The Cyber Attack: DoS and SQL Injection Attack
Name of the Student
Name of the University
Table of Contents
1. Introduction: 2
2. Approaches: 3
2.1 Denial-Of-Service Attack: 3
2.1.1 Multivariate Correlation Analysis: 3
2.1.2 Fuzzy Logic based Defense Mechanism: 6
2.2 SQL Injection Attack: 9
2.2.1 Three Level Security Approach: 9
2.2.2 Conventional Approach: 11
3. Comparison of the Approaches: 14
3.1 Multivariate Correlation Analysis Vs. Fuzzy Logic based Defense Mechanism: 14
3.2 Three Level Security Approach Vs. Three Level Security Approach: 15
4. Conclusion: 15
Bibliography: 17
1. Introduction:
The cyber-attack can be referred to as the hacking processes that is being deliberately done by a hacker for getting unauthorized access to the system. Cyber attacks are done with the purpose of stealing the information from a system or disrupting the processes within a system (Verma et al. 2013). The cyber attacks are of many types such as information theft, denial of service attack, SQL injection, virus, Trojan, bottleneck and many more.
Denial-of-service attack, one of the severe cyber attacks, is a type of security event, which happens when a user gets interrupted in accessing the services of the system because that attacker has taken down the server of the system. Disavowal OF-SERVICE or DoS cyber attacks are one kind of threatening and forceful behavior conduct to internet servers. DoS attacks seriously degrade the accessibility of a victim that can be a host, a whole system or a switch (Zargar, Joshi and Tipper 2013). They force intensive calculation activities to the victim by misusing its framework weakness or flooding it with immense measure of useless packets. The victim can be forced out of administration from a couple of minutes to even a few days. This makes genuine harms the services running on the victim. Therefore, successful discovery of DoS attacks is basic to the assurance of online services (Tan et al. 2014). Take a shot at Work on DoS attack detection basically concentrates on the improvement of system based recognition components.
On the other hand, the SQL Injection Attacks are program injection method that are utlised for attacking the data driven software or applications. SQL injections are dangerous as it opens the flood gate for hackers to do what they seek. SQL injection abuses security vulnerabilities in the database (Rahman et al. 2017). Hackers use these escape loopholes for submitting malicious code. As per a study by OWSAP SQL injections was main third attack in 2010 yet in 2013 it is positioned at top in the rundown of vulnerabilities. To serve substantial amount of user enormous volume of information is put away in web applications database all around the globe. Security danger in web application is getting to be migraine for the designers (Nehra & Gulati, 2016).
Within the study, the description of the DoS and SQL Injection attack has been presented with detail and the process of mitigating the attacks has also been discussed.
2. Approaches:
This section will be divided into two sections. The first part is DoS and the second attack is SQL injection attack. Each of the subsections will be holding two approaches for mitigating the cyber-attack.
2.1 Denial-Of-Service Attack:
Multivariate correlation analysis and fuzzy logic based defense mechanism are two approaches that has been analysed in terms of defending against the denial-of-service attacks.
2.1.1 Multivariate Correlation Analysis:
Framework: In Step 1, fundamental characteristics are produced from access network traffic to the internal network where secured servers live in and are utilized to frame activity records for a very much characterized time interval. Checking and examining at the destination network diminish the overhead of distinguishing malicious activities by focusing just on applicable inbound traffic (Tan et al. 2014). This likewise enables our identifier for providing protection that is the best fit for the focused on internal network as legitimate traffic profiles utilized by the detectors are produced for fewer network services. The point by point process can be found in (Vasek, Thornton and Moore 2014).
Step 2 is Multivariate Correlation Analysis, within which the Triangle Area Map Generation unit is connected to separate the relationships between two unmistakable elements inside each activity record originating from the initial step or the traffic record standardized by the Include Normalization module in this step (Zargar, Joshi and Tipper 2013). The occurrence of network intrusions make changes these relationships so that the progressions can be utilized as pointers to recognize the intrusive exercises. All the extricated relationships, in particular triangle regions put away in Triangle Area Maps (TAMs), are then used to supplant the first fundamental elements or the standardized elements to speak to the activity records (Tan et al. 2014). This gives higher discriminative data to separate amongst true blue and ill-conceived movement records.
