Hybrid method integrating SQL-IF and Naïve Bayes for SQL injection attack avoidance

Hernawan, Faisal Yudo; Hidayatulloh, Indra; Adam, Ipam Fuaddina

doi:10.21831/jeatech.v1i2.35497

Cited by 5 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hernawan et al [11] proposed a system that combines two methods, SQLI Free Secure (SQL-IF) and Naïve Bayes, to prevent SQLI attacks. SQL-IF is a method that checks for the presence of special characters, keywords, and Boolean in the input data to detect SQLI attacks.…”

Section: Discussionmentioning

confidence: 99%

SQL Injection Detection using Machine Learning: A Review

Mohammed A M Oudah,

Mohd Fadzli Marhusin

2024

MJoSHT

View full text Add to dashboard Cite

SQL injection attacks are critical security vulnerability exploitation in web applications, posing risks to data, if successfully executed, allowing attackers to gain unauthorised access to sensitive data. Due to the absence of a standardised structure, traditional signature-based detection methods face challenges in effectively detecting SQL injection attacks. To overcome this challenge, machine learning (ML) algorithms have emerged as a promising approach for detecting SQL injection attacks. This paper presents a comprehensive literature review on the utilisation of ML techniques for SQL injection detection. The review covers various aspects, including dataset collection, feature extraction, training, and testing, with different ML algorithms. The studies included in the review demonstrate high levels of accuracy in detecting attacks and reducing false positives.

show abstract

Section: Discussionmentioning

confidence: 99%

SQL Injection Detection using Machine Learning: A Review

Mohammed A M Oudah,

Mohd Fadzli Marhusin

2024

MJoSHT

View full text Add to dashboard Cite

show abstract

“…Several techniques for detecting and preventing SQLI have been proposed, with some focusing on statistical analysis [4,66,67,68,69,70] or dynamic analysis [71,72], others on Hybrid approach [32,73]. These techniques are used for web application vulnerability Fig.…”

Section: Existing Techniques For Sqli Detection and Preventionmentioning

confidence: 99%

“…The hybrid injection detection and prevention system (HIDPS) uses both ML classifiers and other statistical techniques to prevent and detect the rescues of SQLI attacks from different web applications and systems [32]. Accordingly, some of the previous research has used hybrid techniques [64,73,80]. This can be done by comparing the structure of the queries to detect attacks.…”

Section: Hybrid Techniquesmentioning

confidence: 99%

“…The extracted feature is then accepted by the ML classifier, which trains the model to identify the injected query. The SVM [103,104], DT, NB [73,105,106], and other algorithms in ML techniques [75,[107][108][109][110][111] are used to solve classification algorithms. The trained model passes all stages such as preprocessing and feature extraction.…”

Section: Nature Of Attack Recommended Techniquementioning

confidence: 99%

See 1 more Smart Citation

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Demilie¹,

Deriba²

2022

J Big Data

View full text Add to dashboard Cite

A web application is a software system that provides an interface to its users through a web browser on any operating system (OS). Despite their growing popularity, web application security threats have become more diverse, resulting in more severe damage. Malware attacks, particularly SQLI attacks, are common in poorly designed web applications. This vulnerability has been known for more than two decades and is still a source of concern. Accordingly, different techniques have been proposed to counter SQLI attacks. However, the majority of them either fail to cover the entire scope of the problem. The structured query language injection (SQLI) attack is among the most harmful online application attacks and often happens when the attacker(s) alter (modify), remove (delete), read, and copy data from database servers. All facets of security, including confidentiality, data integrity, and data availability, can be impacted by a successful SQLI attack. This paper investigates common SQLI attack forms, mechanisms, and a method of identifying, detecting, and preventing them based on the existence of the SQL query. Here, we have developed a comprehensive framework for detecting and preventing the effectiveness of techniques that address specific issues following the essence of the SQLI attacks by using traditional Navies Bayes (NB), Decision Trees (DT), Support Vectors Machine (SVM), Random Forests (RF), Logistic Regression (LR), and Neural Networks Based on Multilayer Perceptron (MLP), and hybrid approach are used for our study. The machine learning (ML) algorithms were implemented using the Keras library, while the classical methods were implemented using the Tensor Flow-Learn package. For this proposed research work, we gathered 54,306 pieces of data from weblogs, cookies, session usage, and from HTTP (S) request files to train and test our model. The performance evaluation results for training set in metrics such as the hybrid approach (ANN and SVM) perform better accuracies in precision (99.05% and 99.54%), recall (99.65% and 99.61%), f1-score (99.35% and 99.57%), and training set (99.20% and 99.60%) respectively than other ML approaches. However, their training time is too high (i.e., 19.62 and 26.16 s respectively) for NB and RF. Accordingly, the NB technique performs poorly in accuracy, precision, recall, f1-score, training set evaluation metrics, and best in training time. Additionally, the performance evaluation results for test set in metrics such as hybrid approach (ANN and SVM) perform better accuracies in precision (98.87% and 99.20%), recall (99.13% and 99.47%), f1-score (99.00% and 99.33%) and test set (98.70% and 99.40%) respectively than other ML approaches. However, their test time is too high (i.e., 11.76 and 15.33 ms respectively). Accordingly, the NB technique performs poorly in accuracy, precision, recall, f1-score, test set evaluation metrics, and best in training time. Here, among the implemented ML techniques, SVM and ANN are weak learners. The achieved performance evaluation results indicated that the proposed SQLI attack detection and prevention mechanism has been improved over the previously implemented techniques in the theme. Finally, in this paper, we aimed to keep researchers up-to-date, with contributions, and recommendations to the understanding of the intersection between SQLI attacks and prevention in the artificial intelligence (AI) field.

show abstract

“…Furthermore, Gondalia et al proposed using Service Level Agreements (SLA) mechanism to mitigate the risk of chatbot services [57]. Another strategy to avoid SQL injection within user answer/ feedback in conversation with a chatbot is using SQL-IF and Naïve Bayes [58]. Using a combination of SQL-IF and Naive Bayes to detect the trigger or malicious code in the text inputted by the user will reduce the risk of response module attack.…”

Section: Security and Privacy Issuementioning

confidence: 99%

Gamification on Chatbot-Based Learning Media: a Review and Challenges

Hidayatulloh

Pambudi

Surjono

et al. 2021

ELINVO

Self Cite

View full text Add to dashboard Cite

The mobile learning sector has exploded, implying that the e-Learning trend is shifting to mobile platforms. As a result, chatbots have become increasingly popular alternatives for online learning and examinations on mobile platforms. However, it did not provide enough motivation for the student. On the other hand, gamification in a typical e-Learning platform is a widely used technique for increasing students' learning motivation. Therefore, combining gamification with chatbot-based learning and examinations possibly offer benefits, including increase student learning motivation. This study explored the possibilities and future challenges of the development of gamification within chatbot-based learning media. We discussed four aspects: architecture's reliability, security and privacy issue, user’s acceptance and motivation, and gamification feature challenges.

show abstract

Hybrid method integrating SQL-IF and Naïve Bayes for SQL injection attack avoidance

Cited by 5 publications

References 6 publications

SQL Injection Detection using Machine Learning: A Review

SQL Injection Detection using Machine Learning: A Review

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Gamification on Chatbot-Based Learning Media: a Review and Challenges

Contact Info

Product

Resources

About