IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v15y2023i5p170-d1136782.html
   My bibliography  Save this article

Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks

Author

Listed:
  • Fahad M. Alotaibi

    (Department of Computing, Imperial College London, London SW7 2BX, UK
    College of Science and Arts Sharoura, Najran University, Najran 66446, Saudi Arabia)

  • Vassilios G. Vassilakis

    (Department of Computer Science, University of York, York YO10 5GH, UK)

Abstract

Web attacks pose a significant threat to enterprises, as attackers often target web applications first. Various solutions have been proposed to mitigate and reduce the severity of these threats, such as web application firewalls (WAFs). On the other hand, software-defined networking (SDN) technology has significantly improved network management and operation by providing centralized control for network administrators. In this work, we investigated the possibility of using SDN to implement a firewall capable of detecting and blocking web attacks. As a proof of concept, we designed and implemented a WAF to detect a known web attack, specifically SQL injection. Our design utilized two detection methods: signatures and regular expressions. The experimental results demonstrate that the SDN controller can successfully function as a WAF and detect SQL injection attacks. Furthermore, we implemented and compared ModSecurity, a traditional WAF, with our proposed SDN-based WAF. The results reveal that our system is more efficient in terms of TCP ACK latency, while ModSecurity exhibits a slightly lower overhead on the controller.

Suggested Citation

  • Fahad M. Alotaibi & Vassilios G. Vassilakis, 2023. "Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks," Future Internet, MDPI, vol. 15(5), pages 1-15, April.
    • Handle: RePEc:gam:jftint:v:15:y:2023:i:5:p:170-:d:1136782
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/15/5/170/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/15/5/170/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:15:y:2023:i:5:p:170-:d:1136782. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.