Figure 1: Proposed DoS Detection System Framework
(Source: Tan et al. 2014)
In Step 3, the anomaly-based identification component is embraced in Decision Making. It encourages the location of any DoS attacks without requiring any attack applicable information. This, in any case, is a work concentrated task and requires ability in the focused on detection algorithm. In particular, two stages are included in Decision Making (Wu et al. 2015). The Normal Profile Generation module is worked in the Training Phase to produce profiles for different sorts of real activity records and the created typical profiles are put away in a database. The Tested Profile Generation module is utilized as a part of the Test Phase to assemble profiles for individual observed traffic records. At that point, the tried profiles are given over to the Attack Detection module, which contrasts the individual tried profiles and the particular put away typical profiles (Tan et al. 2014). A threshold-based classifier is utilized in the Attack Detection module to recognize DoS attacks from true blue movement.
Sample-by-Sample Detection: The group based detection system kept up a higher probability in arranging a gathering of successive system network traffic specimen sample-by-sample detection mechanism. However, the evidence depended on a suspicion that the examples in a tested group were all from a similar distribution (Vasek, Thornton and Moore 2014). This restricts the utilizations of the group based identification to constrained situations, since attacks happen erratically as a rule and it is hard to get a gathering of consecutive specimens just from a similar conveyance. To remove this confinement, our framework in this paper examines movement tests individually. This offers benefits that are not found in the gathering based recognition instrument. Taken as an example, attacks can be distinguished in an incite way in examination with the gathering based location system. Meddlesome activity tests can be named separately (Tan et al. 2014). The probability of accurately ordering a specimen into its populace is higher than the one accomplished utilizing the gathering based discovery instrument in a general network scenario.
Problems in the Approach: Despite the fact that the identification framework accomplishes a direct general discovery execution in the above assessment, user need to investigate the reasons for corruption in recognizing the Land, Teardrop and Neptune attacks. Our examination demonstrates that the issues originated from the information utilized as a part of the assessment, where the fundamental elements in the non-standardized unique information are in various scales. Consequently, despite the fact that our triangle-region based MCA approach is promising in portrayal and plainly uncovers the examples of the different sorts of activity records, our identifier is yet inadequate in a portion of the attacks (Wu et al. 2015). Taken as an example, the Land, Neptune and Teardrop attacks whose patterns are exceptional in relation to the examples of the sensible traffic. However, the level of the disparity between these attacks and the particular ordinary profiles are near that between the legitimate traffic and the separate typical profiles. In addition to that, the progressions showing up in some other more critical components with significantly littler qualities can barely produce results in recognizing the DoS attack activity from the honest to goodness movement, in light of the fact that the elements with expansive qualities command the general uniqueness.
2.1.2 Fuzzy Logic based Defense Mechanism:
A large portion of the DoS attacks is combined in nature and turn out to be increasingly destructive in course of time. Any DoS guard framework means to distinguish the attack as ahead of schedule as could reasonably be expected and to relieve it as close as conceivable to the attack sources (Iyengar, Banerjee and Ganapathy 2014). In spite of the fact that it is required to lessen the attack close to the source, the exactness of identification and reaction instrument at that area cannot be verifiable. This section broadly consists of current component proposed in writing to guard the cloud condition from DoS attack (Geva, Herzberg and Gev 2014). If there should arise an occurrence of system level attack it is simpler to distinguish and relieve the attack when contrasted with application level attack. IP address ridiculing is a major inconvenience in cloud security foundation as it prompts false identification of attack source. Entrance/Egress separating system recognizes ridiculed IP address from the real one that stays inside the scope of the legitimate locations. Arrange Egress and Ingress Filtering introduced at the outskirt switches of the ISPs so that DoS attack from the ISP and towards ISP can be relieved. Extensive streams that require asset more than edge point of confinement are primarily responsible for DoS attack (Apiecionek, Czerniak and Zarzycki 2014). This sifting makes those streams confined to restricted assets. However, entrance/departure sifting may not recognize ridiculed IP address that assailants keep inside legitimate IP address extend.
