



























































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This thesis explores SQL injection attacks, their impact, and methods to detect them. SQL injection is a growing problem, with attacks becoming more sophisticated. the aim of the project, SQL injection basics, and recent examples. It also provides code snippets and explains how to create databases and store user information. The thesis concludes by proposing an intrusion detection system.
Typology: Thesis
1 / 67
This page cannot be seen from the preview
Don't miss anything!




























































IMPLEMENTATION OF INUSION DETECTION SYSTEM USING JAVA
Dr. Kashif
Dr. Imran Malik
IMPLEMENTATION OF INUSION DETECTION SYSTEM USING JAVA
Abstract ............................................................ Error! Bookmark not defined. Chapter no 1. INTRODUCTION ....................... Error! Bookmark not defined. Introduction ...................................................... Error! Bookmark not defined. 1.1 Intrusion Detection System……………………………..................……….. 1.2 Using web application Hotel Management……………………………….... 1.3 Context: ...................................................... Error! Bookmark not defined. 1.3.1 Aim: ...................................................... Error! Bookmark not defined. 1.3.2Background: .......................................... Error! Bookmark not defined. 1.4 Thesis layout: ............................................. Error! Bookmark not defined. Chapter no 2 Background ............................... Error! Bookmark not defined. 2.1 Introduction ............................................... Error! Bookmark not defined. 2.2 TCP\IP:....................................................... Error! Bookmark not defined. 2.3 HTPP Protocol:........................................... Error! Bookmark not defined. 2.4 Database: ................................................... Error! Bookmark not defined. 2.5 Structured query language(SQL) ............ Error! Bookmark not defined. 2.6: Database administration: ........................... Error! Bookmark not defined. 2.7:winpcap ...................................................... Error! Bookmark not defined. 2.8: conclusions ............................................... Error! Bookmark not defined. Chapter no. 3 Design..................................................................................... 25 3.1 Introduction .............................................................................................. 25 3.2 Outline of SQL injection ........................................................................... 25 3.3 Recent Examples of SQL Injection attacks .............................................. 26 3.4 Web Application Processing .................................................................... 26 3.5 SQL Injection Types ................................................................................. 28 3.5.1 SQL Manipulation .................................................................................. 28 3.5.2 Code Injection ........................................................................................ 29 3.5.3 Function Call Injection ............................................................................ 29 3.5.4 Buffer overflow ....................................................................................... 30
The goal of an intrusion detection system is to provide an indication of a potential or real attack. An attack or intrusion is a transient event, whereas a vulnerability represents an exposure, which carries the potential for an attack or intrusion. The difference between an attack and a vulnerability, then, is that an attack exists at a particular time, while a vulnerability exists independently of the time of observation. Another way to think of this is that an attack is an attempt to exploit a vulnerability (or, in some cases, a perceived vulnerability). This leads us to categorize various types of intrusion detection systems. Figure 1 demonstrates the difference between vulnerability scanners and intrusion detection systems. Vulnerability scanning is less time critical than intrusion detection. Subsequently, the deployment of each technology can vary inside organizations. Figure 2 maps IDS types onto the technology landscape of Figure 1. There are five different categories of IDS covered in this guide. Not all of these categories represent “classical intrusion detection” but they play a role in the overall goal of detecting or preventing intrusions on a corporate network. The categories are:
Figure 1. As shown here, IDS products can be categorized as either preventive or responsive. They can also be categorized according to their emphasis on either system or network scanning. The IDS tools covered in this guide fall into two technology categories: intrusion detection systems and vulnerability scanners. We can further decompose these two categories into host and network-based systems. As shown in Figure 2, vulnerability scanners can be run at any time because we assume that a vulnerability exists until repaired. An intrusion, on the other hand, exploits a specific vulnerability and must be detected as soon as possible after it starts. For this reason, intrusion detection tools must run more frequently than vulnerability scanners. This is why most IDS vendors attempt to make their intrusion detection tools work in real-time.
intrusion detection system. A statistical analysis system builds statistical models of the environment, such as the average length of a telnet session, then looks for deviations from “normal”. After over 10 years of government research, some products are just beginning to incorporate this technology into marketable products. The adaptive systems start with generalized rules for the environment, then learn, or adapt to, local conditions that would otherwise be unusual. After the initial learning period, the system understands how people interact with the environment, and then warn operators about unusual activities. There is a considerable amount of active research in this area. You should keep in mind that any IDS will both miss some kinds of suspicious activity (false negatives) and signal alarms when there is nothing wrong (false positives). This is why organizations must have a strong human process that interacts with the IDS to evaluate the operating environment. The machine intelligence of most intrusion detection systems is still evolving, though current research is working to improve this. Remember, when reading these sections, that the discussion deals with generalizations. Each specific product has strengths and weaknesses, and some tools use multiple technologies to accomplish their goals. For example, a system may use both signature and statistical logic.
