A Hybrid Technique for SQL Injection Attacks Detection and Prevention

Abstract

SQL injection is a type of attacks used to gain, manipulate, or delete information in any data-driven system whether this system is online or offline and whether this system is a web or non-web-based. It is distinguished by the multiplicity of its performing methods, so defense techniques could not detect or prevent such attacks. The main objective of this paper is to create a reliable and accurate hybrid technique that secure systems from being exploited by SQL injection attacks. This hybrid technique combines static and runtime SQL queries analysis to create a defense strategy that can detect and prevent various types of SQL injection attacks. To evaluate this suggested technique, a large set of SQL queries have been executed through a simulation that had been developed. The results indicate that the suggested technique is reliable and more effective in capturing more SQL injection types compared to other SQL injection detection methods.