Switch Interface Marking or RIM conspire that performs parcel stamping with switches interface identifier to identify attack source by IP follow back. Follow back system can follow the attack source up to its neighborhood regulatory system with lower calculation cost and higher precision. However, arrangement of follow back instrument needs the switches in that system that supports identifiers to follow back. Likewise, attackers can create and manufacture the follow back message to sidestep this guard technique (Verma, Hasbullah and Kumar 2013). Add up to operational expenses for actualizing follow back instruments should be considered. Jump tally separating technique is likewise a DoS discovery methodologies that can separate satirize parcels from honest to goodness clients' bundles. As the bundle goes through a course, each middle switch diminishes the TTL estimation of the parcel by one and henceforth TTL esteem verifiably shows the jump number amongst source and goal. Jump include of parcels ordinary activity is computed and put away in a table (Iyengar, Banerjee and Ganapathy 2014). During the attack period, the bounce check esteem is computed for every IP address and contrasted and comparing spared values. A high error between these two qualities makes the framework disposing of the bundles. If machines from legitimate clients' range and substantial bounce number are traded off by, the framework may wind up plainly insufficient for peculiarity recognition. In movement level estimation based resistance framework, a specific utmost of approaching activity is set and framework throttles the activity stream by disposing of bundles when clog comes to past as far as possible.
Existing safeguard systems are comprehensively separated in three sorts in view of the arrangement area of alleviation strategies, for example, source based approach, system or switch based approach and host based approach (Wu et al. 2015). In cloud condition, specialist organizations keep the information copied in a few server farms which are geologically conveyed all through the globe. This information excess changes to other server farm in the event that one server farms encounters a high volume DoS attack and along these lines to keep up the progression of the support of honest to goodness clients. This procedure is appropriate for vast scale server farms, yet for medium to little scale specialist cooperation, extent of information repetition might be constrained and a DoS attack causes considerable misfortune for them (Tan et al. 2014).
In most cases, fuzzy based intrusion detection systems practice the ill effects of constrained traits of information gathering expressly for a particular sort of attack (Geva, Herzberg and Gev 2014). From configuration perspective, the circulated and teaming up nature of system and cloud condition has made the assignment more troublesome. A portion of the detection systems reflect on just appropriated engineering and ready to identify the attacks locally. For local detection, each conveyed part could identify inconsistency locally for that hub just and mindful of the nearby wonder. However worldwide caution is not generally raised to guard substantial volume of attack towards the framework (Iyengar, Banerjee and Ganapathy 2014). So the decision of discovery parameters ought to be hybrid and anomaly based in distributed architecture design.
Problems in the Approach: The issues with the approach are as following.
i. Not community oriented, anticipation plan and reenactment are not determined
ii. Directing convention is not determined, reproduction result is not given
iii. Limited to blackhole attack as it were
iv. Particular for false course ask for attack
v. Just malignant hub identification in collective way
vi. Not community oriented and reaction framework is not given
vii. Directing convention is not determined, aversion plan could be introduced
viii. Constrained to little level attack
2.2 SQL Injection Attack:
In terms of SQL Injection attack, also two approaches have been selected for preventing it. The first one is Three Level Security Approach and the second is conventional approach.
2.2.1 Three Level Security Approach:
Encryption Technique: Encryption is one of the best and compelling approach to upgrade and accomplish information security. It is a technique which utilizes a limited arrangement of directions such as a calculation to change over the plaintext to figure content or a scrambled shape (Mukhedkar et al. 2016). The calculation utilized requires an arrangement of characters to encrypt and decrypt the information which is known as a key. With the assistance of the key the encoded information can be changed over to its unique frame and the other way around.