The network IDS usually has two logical components: the sensor and the management station. The sensor sits on a network segment, monitoring it for suspicious traffic. The management station receives alarms from the sensor(s) and displays them to an operator. The sensors are usually dedicated systems that exist only to monitor the network. They have an network interface in promiscuous mode, which means they receive all network traffic, not just that destined for their IP address, and they capture passing network traffic for analysis. If they detect something that looks unusual, they pass it back to the analysis station. The analysis station can display the alarms or do additional analysis. Some displays are simply an interface to a network management tool, like HP Openview, but some are custom GUIs designed to help the operator analyze the problem.
Figure 3. This diagram shows placement of a traditional network based IDS with two sensors on separate network segments that communicate with a monitoring station on the internal network.
The host-based IDS looks for signs of intrusion on the local host system. These frequently use the host system’s audit and logging mechanism as a source of information for analysis. They look for unusual activity that is confined to the local host such as logins, improper file access, unapproved privilege escalation, or alterations on system privileges. This IDS architecture generally uses rule-based engines for analyzing activity; an example of such a rule might be, “superuser privilege can only be attained through the su command.” Therefore successive login attempts to the root account might be considered an attack.
Multi-room and uneven occupancy level reservations In section 4.3 we introduced the requirement for a travel website to handle different styles of multi-room reservation. They include:
Many organizations invest large amounts of money to secure the data of their consumers. If the organization loses its customers data like a credit card number or the identity details, it is likely the organization to lose its customers, such as with TkMaxx (IT ProA, 2008). Thus, it is important for organizations to take care about the data of the customers and to maintain the company profile properly. Normally organizations store their customers and employees profile in databases it is important for the organization to protect the database from all the possible attacks. With an SQL injection, attack the intruder can construct a malicious URL, which contains SQL keywords to attack the database. This is typically caused when the middleware has not properly checked the incoming URL. SQL injection is thus one a type of attack that the administrator cannot identify easily, until the administrator receives mail from the consumers saying that their credit card details are in nonlegitimate hands because of the poor database structure of the organization. This is a growing problem, as in the first six months of 2008 IT Pro highlighted a massive increase in SQL injection attacks. They highlight that Microsoft was responsible for a large-scale attack on 500,000 web servers which involved an SQL injection attack. Other attacks in 2008 have included the NHS and the UN. Tools such as RealPlayer have also been used as an agent of these attacks. A highlight figure is that one page is compromised every five seconds on the Internet (IT ProB, 2008).
Autoweb.co.uk a U.K based advertising and marketing website is attacked by SQL injection in May 2008. The attack has done by injecting a 30 characters to overwrite the comments, by that the attacker able to gain access over the Microsoft SQL database. (Network World, 2008). Databases stores important information related to the organization like consumer credit card numbers, usernames and passwords of the employees and consumers, and it is important for the company to protect the database. If the database is attacked all the information in the database can be lost and this results a big loss to the organization and its customers also. It is thus important to protect the data that is stored in the databases in the coming sections we evaluate how the databases work and how an intruder can attack these databases and the type of the attacks that a hacker can do on the databases, by evaluating these strategies this thesis thus produces a solution to reduce these attacks on the databases. “Whatever can go wrong Will Go wrong and at the worst possible time in the Worst possible way.” (Murphy’s Law)
The aim of this project is to detect SQL injection attacks that an intruder is trying to do on the database when the code is running as a part of application executing. It includes a number of objectives: Review the database structure. Review the types of attacks that can be done on the databases. Review how the SQL injection attacks can be done practically. Develop an application that can detect the SQL injection attacks. Perform an evaluation of the application. Propose future developments that can be implemented in the application.
The Internet became an integral part of human life and many enterprises dependent on it in different ways like storing employee profiles, accessing the files on remote servers and maintaining user information, and so on. The Internet is also an inexpensive solution for the enterprises to maintain a wide area network, and individual use the Internet for many other uses like shopping, meeting friends, reading news, and so on. Due to the rapid developments in Internet transfer speeds and the flexibility depending on the web applications is improved a lot. Because of the extensive use of internet in day-to-day life it became easier for hackers to attack on personal computers and to theft identity information like credit cards and personnel files.