An information theoretic approach to detect SQLI Intrusion

Simple item page
dc.contributor.authorBOUKAROUI, HADJER
dc.contributor.authorSupervisor: SAOUDI, LALIA
dc.contributor.authorSupervisor: Fernini, Belabdelouahab
dc.date.accessioned2023-05-23T13:39:03Z
dc.date.available2023-05-23T13:39:03Z
dc.date.issued2015-06-10
dc.description.abstractSQL Injection (SQLI) is a widespread vulnerability commonly found in web-based programs. Exploitations of SQL injection vulnerabilities lead to harmful consequences such as authentication bypassing and leakage of sensitive personal information. Therefore, SQLI needs to be mitigated to protect end users. In this work, we present an approach to detect SQLI attacks based on information theory. We compute the entropy of each query present in a program accessed before program deployment. During the program execution time, when an SQL query is invoked, we compute the entropy again to identify any change in the entropy measure for that query. The approach then relies on the assumption that dynamic queries with attack inputs result in increased or decreased level of entropy. In contrast, a dynamic query with benign inputs does not result in any change of entropy value.en_US
dc.identifier.urihttp://dspace.univ-msila.dz:8080//xmlui/handle/123456789/38653
dc.language.isoenen_US
dc.publisherUniversity of M'silaen_US
dc.subjectSQL injection, software vulnerability, information theory, entropy.en_US
dc.titleAn information theoretic approach to detect SQLI Intrusionen_US
dc.typeThesisen_US

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
BOTIKAROUI HADJER.PDF
Size:
8.4 MB
Format:
Adobe Portable Document Format
Description:
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Master Thesis