• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.17-25
• /
• 2012

SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.

• Journal of the Korea Convergence Society
• /
• v.10 no.10
• /
• pp.21-26
• /
• 2019

At present, it is indispensable to utilize data as an information society. Therefore, the database is used to manage large amounts of data. In real life, most of the data in a database is the personal information of a group of members. Because personal information is sensitive data, the role of the database administrator who manages personal information is important. However, there is a growing number of attacks on databases to use this personal information in a malicious way. SQL Injection is one of the most known and old hacking techniques. SQL Injection attacks are known as an easy technique, but countermeasures are easy, but a lot of efforts are made to avoid SQL attacks on web pages that require a lot of logins, but some sites are still vulnerable to SQL attacks. Therefore, this study suggests effective defense measures through analysis of SQL hacking technology cases and contributes to preventing web hacking and providing a secure information communication environment.

• Journal of Information Processing Systems
• /
• v.13 no.4
• /
• pp.689-702
• /
• 2017

The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities 2013. The ease of exploitability and severe impact puts this attack at the top. As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. The vulnerable data is a source of worry for government and financial institutions. In this paper, a detailed survey of different types of SQL Injection and proposed methods and theories are presented, along with various tools and their efficiency in intercepting and preventing SQL attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.1-9
• /
• 2020

In this paper, we propose a method of in-depth analysis of internal operation process by recording library calls and related information that occur in the operation process of NoSQL database. It observes and records the specified library calls, compares the internal behavior differences between the NoSQL databases through recorded library call information, and evaluates the characteristics and scalability of each database by observing changes in the number of input data. The development of computing performance and the activation of big data have led to the emergence of different types of NoSQL databases for recording and analyzing various and large amounts of data, and it is necessary to evaluate the scalability of each database in order to select a database suitable for each environment. However, it is difficult to analyze or predict how a database operates in traditional ways, such as benchmarking, observing external behavior through performance models, or analyzing structural features based on design. Therefore, it is necessary to utilize the techniques proposed in this paper to understand the scalability of NoSQL databases with high accuracy.

• Journal of KIISE
• /
• v.44 no.1
• /
• pp.1-12
• /
• 2017

The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server's end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker's SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system's source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.805-808
• /
• 2014

The DBMS is a database management software system to access by people. It is an open source DBMS, such as MySQL and commercial services, such as ORACLE. Since MySQL has been acquired by Oracle, MariaDB released increase demand. NoSQL also are increasing, the trend is of interest, depending on the circumstances. Based on the same type of mass data, Depending on the performance comparison between the open source DBMS is required, and The study compared the performance between MariaDB and MongoDB. This paper proposes a DBMS for big data to process.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.3
• /
• pp.105-112
• /
• 2019

In this paper, we propose a technique to analyze similarity between SQL queries and to assist integrating similar tables. First, the table information was extracted from the SQL queries through the query structure analyzer, and the similarity between the tables was measured using the Jacquard index technique. Then, similar table clusters are generated through hierarchical cluster analysis method and the co-occurence probability of the table used in the query is calculated. The possibility of integrating similar tables is classified by using the possibility of co-occurence of similarity table and table, and classifying them into an integrable cluster, a cluster requiring expert review, and a cluster with low integration possibility. This technique analyzes the SQL query in practice and analyse the possibility of table integration independent of the existing business, so that the existing schema can be effectively reconstructed without interruption of work or additional cost.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.265-268
• /
• 2010

Current Traceback is difficult due to the development of bypass technique Proxy and IP-driven to trace the real IP Source IP is the IP traceback after the actual verification is difficult. In this paper, an intelligent about SQL Query field, column, table elements such as analysis of the value and the matching key values and Data used here to analyze source user hit point values for the user to trace the Application Layer IP for the analysis of forensic evidence guided by In this study, including forensic DB security will contribute to the development of electronic trading.

• The Journal of Korean Association of Computer Education
• /
• v.10 no.3
• /
• pp.67-73
• /
• 2007

In this paper, we review essential constituents of a dialogue interface system and propose practical methods to implement the each constituent. The implemented system consists of a discourse manager, an intention analyzer, a named entity recognizer, a SQL query generator, and a response generator. In the progress of implementation, the intention analyzer uses a maximum entropy model based on statistics because the domain dependency of the intention analyzer is comparatively low. The others use a simple pattern matching method because they needs high domain portability. In the experiments in a schedule arrangement domain, the implemented system showed the precision of 88.1% in intention analysis and the success rate of 83,4% in SQL query generation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.5
• /
• pp.117-126
• /
• 2016

Recently, increasing utilization of Big Data or Social Network Service involves the increases in demand for NoSQL Database that overcomes the limitations of existing relational database. A forensic examination of Relational Database has steadily researched in terms of Digital Forensics. In contrast, the forensic examination of NoSQL Database is rarely studied. In this paper, We introduce Redis (which is) based on Key-Value Store NoSQL Database, and research the collection and analysis of forensic artifacts then propose recovery method of deleted data. Also we developed a recovery tool, it will be verified our recovery algorithm.