A Practical Approach for SQL Injection Prevention Attacks Using IPS

Abstract: This paper has been proposed the IPS technique to prevent the intruder‟s attack. Database is the key component for store the information in organizations. Database information is the crucial part as it needs more security because this contains the password, user information, even it can be in encrypted form but intruder can alter the information or delete it. This paper has been considered the scenario of company where the multiple users can perform different operations and there is need to traverse the operations of the user. The IPS technique has been proposed to prevent the intruder‟s attack. The Query weight concept has been used and greater weight queries will be executed only when the user is provided by the OTP and the malicious transactions should not be executed. The malicious transaction is that transaction which the user is not authorized to perform. The history of transactions with user id is also tracked for advance analysis but it would require more memory. The SQL Injection attack has been prevented and there will be no loss of information. The proposed approach has been implemented in ASP.net using backend SQL Server 2008.

Keywords: Intruder, IPS, SQL-Injection, Database, Security.