Patent · US Active

Anomaly-based detection of SQL injection attacks

US8225402B1 · kind B1 · utility

41Cited by

1References

19Claims

0Family size

Inventors

Amir Averbuch · Tel Aviv-Yafo, IL
Aviram Shmueli · Ramat HaSharon, IL
Gil David · Jerusalem, IL

Key dates

Filing date	Apr 8, 2009
Grant date	Jul 17, 2012
Priority date	—
Expiry date	Nov 29, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/554
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method for detecting a SQL injection attack comprises a training phase and a detection phase. In the training phase, a plurality of SQL queries is transformed into a respective plurality of SQL token domain queries which are processed using a n-gram analysis to provide a threshold and an averaging vector. In the detection phase, each newly arrived SQL query is transformed into a new SQL token domain query, and the n-gram analysis is applied together with the averaging vector and the threshold to each new SQL token domain query to determine if the new SQL query is normal or abnormal. The detection may be online or offline.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.