A two-tiered defence of techniques to prevent SQL injection attacks

Abstract

SQL injection attacks (SQLIA) is one of the topmost threats affects business operations at present. Aho-Corasick (AC) multi-pattern matching algorithm combined with static analysis and dynamic tectonic attack mode to detect and prevent SQL injection attacks effectively. However, for the database, we can also detect and prevent SQL injection with the concept of access to database users and roles. In this paper, we analyze the existing methods of detecting and preventing SQL injection. Besides we extend the traditional AC multi-pattern matching algorithm and propose a two-tiered defence of techniques-the first tier is the fine-grained role-based access control (RBAC) model and the second tier is an extended AC multi-pattern matching algorithm, which improve the detection efficiency and reduce the SQL statement detection time.