Figure 2: General Procedure of Encryption and Decryption
(Source: Nehra and Gulati 2016)
To access an encoded document/content, user should have admittance to a private/mystery key or secret key that can give user rights to decode it. Once the information/record is encoded the best way to decode the same must be finished with the utilization of the mystery key. user require encryption which is a critical perspective in this three level security from SQLi attacks (Nehra and Gulati 2016). In most exceedingly terrible condition it is considered that information has been broken because of the defenselessness in SQL, so to prevent the misuse of credentials user utilize encryption calculation which scrambles the information. Regardless of the possibility that the assailant gets the certifications, it would be in encoded arrange and henceforth limiting the impact and the cost.
Layers: The Data Access Layer covers procedures that guide the Business Layer to connect the information and fulfill required activities, regardless of whether to return information or to parody information. Business Layer includes business rationale, validations or estimations related to the information. However a site could converse with the information get to layer straightly, it for the most part go through the other layer called the Business Layer. The Business Layer is fundamental as it validates the info conditions before canceling a strategy from the information layer. By this it affirms that the information is right before proceeding, and can likewise affirm that the yields are right too (Charania and Vyas 2016). This confirmation of info is named as business principles, implying the tenets that the Business Layer practices to make "choices" about the information. The Presentation Layer has pages like .aspx or Windows Forms where information is offered to the client or information is acknowledged from the client. The ASP.NET site or Windows Forms of the application is known as the Presentation Layer (Nehra and Gulati 2016). This Presentation Layer is the most critical layer since the one everybody sees and employments. Indeed, even an efficient business and information layer may give the clients a poor perspective of the framework, if the Presentation Layer is planned ineffectively.
2.2.2Conventional Approach:
Detection: Location strategy in view of code is the a standout amongst the most pivotal recognition technique. This approach by and large involves for creating test suit in light of codes for recognizing the SQLI vulnerabilities .But the suit does not discover defenseless program focuses unequivocally. SQLUnitGen is a model apparatus that utilizations static investigation instrument to produce the client contribution to database get to point and create unit test report reaching SQLIA designs for these focuses (Kumar and Indu 2014).
Creating show attacks is another valuable procedure. This sort of approach uses condition of craftsmanship typical execution procedures to naturally create test inputs that uncover SQLI weakness in Web program. The typical execution based methodologies utilize imperative solvers that can just deal with numeric operation. Since contributions of Web applications are string of course (Kar and Panigrahi 2013). If an imperative solver can fathom bunch string operations connected to information sources, engineers could utilize typical execution to both recognize the weakness of SQL proclamations that utilization inputs and create solid data sources that attack them.
Another critical system is helplessness in view of corrupt. SQLIA can be maintained a strategic distance from by utilizing static and dynamic system to keep corrupted information from influencing untainted information, for example, software engineer defined SQL inquiry structures. They do not consider input approval utilizing expectation and neglect to determine weakness designs. Gary Wassermann and Zedong Su utilized setting free syntax to show the impacts of information approval and disinfection schedules (Mukhedkar et al. 2016). Their methods checks whether SQL questions linguistically restrict the string values come back from those schedules and, assuming this is the case, naturally reasons that the schedules utilized are effectively executed.
Prevention: Designers have moved toward a scope of code based improvement practices to counter SQLIA. These systems are for the most part in view of legitimate information sifting, possibly unsafe character and thorough sort checking of sources of info. In view of the security reports (Gupta and Sharma 2016). The attacker take advantage of dynamic SQL by supplanting the first questions and make some parameterized inquiry in database. These attacks drive to engineer for first characterize the SQL code structure before incorporating parameters in inquiry. Since parameters are bound to the characterized SQL structure, from that point it is unrealistic to infuse extra SQL code. In the event that dynamic questions cannot be abstained from, getting away from all client provided parameters is the best alternative. At that point, the engineer ought to distinguish the all info sources to characterize the parameter that need getting away, take after database-particular getting away methodology, and utilize standard characterizing libraries rather than the custom getting away strategies. In the wake of taking after the means for the parameterized question and getting away from the designer should appropriately approve the info information sort (Kumar and Indu 2014). The engineer must characterize the information sort is string or numeric or whatever other sort and info information given by client is off base then it could without much of a stretch reject. A portion of the exceptional character, which is regularly utilized amid injection .so the designer, ought to describe such unique character as the boycott sifting. The separating methodology is appropriate for the very much organized information. For example, email address, dates, and so on and engineer ought to keep a rundown of true blue information designs and acknowledge just coordinating info information.
