查看文章

Web applications are vulnerable to a variety of new security threats. SQL injection attacks (SQLIAs) are one of the most significant of such threats. Researchers have proposed a wide variety of anomaly detection techniques to address SQLIAs, but all existing solutions have limitations in terms of effectiveness and practicality. %In particular, We claim that the main cause of such limitations is reliance on a single detection model and/or on information generated by a single source. Correlation of information from diverse sources has been proven to be an effective approach for improving detection performance, i.e. reducing both the rate of false positives and the percentage of undetected intrusions. In order to do so, we collect symptoms of attacks against web-based applications at different architectural layers, and correlate them via a systematic approach that applies a number of different anomaly detection models to …