0

There are some web based IDSs which improve the security of web application against SQLIA attacks. One of them is PHP-IDS. I did some changes in the working algorithem of this IDS and now I want to test the performance of both my model & PHP-IDS and show the differences on chart.Therefore, I need an attack dataset which I can give as input into these apps. I don't want to use applications, like those exists inside backtrack. I need some text which are clean or might be infected with SQLIA. Then I can use the same dataset for both IDSs to compare their performance output.

Please note that I am trying to improve the CPU usage & RAM usage... Do you know any existing dataset for testing and bench marking IDSs for SQL Injection attack?

Qantas 94 Heavy
  • 15,750
  • 31
  • 68
  • 83
Amir Sa
  • 253
  • 1
  • 4
  • 10

1 Answers1

1

To tell you truth, it is not whatever IDS that protect you from attacks but properly formatted queries.
So, instead of burdening your RAM and CPU making them run pointless software, better focus on programming and using proper SQL formatting.

Community
  • 1
  • 1
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Thank you for your replay. My major is info-sec. For doing my thesis I am trying to improve the performance of web based IDSs. – Amir Sa Nov 21 '13 at 16:35
  • 1. For testing performance, you don't need no real dataset. Just dummy data is enough. 2. Being info-sec you are supposed to write such lists yourself. 3. Being infosec, you should know that no black-list approach can be considered reliable. – Your Common Sense Nov 21 '13 at 16:55
  • 1&2.hmm the last choice is that i enter my own data... First I was looking for some premade standard datasets. 3. I did research on anomaly and signature based, each one got its own pros and cons. I studied my master by course therefore the focus is not on final project and the contribution should be small. Then I took this one to improve the performance of existing IDSs. Thanks anyway. – Amir Sa Nov 21 '13 at 17:01
  • @AmirSa There is no such thing as a standard SQL injection dataset. I mean, what norm should it follow? But there are several automated SQL injection exploitation tools that you could use. However, there are no malicious input patterns per se; it depends on how you process the input data. And most DB engines allow several syntactical ‘distractions’, such as comments between, or even in-between tokens. So better make sure to incorporate the input data properly into the SQL statement instead. – Gumbo Nov 23 '13 at 08:11