@article{(Open Science Index):https://publications.waset.org/pdf/9999380,
	  title     = {The Journey of a Malicious HTTP Request},
	  author    = {M. Mansouri and  P. Jaklitsch and  E. Teiniker},
	  country	= {},
	  institution	= {},
	  abstract     = {SQL injection on web applications is a very popular
kind of attack. There are mechanisms such as intrusion detection
systems in order to detect this attack. These strategies often rely on
techniques implemented at high layers of the application but do not
consider the low level of system calls. The problem of only
considering the high level perspective is that an attacker can
circumvent the detection tools using certain techniques such as URL
encoding. One technique currently used for detecting low-level
attacks on privileged processes is the tracing of system calls. System
calls act as a single gate to the Operating System (OS) kernel; they
allow catching the critical data at an appropriate level of detail. Our
basic assumption is that any type of application, be it a system
service, utility program or Web application, “speaks” the language of
system calls when having a conversation with the OS kernel. At this
level we can see the actual attack while it is happening. We conduct
an experiment in order to demonstrate the suitability of system call
analysis for detecting SQL injection. We are able to detect the attack.
Therefore we conclude that system calls are not only powerful in
detecting low-level attacks but that they also enable us to detect highlevel
attacks such as SQL injection.
},
	    journal   = {International Journal of Bioengineering and Life Sciences},
	  volume    = {8},
	  number    = {9},
	  year      = {2014},
	  pages     = {1602 - 1608},
	  ee        = {https://publications.waset.org/pdf/9999380},
	  url   	= {https://publications.waset.org/vol/93},
	  bibsource = {https://publications.waset.org/},
	  issn  	= {eISSN: 1307-6892},
	  publisher = {World Academy of Science, Engineering and Technology},
	  index 	= {Open Science Index 93, 2014},
	}