In the SQL DOM utilizes the exemplification of database inquiries to give a protected approach to keep away from the SQLIA issue by changing the question building process from one that utilizations string link to an orderly one that uses a type checked API (Nehra and Gulati 2016). In the process an arrangement of classes that empowers mechanized information approval and getting away. Engineers give their own particular database pattern and develop SQL proclamation utilizing its API's. It is particularly valuable when the designer should utilize the dynamic SQL set up of the parameterized inquiries for getting adaptability. Runtime counteractive action might be more intricate than the cautious coding .Because a portion of the methodologies require code instrumentation to empower runtime checking. Be that as it may, it can keep from all SQLIA (Kumar and Indu 2014). The approach is proposed by Boyd and Keromytis in which randomized SQL question dialect is utilized, indicating a specific CGI in an application, where an intermediary server utilized as a part of between the SQL server and Web server. It sends SQL question with a randomized an incentive to the intermediary server, which is gotten by the customer and de-randomized and sends it to the server. This strategy has two principle points of interest is security and transportability. Be that as it may, if the arbitrary esteem is anticipated then it is not valuable (Nehra and Gulati 2016).
3. Comparison of the Approaches:
3.1 Multivariate Correlation Analysis Vs. Fuzzy Logic based Defense Mechanism:
The entire recognition handle comprises of three noteworthy strides as appeared in Fig. 1. The specimen by-test recognition system is included in the entire identification stage and is point by point in Section. The event of system interruptions make changes these connections so that the progressions can be utilized as markers to recognize the meddlesome exercises. All the extricated connections, in particular triangle zones put away in Triangle Area Maps (TAMs), are then used to supplant the first fundamental elements or the standardized elements to speak to the movement records. Besides, the work serious attack investigation and the continuous refresh of the attack signature database on account of abuse based recognition are maintained a strategic distance from. In the mean time, the system upgrades the heartiness of the proposed indicators and makes them harder to be avoided on the grounds that assailants need to produce attacks that match the ordinary movement profiles worked by a particular identification calculation.
On the other hand, in terms of fuzzy logic based defense mechanism, the system recognize the peculiarity, for example, Source IP address and port Destination IP address and port Packet sort Occurrence rate of bundle sort Number of parcels. Noteworthy dissimilarity of these parameters demonstrates the attack in system activity. This uniqueness can be measured by the idea of entropy as it portrays the haphazardness or instability of data. Shannon's hypothesis demonstrates that if a data source is having n free images each with a likelihood of decision Pi.
3.2 Three Level Security Approach Vs. Three Level Security Approach:
In terms of Three Level Security Approach, The method uses the encryption technique for preventing the injection attack. However it is known that the encryption is not a good approach against the massive cyber-attack. To gain access to an encrypted file/text, user must have access to a private/secret key or password that can give user rights to decrypt it. Once the data/file is encrypted the only way to decrypt the same can only be done with the use of the secret key. user require encryption which is an important aspect in this three level security from SQLi attacks. The use of the layers provide a better protection against the SQL attacks. On the other hand, the conventional approach uses the injection conventional detection technique and prevention mechanism.
4. Conclusion:
Within this study, four cyber attack prevention procedures have been presented. From the writing reviews of different research papers, it was found that the range of "SQLi Injection Attacks" is very encouraging and gives many research openings. The SQL Injection Vulnerabilities unquestionably prompts SQL Injection Attacks. Fixing SQLiV to full degree is impractical so user have accomplished a superior level in the wake of executing this secluded idea for keeping away from, location and counteractive action of SQLi attacks. Exhaustive investigation of the current components of securing the databases from SQLi Attacks was done and their upsides and downsides were altogether considered. After the greater part of the review and contemplations this system was worked upon. Execution was chosen as the base parameter. There are numerous different ways which would either recognize or counteract or do both yet the programmer's discovers the distance to break the security patches connected to it by tricking the device's. Consequently a complex astute approach to ensure the web applications are done utilizing this idea which manages both Security and Performance. This paper has introduced a MCA-based DoS attack identification framework which is controlled by the triangle-areabased MCA system and the inconsistency based discovery method. The previous system separates the geometrical connections covered up in individual sets of two particular components inside each system movement record, and offers more exact portrayal for system activity practices. The last method encourages our framework to have the capacity to recognize both known and obscure DoS attacks from authentic system activity.
