A Hot Query Bank approach to improve detection performance against SQL injection attacks

SQL injection attacks (SQLIAs) exploit web sites by altering backend SQL statements through manipulating application input. With the growing popularity of web applications, such attacks have become a serious security threat to users and systems as well. Existing dynamic SQLIA detectors provide high detection accuracy yet may have ignored another focus: efficiency. Our research has found that inside most systems exist many hot queries that current SQLIA detectors have repeatedly verified. Such repetition causes unnecessary waste of system resources. The research has completed Hot Query Bank (HQB), a pilot design that can cooperate with the existing SQLIA detectors in web applications and enhance overall system performance. HQB simply records hot queries and skip the detector's verification process on their next appearances. Algorithms for the design have been proposed. A series of simulated experiments has been conducted to observe the performance improved from the design with three respective detectors, SQLGuard, SQLrand, and PHPCheck. The results have illustrated that utilization of HQB can indeed improve system performance by 45% of execution time, regardless of different detectors being tested. With such improvement and robustness, the result promises to provide an add-on feature for SQLIA detectors in protecting web applications more efficiently. Future works include further validation of the design in a real web application environment, development of a standard interface to collaborate with web applications and detectors, etc.