2014 : SQL injection detection and prevention system with raspberry Pi honeypot cluster for trapping attacker

Prof.Ir. Supeno Djanali M.Sc Ph.D
Ir. F.X. Arunanto M.Sc.
Hudan Studiawan S.Kom., M.Kom.
Baskoro Adi Pratomo S.Kom, M.Kom


Abstract

One of the most common security attack for web application is SQL injection. It is an attack to acquire access to application's database through injection of script or malicious query attributes. This attack can be executed in any page of web application which interacts with database. SQL injection could be more dangerous if the victim was an enterprise system such as online banking. Many methods have been researched and developed to prevent SQL injection attacks. One of them is the use of a honeypot. This paper proposed a method for increasing system's capability to detect and prevent SQL injection attacks based on removal of SQL query attribute values and honeypot for trapping attackers. A honeypot is placed as decoy system to hide actual web server from attacker. Malicious queries from attackers will be sent to honeypot while normal queries will be sent directly to the real web server. Honeypot is also …