A Novel Approach for Detecting SQL Injection Attacks Using Snort

Web applications are emerging as a new platform for representing data and services offered by all kinds of business models and organisations and are therefore more vulnerable to security threats. Most of the organisations rely largely on intrusion detection systems to identify threats to their data. SQL injection is one of the most prevalent and widely used web attack but the ability of intrusion detection systems in detecting it is limited. For different variants of SQL injection attacks, new signatures need to be identified and incorporated in signature-based intrusion detection systems for effective detection. In this paper, five new rules are proposed for signature-based intrusion detection system, Snort including signatures that cover a wider range of SQL injection attacks. The rules also consider the issue of hexadecimal values, white spaces and comment introduced by the attacker in the SQL injection attacks. The proposed rules are tested on self-made dataset of SQL injected websites and normal websites. The proposed rules show a very good recall rate thereby depicting the good performance of the proposed approach in detecting SQL injection attacks.