Researches On Web Application Database Firewall Based On Anomaly Detection

The use of web applications has become increasingly popular in our routine activities, such as reading the news, paying bills, and shopping on-line. As the availability of these services grows, we are witnessing an increase in the number and sophistication of attacks that target them:the theft of personal information and bank funds and other high-tech crime cases can be heard here and there. All the above is the reflection of the information disclosure of the web application back-end database. The security of web application largely depends on the security of back-end database. Existing database security mechanisms can't meet the needs of the protection of back-end database information.By analyzing relative technologies of firewall and the protection of database, this thesis points out the ciritcal problems faced in designing and implementing these systems and draws lessons from their experience in solving these problems,and then we present here a database firewall(DB-FW in short) to prevent from attacks against MySQL back-end database of web applications. It works as a database connection proxy, which means that the web applications connect to the DB-FW rather than the original MySQL server directly.The firewall listens SQL query requests from the client as well as analyzes them, and then if they are safe, the firewall will call the original MySQL server to execute the queries, else will block the queries and return an empty result to the client. It can be configured to work under different ways. Here we use a special method to analyze the SQL queries, not only analyzes the structure of the queries but also the user inputs with some models, all of which allow for the detection of known and unknown attacks with low false positives and false negatives.Compared with similar systems, our system is a much more feasible approach to protect the back-end database of web applications. Evaluation demonstrates that both the false negative and false positive of our system are relatively low, while incurring much less overhead.