System for real-time intrusion detection of SQL injection web attacks
First Claim
Patent Images
1. A system comprising:
- means for the learning normal Database and Web application standard query language (SQL) query data for a website;
means for capturing real-time Database and Web application SQL query data for the website; and
means for detecting an anomaly representative of an SQL injection attack based on the normal Database and Web application SQL query data and the real-time Database and Web application SQL query data.
0 Assignments
0 Petitions
Accused Products
Abstract
A real-time anomaly SQL Injection detection system is provided to detect anomalies specific to the backend Database layer and the Web application layer of a Website. To reduce false alarms, the system correlates abnormal scores for the Database layer and Web application layer to detect and catch different forms of SQL injection attacks. The attacks are detected based on anomalies and not signatures or patterns.
-
Citations
43 Claims
-
1. A system comprising:
-
means for the learning normal Database and Web application standard query language (SQL) query data for a website; means for capturing real-time Database and Web application SQL query data for the website; and means for detecting an anomaly representative of an SQL injection attack based on the normal Database and Web application SQL query data and the real-time Database and Web application SQL query data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 19, 20)
-
-
12. A computer program product including a computer readable medium having instructions causing a computer to:
-
learn normal Database and Web application standard query language (SQL) query data for a website; capture real-time Database and Web application SQL query data for the website; and detect an anomaly representative of an SQL injection attack based on the normal Database and Web application SQL query data and the real-time Database and Web application SQL query data. - View Dependent Claims (13, 14, 15, 16, 17, 18, 21, 22)
-
-
23. A method comprising the steps of:
-
learning normal Database and Web application standard query language (SQL) query data for a website; capturing real-time Database and Web application SQL query data for the website; and detecting an anomaly representative of an SQL injection attack based on the normal Database and Web application SQL query data and the real-time Database and Web application SQL query data. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system comprising:
-
a processor operable to execute a sequence of instructions to learn normal Database and Web application standard query language (SQL) query data for a website in a learning mode, capture real-time Database and Web application SQL query data for the website in a detection mode, and detect an anomaly representative of an SQL injection attack based on the normal Database and Web application SQL query data and the real-time Database and Web application SQL query data in the detection mode; and memory coupled to the processor for storing the results from the learning mode and detection mode. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification