SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Fu, Hong; Guo, Chun; Chao-hui, Jiang; Ping, Yuan; Lv, Xiaodan

doi:10.3390/electronics12112472

Cited by 4 publications

(2 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lu et al 12 Alotaibi et al 13 Patidar et al 14 Liu et al 15 Alghawazi et al 16 Saini et al 17 Sheth et al 18 Okesola et al 19 Labib et al 20 Marashdih et al 21 Mehta et al 22 Henry et al 23 Pruzinec et al 24 Irungu et al 25 Fratty et al 26 Logozzo et al 27 Singh et al 28 Crespo-Martínez et al 29 Fu et al 30 Philip et al 31 Barsellotti et al 32 Mallissery et al 33 Lu et al 12 Alotaibi et al 13 Guan et al 34 Nasrullayev et al 35 Muhammad et al 36 Brintha et al 37 Al Badri et al [36] Lu et al 12 (2023)…”

Section: Parse Tree Validation Policy Enforcement Isr Taint Tracking ...mentioning

confidence: 99%

Analysis of SQL injection attacks in the cloud and in WEB applications

Kumar,

Dutta,

Pranav

2024

Security and Privacy

View full text Add to dashboard Cite

Cloud computing has revolutionized the way IT industries work. Most modern‐day companies rely on cloud services to accomplish their day‐to‐day tasks. From hosting websites to developing platforms and storing resources, cloud computing has tremendous use in the modern information technology industry. Although an emerging technique, it has many security challenges. In structured query language injection attacks, the attacker modifies some parts of the user query to still sensitive user information. This type of attack is challenging to detect and prevent. In this article, we have reviewed 65 research articles that address the issue of its prevention and detection in cloud and Traditional Networks, of which 11 research articles are related to general cloud attacks, and the rest of the 54 research articles are specifically on web security. Our result shows that Random Forest has an accuracy of 99.8% and a Precision rate of 99.9%, and the worst‐performing model is Multi‐Layer Perceptron (MLP) in the SQLIA Model. For recall value, Random Forest performs best while TensorFlow Linear Classifier performs worst. F1 score is best in Random Forest, while MLP is the most diminutive performer.

show abstract

Section: Parse Tree Validation Policy Enforcement Isr Taint Tracking ...mentioning

confidence: 99%

Analysis of SQL injection attacks in the cloud and in WEB applications

Kumar,

Dutta,

Pranav

2024

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Table 2 provides further details on the criteria implemented by various authors. [17] 0.9904 0.9898 0.9903 0.991 Artificial Neural Network (ANN) [13,18] 0.9893 0.9870 0.9913 0.99 AdaBoost (AB) [17,21] 0.9808 0.9559 0.9592 0.9561 Decision Tree (DT) [16,18,22,23] 0.9668 0.9315 0.88955 0.9164 Random Forest (RF) [18,22,23] 0.9634 0.9247 0.8947 0.9149 Support Vector Machine (SVM) [18,22,23] 0.9546 0.9706 0.9085 0.9395 Logistic Regression (LR) [4] 0.9503 0.9737 0.9089 0.9653 Naive Bayes (NB) [18,24] 0.9074 0.8966 0.7985 0.9010 KNN (K-Nearest Neighbors) [21] 0.8920 0.9143 0.8931 0.8853 Furthermore, the choice of these algorithms is justified for the following reasons. The decision tree (DT) algorithm is simple to interpret and allows for the identification of characteristics relevant to the detection of SQL injections.…”

Section: Algorithm Selectionmentioning

confidence: 99%

Detecting Structured Query Language Injections in Web Microservices Using Machine Learning

Peralta-Garcia,

Quevedo-Monsalbe,

Tuesta-Monteza

et al. 2024

Informatics

View full text Add to dashboard Cite

Structured Query Language (SQL) injections pose a constant threat to web services, highlighting the need for efficient detection to address this vulnerability. This study compares machine learning algorithms for detecting SQL injections in web microservices trained using a public dataset of 22,764 records. Additionally, a software architecture based on the microservices approach was implemented, in which trained models and the web application were deployed to validate requests and detect attacks. A literature review was conducted to identify types of SQL injections and machine learning algorithms. The results of random forest, decision tree, and support vector machine were compared for detecting SQL injections. The findings show that random forest outperforms with a precision and accuracy of 99%, a recall of 97%, and an F1 score of 98%. In contrast, decision tree achieved a precision of 92%, a recall of 86%, and an F1 score of 97%. Support Vector Machine (SVM) presented an accuracy, precision, and F1 score of 98%, with a recall of 97%.

show abstract