An automata based approach for the prevention of NOSQL injections

Abstract

The eminent web-applications of today are data-intensive. The data generated is of the order of petabytes and zetabytes. Using relational databases for storing them only complicates the storage and retrieval in the DB and degradation of its performance. The big data explosion demanded the need for a more flexible, high-performance storage concept the NoSQL movement. The NoSQL databases were designed to overcome the flaws of the relational databases including the security aspects. The effective performance and efficient storage criteria were satisfied by the non-relational databases. The attackers, as usual found their way into the NoSQL databases that were considered to be secure. The injection attacks, one of the top-listed attack type of the relational databases poses threat to the non-relational databases as well. MongoDB is one of the prominent NoSQL databases to which the application development trends are shifting. In this paper, we present the different injection attacks on the leading NoSQL database and an automata based detection and prevention technique for this attack. We also evaluate the effectiveness on different subjects with a number of legitimate as well as illegitimate inputs. Our results show that our approach was able to detect all the attacks.