SQL injection detection and prevention system with raspberry Pi honeypot cluster for trapping attacker

Abstract

One of the most common security attack for web application is SQL injection. It is an attack to acquire access to application's database through injection of script or malicious query attributes. This attack can be executed in any page of web application which interacts with database. SQL injection could be more dangerous if the victim was an enterprise system such as online banking. Many methods have been researched and developed to prevent SQL injection attacks. One of them is the use of a honeypot. This paper proposed a method for increasing system's capability to detect and prevent SQL injection attacks based on removal of SQL query attribute values and honeypot for trapping attackers. A honeypot is placed as decoy system to hide actual web server from attacker. Malicious queries from attackers will be sent to honeypot while normal queries will be sent directly to the real web server. Honeypot is also used to provide activity logging of each attack which can be used for further analysis. We play with Raspberry Pi because it is cheap and effective to be used as a honeypot. Due to its limited computational ability, we make cluster to improve its power. Based on conducted experiments, we could achieve up to 64% accuracy of SQL injection attack. Moreover, with the redirection, our honeypot could get more attack data to be analyzed.