Browsing by Author "BOUKAROUI, HADJER"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
Item Open Access An information theoretic approach to detect SQLI Intrusion(University of M'sila, 2015-06-10) BOUKAROUI, HADJER; Supervisor: SAOUDI, LALIA; Supervisor: Fernini, BelabdelouahabSQL Injection (SQLI) is a widespread vulnerability commonly found in web-based programs. Exploitations of SQL injection vulnerabilities lead to harmful consequences such as authentication bypassing and leakage of sensitive personal information. Therefore, SQLI needs to be mitigated to protect end users. In this work, we present an approach to detect SQLI attacks based on information theory. We compute the entropy of each query present in a program accessed before program deployment. During the program execution time, when an SQL query is invoked, we compute the entropy again to identify any change in the entropy measure for that query. The approach then relies on the assumption that dynamic queries with attack inputs result in increased or decreased level of entropy. In contrast, a dynamic query with benign inputs does not result in any change of entropy value.