• The Journal of the Convergence on Culture Technology
• /
• v.6 no.4
• /
• pp.693-701
• /
• 2020

In this paper, SQL statements are analyzed to improve database performance in the current course registration system. The performance of the current database was measured through the execution plan of the SQL statements used in the transactions related to the course registration. Through the SQL analysis, the complemented SQL statements confirmed the improved performance. Overall, the performance of the course registration database system was improved through the analysis of the execution plan, and some improvement methods of the course registration SQL were shown as test results. The improved method is to reorganize the tables and index tables related to the course registration through database tuning, and utilize the SQL function to implement an optimized system that has evolved into a course database system with improved performance. The enrollment system re-adjusted by the proposed method showed excellent results in terms of performance compared to the previous enrollment system, and the integrated performance test result reduced the response time by 1.8 to 18 times.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.9
• /
• pp.425-432
• /
• 2016

As the importance of information audit is getting bigger, the public corporations invest many expenses at information system audit to build a high quality system. For this purpose, there are much research to proceed an audit effectively. In database audit works, it could audit utilizing a variety of monitoring tools. However, when auditing SQLs which might be affected to database performance, there are several limits related to SQL audit functionality. For this reason, most existing monitoring tools process based on meta information, it is difficult to proceed SQL audit works if there is no meta data or inaccuracy. Also, it can't detect problems by analysis of SQL's syntax structure. In this paper, we design and implement the SQL Inspector using ANTLR which is applied by syntax analysis technique. The overall conclusion is that the implemented SQL Inspector can work effectively much more than eye-checked way. Finally, The SQL inspector which we proposed can apply much more audit rules by compared with other monitoring tools. We expect the higher stability of information system to apply SQL Inspector from development phase to the operation phase.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2576-2590
• /
• 2020

The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.337-340
• /
• 2022

SQL Injection attacks are one of the older attack techniques and are the dominant type of hacking attempts against web services. There have been many attempts to hack SQL injection attacks by exposing data or obtaining privileges. In this paper, we implement a log analysis system that can respond to SQL injection attacks in real time using the open source ELK Stack. did. By providing a visualization of SQL injection attack log data through the implemented system, it is expected that users will be able to easily grasp the degree of attack risk and quickly prepare for attacks.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.2
• /
• pp.76-86
• /
• 2016

SQL Injection attacks are the most widely used and also they are considered one of the oldest traditional hacking techniques. SQL Injection attacks are getting quite complicated and they perform a high portion among web hacking. The big data environments in the future will be widely used resulting in many devices and sensors will be connected to the internet and the amount of data that flows among devices will be highly increased. The scale of damage caused by SQL Injection attacks would be even greater in the future. Besides, creating security solutions against SQL Injection attacks are high costs and time-consuming. In order to prevent SQL Injection attacks, we have to operate quickly and accurately according to this data analysis techniques. We utilized data analytics and machine learning techniques to defend against SQL Injection attacks and analyzed the execution plan of the SQL command input if there are abnormal patterns through checking the web log files. Herein, we propose a way to distinguish between normal and abnormal SQL commands. We have analyzed the value entered by the user in real time using the automated SQL Injection attacks tools. We have proved that it is possible to ensure an effective defense through analyzing the execution plan of the SQL command.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.135-148
• /
• 2008

The expansion of the internet has made web applications become a part of everyday lift. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query attribute value removal method which uses Static and Dynamic Analysis and evaluates the efficiency through various experiments.

• Journal of Korea Multimedia Society
• /
• v.21 no.8
• /
• pp.934-941
• /
• 2018

There are some limits on cost and efficiency for large amount of data in RDBMS, and NoSQL is starting to gain popularity. In medical institutions, data forms are different between organizations, and that makes difficulty for interoperability between organizations. In this paper we focused on performance issues between RDMBS and NoSQL in medical documents. We had built two different environment and had experiment comparative analysis of NoSQL with RDBMS based on medical data. We used medical HL7 FHIR as a medical data standard. Also YCSB benchmark tool was used for performance comparison. Experiments shows that NoSQL has better performance in large amounts of medical data processing systems that have over 10,000~100,000 records.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.631-634
• /
• 2014

When to build a Web and Cloud Computing environment, it is essential to used a database system. Database systems includes commercial programs, such as Oracle and MS-SQL, but also similar to the performance of commercial applications, there are many free programs. In particular, PostgreSQL, MySQL, MariaDB are no costs, but the source is open to the public can be applied to a variety of environments. This paper presents an open source relational database management system, the trends are examined.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.259-265
• /
• 2005

The purpose of this study is for designing a illegal query detection system using Winpcap library for unauthorized access by internal person. The illegal query detection can be possible detecting the data in out of access control or searching illegal data by plagiarizing other user ID. The system used in this paper collects packets and analyzes the data related to SQL phrase among them, and selects the user's basic information by comparing the dispatch of MAC address and user's hardware information constructed previously. If the extracted information and user's one are different, it is considered as an illegal query. It is expected that the results of this study can be applied to reducing the snaking off unprotected data, and also contributed to leaving the audit records using user's access log which can be applied to the pattern analysis.

• Electronics and Telecommunications Trends
• /
• v.9 no.4
• /
• pp.157-169
• /
• 1994

본 고에서는 ISO/IEC JTC1/SC21 WG3(Database)에서 표준화하고 있는 SQL Multimedia and Application Packages (SQL/MM)에 대해 표준화의 동향과 이 표준에서 정의하고 있는 기술적인 내용을 분석한다. SQL/MM은 데이터베이스 언어의 표준인 SQL을 확장한 새로운 표준으로서, 멀티미디어 응용에서 필요로 하는 여러 가지 요구 사항을 만족시킬 수 있도록 하기 위한 새로운 기능들이 추가된 형태이다. 이 표준은 SQL3라는 객체 지향 데이터베이스를 위한 표준 질의 언어의 기본 기능 위에 멀티미디어적 요소들을 첨가하는 방법으로 표준 제정이 진행되고 있다. 우선적으로 다루고 있는 분야는 문서에 대한 full-text 검색 분야와 공간 및 시간 관계를 이용한 검색 분야 등이며, 다양한 데이터 타입들 중에서 여러 종류의 응용에서 공통적으로 사용되는 범용의 것들을 체계적으로 정리하는 분야도 병행하고 있다.