We've Moved!
Visit SDSU’s new digital collections website at https://digitalcollections.sdsu.edu
Description
Injection attacks top the list of Open Web Application Security Project’s Top 10 Application Security Risks almost every year. SQL Injection is one such attack that presents the adversaries an opportunity to access Personally Identifiable Information (PII) and commit identity theft, putting breach victims at risk. Any data that could potentially be utilized to identify a particular person could be classified as PII. Passport number, social security number, bank account number, driver’s license number, and email address are all good examples of PII. Intrusion detection and prevention system is a system or software application that continuously monitors a network for possible malicious activity or policy violations. The alerts and logs generated are typically reviewed by the administrator or SIEM. A signature-based IDS relies on predefined signatures to detect an attack. The signatures used are usually released periodically by the company who owns the IDS software or by the admin herself. Writing these signatures manually or waiting on the releases of new rules can take up significant time, effort and knowledge. In this thesis, a system is developed that monitors traffic in real time, performs deep packet inspection on each incoming packet and looks for possible SQLI patterns to form rules in Snort (IDS) database. Once the system finds a possible SQLI pattern, it saves the attacker’s IP to a blacklist for the admin to review later. If the attacker continues to pass such attack patterns, the IP is blacklisted and the access to that specific user is blocked. Our proposed system, ScorPi increases the baseline intrusion detection performance by 4.7x, with only 23% of the resources required by the baseline, while performing in the order of a few milliseconds, suitable for real-time edge networks.
