logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Or Katz
2021-09-24

tldr - powered by Generative AI

Using data mining techniques to refine and optimize web attack detection, specifically for SQL injection attacks, by analyzing CDN logs and breaking payloads into keywords to gain new insights.
  • SQL injection attacks have been around for over 20 years and some defensive capabilities have stayed obsolete and manual
  • CDN logs classified as SQL injection attacks can be used to refine and optimize security rules
  • Data mining techniques, specifically elements taken from Natural Language Processing, can be used to analyze SQL injection payloads, clean and curate them, break them into keywords, and find the best relation between them to gain new insights
  • The process includes five steps: collecting and cleaning the data, choosing keywords, creating a matrix, creating relationships between keywords, and clustering keywords to gain insights
  • An anecdote is shared about encountering a registration website that did not allow certain characters in the first and last name fields, potentially as a protective detection mechanism against web application attacks