Bibliography:
Apiecionek, L., Czerniak, J.M. and Zarzycki, H., 2014. Protection tool for distributed denial of services attack. In International Conference: Beyond Databases, Architectures and Structures (pp. 405-414). Springer International Publishing.
Charania, S. and Vyas, V., 2016. SQL Injection Attack: Detection and Prevention.
George, T.K., James, R. and Jacob, P., 2016. Proposed Hybrid model to detect and prevent SQL Injection. International Journal of Computer Science and Information Security, 14(6), p.441.
Geva, M., Herzberg, A. and Gev, Y., 2014. Bandwidth distributed denial of service: Attacks and defenses. IEEE Security & Privacy, 12(1), pp.54-61.
Gupta, N. and Sharma, L.S., 2016. A study on SQL Injection Attack and its Prevention Measures at Database Management Level. International Journal of Modern Computer Science (IJMCS), 4(3).
Iyengar, N.C.S., Banerjee, A. and Ganapathy, G., 2014. A fuzzy logic based defense mechanism against distributed denial of service attack in cloud computing environment. International Journal of Communication Networks and Information Security, 6(3), p.233.
Kar, D. and Panigrahi, S., 2013. Prevention of SQL Injection attack using query transformation and hashing. In Advance Computing Conference (IACC), 2013 IEEE 3rd International (pp. 1317-1323). IEEE.
Kim, M.Y. and Lee, D.H., 2014. Data-mining based SQL injection attack detection using internal query trees. expert systems with applications, 41(11), pp.5416-5430.
Kumar, M. and Indu, L., 2014. Detection and Prevention of SQL Injection attack. Int. J. Comput. Sci. Inf. Technol.(IJCSIT), 5, pp.374-377.
Latif, R., Abbas, H. and Assar, S., 2014. Distributed denial of service (DoS) attack in cloud-assisted wireless body area networks: a systematic literature review. Journal of medical systems, 38(11), p.128.
Mukhedkar, K., Singh, M.K., Udasi, S. and Rathod, S., 2016. A Review on Detection and Prevention of SQL Injection Attack. International Journal of Engineering Science, 3463.
Nehra, V. and Gulati, N., 2016. Database Security against SQL Injection Attacks Using Three Level Security Approach. International Journal of Engineering Science, 4650.
Rahman, T.F.A., Buja, A.G., Abd, K. and Ali, F.M., 2017. SQL Injection Attack Scanner Using Boyer-Moore String Matching Algorithm. JCP, 12(2), pp.183-189.
Tan, Z., Jamdagni, A., He, X., Nanda, P. and Liu, R.P., 2014. A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE transactions on parallel and distributed systems, 25(2), pp.447-456.
Vasek, M., Thornton, M. and Moore, T., 2014. Empirical analysis of denial-of-service attacks in the Bitcoin ecosystem. In International Conference on Financial Cryptography and Data Security (pp. 57-71). Springer Berlin Heidelberg.
Verma, K., Hasbullah, H. and Kumar, A., 2013. An efficient defense method against UDP spoofed flooding traffic of denial of service (DoS) attacks in VANET. In Advance Computing Conference (IACC), 2013 IEEE 3rd International (pp. 550-555). IEEE.
Wu, Y., Zhao, Z., Bao, F. and Deng, R.H., 2015. Software puzzle: A countermeasure to resource-inflated denial-of-service attacks. IEEE Transactions on Information Forensics and security, 10(1), pp.168-177.
Zargar, S.T., Joshi, J. and Tipper, D., 2013. A survey of defense mechanisms against distributed denial of service (DoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), pp.2046-2069.