structure of SQL statement by manipulating user inputs. The existing static and dynamic SQLIA detectors are being used for accurate detection of SQL injection, but it ignores the efficiency of the system. These detectors repeatedly verify the same queries inside the system, which causes unnecessary wastages of system resources. This paper contains the design approach of a parallel algorithm for the detection of SQL injection. The Algorithm uses the concept of Hot Query Bank (HQB) to cooperate with the existing SQLIA detectors (e.g. AMNESIA, SQLGuard, etc) and enhances the system performance. It simply keeps the information of previously verified queries in order to skip the verification process on the next appearance. The system performance has been observed by conducting a series of experiments on multi core processors. The experimental results have shown that parallel-SQLIA detector is 65% more efficient in term of time complexity. Further this design can be implemented in real web application environment; and the design interface can be standardized to cooperate with web application and the SQLIA detectors.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals