Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Detecting SQL Injection Attacks in VoIP using Real-time Deep Packet Inspection: Can a Deep Packet Inspection Firewall Detect SQL Injection Attacks on SIP Traffic with Reasonable Performance?
Linköping University, Department of Computer and Information Science.
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The use of the Internet has increased over the years, and it is now an integral part of our daily activities, as we often use it for everything from interacting on social media to watching videos online. Phone calls nowadays tend to use Voice over IP (VoIP), rather than the traditional phone networks. As with any other services using the Internet, these calls are vulnerable to attacks. This thesis focus on one particular attack: SQL injection in the Session Initial Protocol (SIP), where SIP is a popular protocol used within VoIP. To find different types of SQL injection, two classifiers are implemented to either classify SIP packets as "valid data" or "SQL injection". The first classifier uses regex to find SQL meta-characters in headers of interest. The second classifier uses naive Bayes with a training data set to classify. These two classifiers are then compared in terms of classification throughput, speed, and accuracy. To evaluate the performance impact of packet sizes and to better understand the classifiers resiliance against an attacker introducing large packets, a test with increasing packet sizes is also presented. The regex classifier is then implemented in a Deep Package Inspection (DPI) open-source implementation, nDPI, before being evaluated with regards to both throughput and accuracy. The result are in favor of the regex classifier as it had better accuracy and higher classification throughput. Yet, the naive Bayes classifier works better for new types of SQL injection that we do not know. It therefore argues that the best choice depends on the scenario; both classifiers have their strengths and weakness!

Place, publisher, year, edition, pages
2019. , p. 50
Keywords [en]
DPI SQL
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-161072ISRN: LIU-IDA/LITH-EX-A--19/060—SEOAI: oai:DiVA.org:liu-161072DiVA, id: diva2:1362470
External cooperation
Sectra Communications AB
Subject / course
Information Technology
Presentation
2019-06-12, Muhammad al-Khwarizmi, Linköping, 10:30 (English)
Supervisors
Examiners
Available from: 2019-10-25 Created: 2019-10-20 Last updated: 2019-10-25Bibliographically approved

Open Access in DiVA

master_thesis_linussjo(677 kB)26 downloads
File information
File name FULLTEXT01.pdfFile size 677 kBChecksum SHA-512
318eff8f8ec66e9a0a5dee7d7e0ac1aa7dadcef8ea678fb77733df5e1e2fd6113ae9352b00422d4f792a7e0714698ebdc4e7c669446241578030edbc01915be8
Type fulltextMimetype application/pdf

By organisation
Department of Computer and Information Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 26 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 270 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf