A hybrid method for detection and prevention of SQL injection attacks

Ghafarian, Ahmad

doi:10.1109/sai.2017.8252192

Cited by 25 publications

(19 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The papers [24][25][26][27][28][29][30][31][32] use pattern matching approaches to detect and prevent SQLi attacks. These operations are performed at the runtime, which makes these practices time-consuming and complex.…”

Section: Pattern Matching Approachesmentioning

confidence: 99%

“…There are numerous SQLi detection approaches to diminish such attacks through SQLi vulnerability exploitation. These detection approaches can be of various types: detection using pattern matching [24][25][26][27][28][29][30][31][32], learning-based detection [33][34][35][36][37][38][39][40][41][42][43], and other approaches [44][45][46][47][48][49].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

Hassan

Ahmad

Ghosh

2021

IJEEI

View full text Add to dashboard Cite

SQL injection (SQLi), a well-known exploitation technique, is a serious risk factor for database-driven web applications that are used to manage the core business functions of organizations. SQLi enables an unauthorized user to get access to sensitive information of the database, and subsequently, to the application's administrative privileges. Therefore, the detection of SQLi is crucial for businesses to prevent financial losses. There are different rules and learning-based solutions to help with detection, and pattern recognition through support vector machines (SVMs) and random forest (RF) have recently become popular in detecting SQLi. However, these classifiers ensure 97.33% accuracy with our dataset. In this paper, we propose a deep learningbased solution for detecting SQLi in web applications. The solution employs both correlation and chi-squared methods to rank the features from the dataset. Feed-forward network approach has been applied not only in feature selection but also in the detection process. Our solution provides 98.04% accuracy over 1,850 recorded datasets, where it proves its superior efficiency among other existing machine learning solutions.

show abstract

Section: Pattern Matching Approachesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

Hassan

Ahmad

Ghosh

2021

IJEEI

View full text Add to dashboard Cite

show abstract

“…This phase is the previous method for detection SQLIA proposed by Ghafarian [16] which is combined between static and dynamic analysis method. Firstly, it suggested to insert a record at every table of the database that has only Symbols.…”

Section: Phase I: Datasetmentioning

confidence: 99%

An Improved SQL Injection Attack Detection Model Using Machine Learning Techniques

Abdulmalik

2021

Int J Innov Comp

View full text Add to dashboard Cite

SQL Injection Attack (SQLIA) is a common cyberattack that target web application database. With the ever increasing and varying techniques to exploit web application SQLIA vulnerabilities, there is no a comprehensive method that can solve this kind of attacks. Therefore, these various of attack techniques required to establish many methods against in order to mitigate its threats. However, most of these methods have not yet been evaluated, where it is still just theories and require to implement and measure its performance and set its limitation. Moreover, most of the existing SQL injection countermeasures either used syntax-based detection methods or a list of predefined rules to detect the SQL injection, which is vulnerable in advance and sophisticated type of attacks because attackers create new ways to evade the detection utilizing their pre-knowledge. Although semantic-based features can improve the detection, up to our knowledge, no studies focused on extracting the semantic features from SQL stamens. This paper, investigates a designed model that can improve the efficacy of the SQL injection attack detection using machine learning techniques by extracting the semantic features that can effectively indicate the SQL injection attack. Also, a tenfold approach will be used to evaluate and validate the proposed detection model.

show abstract

“…Hidden Markov Model (HMM) [16] detects SQL injection by establishing the browsing behavior model of attackers and legitimate users, and has common shortcomings with the detection method based on user behavior [12], [13], which is more suitable for the detection of a single website. The database table is expanded [17] or redesigned to monitor the query behavior of the database to determine whether it belongs to abnormal behavior. This method can handle any type of query and the algorithm is platform-independent.…”

Section: Figurementioning

confidence: 99%

SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

Xie

Ren

et al. 2019

IEEE Access

View full text Add to dashboard Cite

An enterprise's data can be one of its most important assets and often critical to the firm's development and survival. SQL injection attack is ranked first in the top ten risks to network applications by the Open Web Application Security Project (OWASP). Its harmfulness, universality, and severe situation are self-evident. This paper presents a method of SQL injection detection based on Elastic-Pooling CNN (EP-CNN) and compares it with traditional detection methods. This method can output a fixed two-dimensional matrix without truncating data and effectively detects the SQL injection of web applications. Based on the irregular matching characteristics, it can identify new attacks and is harder to bypass.

show abstract

A hybrid method for detection and prevention of SQL injection attacks

Cited by 25 publications

References 8 publications

SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

An Improved SQL Injection Attack Detection Model Using Machine Learning Techniques

SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

Contact Info

Product

Resources

About