• Jun 14, 2017 News!Vol.8, No.5 has been indexed by EI (Inspec).   [Click]
  • Nov 09, 2017 News!Vol.9, No.5 has been published with online version. 16 peer reviewed articles from 11 specific areas are published in this issue.   [Click]
  • Jul 19, 2017 News!Vol.9, No.4 has been published with online version. 16 peer reviewed articles from 16 specific areas are published in this issue.   [Click]
General Information
Editor-in-chief
Prof. Wael Badawy
Department of Computing and Information Systems Umm Al Qura University, Canada
I'm happy to take on the position of editor in chief of IJCTE. We encourage authors to submit papers concerning any branch of computer theory and engineering.
IJCTE 2016 Vol.8(3): 213-217 ISSN: 1793-8201
DOI: 10.7763/IJCTE.2016.V8.1046

Simulating SQL-Injection Cyber-Attacks Using GNS3

A. Mahrouqi, P. Tobin, S. Abdalla, and T. Kechadi
Abstract—Network Forensics is a subtopic of Digital Forensics wherein research on artificat investigations and intrusions evidence acquisition is addressed. Among many challenges in the field, the problem of losing data artifacts in the state of flux, (i.e., live volatile data), when network devices are suddenly non-operational remains a topic of interest to many investigators. The main objective of this article is to simulate an SQL injection attack scenarios in a complex network environment. We designed and simulated a typical demilitarized zone (DMZ) network environment using graphical network simulator (GNS3), Virtual Box and VMware workstation. Using this set-up we are now able to simulate specific network devices configuration, perform SQL injection attacks against victim machines and collect network logs. The main motivation of our work is to finally define an attack pathway prediction methodology that makes it possible to examine the network artifacts collected in case network attacks.

Index Terms—Acquisition, anti-forensics, network forensics, SQL injection attack.

The authors are with Insight Centre for Data Analytics, University College Dublin, Ireland (e-mail: aadil.al-mahrouqi@ucdconnect.ie, tahar.kechadi@ucd.ie, patrick.tobin@insight-centre.org, sameh@ucd.ie).

[PDF]

Cite:A. Mahrouqi, P. Tobin, S. Abdalla, and T. Kechadi, "Simulating SQL-Injection Cyber-Attacks Using GNS3," International Journal of Computer Theory and Engineering vol. 8, no. 3, pp. 213-217, 2016.

Copyright © 2008-2015. International Journal of Computer Theory and Engineering. All rights reserved.
E-mail: ijcte@vip.163.com