A systematic review of detection and prevention techniques of SQL injection attacks

Nasereddin, Mohammed; Alkhamaiseh, Ashaar; Qasaimeh, Malik; Al‐Qassas, Raad S.

doi:10.1080/19393555.2021.1995537

Cited by 35 publications

(18 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 3 illustrates the CNN-LSTM algorithm paradigm, and the particular stages are as follows: Mathematical Problems in Engineering 3 (a) Spark offers a consistent and comprehensive framework for handling diverse datasets and data sources (batch or real-time streaming data) with varying characteristics (text data, chart data, etc.) [38,39]. (b) Spark improves the performance of Hadoop cluster apps operating in memory by 100 times and the speed of Hadoop cluster applications running on the disc by ten times [14,40].…”

Section: Cnn-lstm Algorithmmentioning

confidence: 99%

Distributed Deep CNN-LSTM Model for Intrusion Detection Method in IoT-Based Vehicles

Alferaidi

Yadav

Alharbi

et al. 2022

Mathematical Problems in Engineering

View full text Add to dashboard Cite

As 5G and other technologies are widely used in the Internet of Vehicles, intrusion detection plays an increasingly important role as a vital detection tool for information security. However, due to the rapid changes in the structure of the Internet of Vehicles, the large data flow, and the complex and diverse forms of intrusion, traditional detection methods cannot ensure their accuracy and real-time requirements and cannot be directly applied to the Internet of Vehicles. A new AA distributed combined deep learning intrusion detection method for the Internet of Vehicles based on the Apache Spark framework is proposed in response to these problems. The cluster combines deep-learning convolutional neural network (CNN) and extended short-term memory (LSTM) network to extract features and data for detection of car network intrusion from large-scale car network data traffic and discovery of abnormal behavior. The experimental results show that compared with other existing models, the algorithm of this model can reach 20 in the fastest time, and the accuracy rate is up to 99.7%, with a good detection effect.

show abstract

Section: Cnn-lstm Algorithmmentioning

confidence: 99%

Distributed Deep CNN-LSTM Model for Intrusion Detection Method in IoT-Based Vehicles

Alferaidi

Yadav

Alharbi

et al. 2022

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

“…Dynamic detection is capable of identifying vulnerabilities that are predefined by application developers. However, due to the assorted syntax of malicious statements, it fails to meet the detection requirements in intricate systems [13].…”

Section: Introductionmentioning

confidence: 99%

Deep Learning in Cybersecurity: A Hybrid BERT–LSTM Network for SQL Injection Attack Detection

Liu,

Dai

2024

IET Information Security

View full text Add to dashboard Cite

In the past decade, cybersecurity has become increasingly significant, driven largely by the increase in cybersecurity threats. Among these threats, SQL injection attacks stand out as a particularly common method of cyber attack. Traditional methods for detecting these attacks mainly rely on manually defined features, making these detection outcomes highly dependent on the precision of feature extraction. Unfortunately, these approaches struggle to adapt to the increasingly sophisticated nature of these attack techniques, thereby necessitating the development of more robust detection strategies. This paper presents a novel deep learning framework that integrates Bidirectional Encoder Representations from Transformers (BERT) and Long Short-Term Memory (LSTM) networks, enhancing the detection of SQL injection attacks. Leveraging the advanced contextual encoding capabilities of BERT and the sequential data processing ability of LSTM networks, the proposed model dynamically extracts word and sentence-level features, subsequently generating embedding vectors that effectively identify malicious SQL query patterns. Experimental results indicate that our method achieves accuracy, precision, recall, and F1 scores of 0.973, 0.963, 0.962, and 0.958, respectively, while ensuring high computational efficiency.

show abstract

“…S QL injection attacks are a prevalent and serious security threat in web applications and databases [1]. The attacker exploits vulnerabilities in software systems that interact with databases through SQL injection.…”

Section: Introductionmentioning

confidence: 99%

AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection

Thalji,

Raza,

Islam

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Structured Query Language (SQL) injection attacks represent a critical threat to databasedriven applications and systems, exploiting vulnerabilities in input fields to inject malicious SQL code into database queries. This unauthorized access enables attackers to manipulate, retrieve, or even delete sensitive data. The unauthorized access through SQL injection attacks underscores the critical importance of robust Artificial Intelligence (AI) based security measures to safeguard against SQL injection attacks. This study's primary objective is the automated and timely detection of SQL injection attacks through AI without human intervention. Utilizing a preprocessed database of 46,392 SQL queries, we introduce a novel optimized approach, the Autoencoder network (AE-Net), for automatic feature engineering. The proposed AE-Net extracts new high-level deep features from SQL textual data, subsequently input into machine learning models for performance evaluations. Extensive experimental evaluation reveals that the extreme gradient boosting classifier outperforms existing studies with an impressive k-fold accuracy score of 0.99 for SQL injection detection. Each applied learning approach's performance is further enhanced through hyperparameter tuning and validated via k-fold cross-validation. Additionally, statistical t-test analysis is applied to assess performance variations. Our innovative research has the potential to revolutionize the timely detection of SQL injection attacks, benefiting security specialists and organizations.

show abstract

A systematic review of detection and prevention techniques of SQL injection attacks

Cited by 35 publications

References 66 publications

Distributed Deep CNN-LSTM Model for Intrusion Detection Method in IoT-Based Vehicles

Distributed Deep CNN-LSTM Model for Intrusion Detection Method in IoT-Based Vehicles

Deep Learning in Cybersecurity: A Hybrid BERT–LSTM Network for SQL Injection Attack Detection

AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection

Contact Info

Product

Resources

About