I'm building HIDS on database server. General, you will have alot of rule for each query success. So I use machine learning detect normal query or abnormal query. Each abnormal query will be generated. Example:
Select count(*) from users where id = 1 and pass = 'abc' (normal query). Select count(*) from users where id = 1 or 1 = 1 (abnormal query - SQLI - alert) Select count(*) from users where id = 1 and pass = null (abnormal query - alert) ... I need sample for machine learning :( -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
