A CNN-BiLSTM based Approach for Detection of SQL Injection Attacks

Gandhi, Neel R.; Patel, Jaykumar; Sisodiya, Rajdeepsinh; Doshi, Nishant; Mishra, Shakti

doi:10.1109/iccike51210.2021.9410675

Cited by 24 publications

(10 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AdaBoost stands for adaptive boosting, which is a statistical classification technique, and the deep forest model is a layered model based on a deep neural network. The adaptive deep forest model proposed in [25] achieved high efficiency, comparable to that of traditional ML models, such as decision trees, and better performance compared with regular deep neural network models, such as RNN and CNN.…”

Section: Acknowledgementsmentioning

confidence: 99%

See 1 more Smart Citation

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Demilie¹,

Deriba²

2022

J Big Data

View full text Add to dashboard Cite

A web application is a software system that provides an interface to its users through a web browser on any operating system (OS). Despite their growing popularity, web application security threats have become more diverse, resulting in more severe damage. Malware attacks, particularly SQLI attacks, are common in poorly designed web applications. This vulnerability has been known for more than two decades and is still a source of concern. Accordingly, different techniques have been proposed to counter SQLI attacks. However, the majority of them either fail to cover the entire scope of the problem. The structured query language injection (SQLI) attack is among the most harmful online application attacks and often happens when the attacker(s) alter (modify), remove (delete), read, and copy data from database servers. All facets of security, including confidentiality, data integrity, and data availability, can be impacted by a successful SQLI attack. This paper investigates common SQLI attack forms, mechanisms, and a method of identifying, detecting, and preventing them based on the existence of the SQL query. Here, we have developed a comprehensive framework for detecting and preventing the effectiveness of techniques that address specific issues following the essence of the SQLI attacks by using traditional Navies Bayes (NB), Decision Trees (DT), Support Vectors Machine (SVM), Random Forests (RF), Logistic Regression (LR), and Neural Networks Based on Multilayer Perceptron (MLP), and hybrid approach are used for our study. The machine learning (ML) algorithms were implemented using the Keras library, while the classical methods were implemented using the Tensor Flow-Learn package. For this proposed research work, we gathered 54,306 pieces of data from weblogs, cookies, session usage, and from HTTP (S) request files to train and test our model. The performance evaluation results for training set in metrics such as the hybrid approach (ANN and SVM) perform better accuracies in precision (99.05% and 99.54%), recall (99.65% and 99.61%), f1-score (99.35% and 99.57%), and training set (99.20% and 99.60%) respectively than other ML approaches. However, their training time is too high (i.e., 19.62 and 26.16 s respectively) for NB and RF. Accordingly, the NB technique performs poorly in accuracy, precision, recall, f1-score, training set evaluation metrics, and best in training time. Additionally, the performance evaluation results for test set in metrics such as hybrid approach (ANN and SVM) perform better accuracies in precision (98.87% and 99.20%), recall (99.13% and 99.47%), f1-score (99.00% and 99.33%) and test set (98.70% and 99.40%) respectively than other ML approaches. However, their test time is too high (i.e., 11.76 and 15.33 ms respectively). Accordingly, the NB technique performs poorly in accuracy, precision, recall, f1-score, test set evaluation metrics, and best in training time. Here, among the implemented ML techniques, SVM and ANN are weak learners. The achieved performance evaluation results indicated that the proposed SQLI attack detection and prevention mechanism has been improved over the previously implemented techniques in the theme. Finally, in this paper, we aimed to keep researchers up-to-date, with contributions, and recommendations to the understanding of the intersection between SQLI attacks and prevention in the artificial intelligence (AI) field.

show abstract

Section: Acknowledgementsmentioning

confidence: 99%

“…The authors of [25] have proposed a hybrid CNN-BiLSTM-based model for SQLI attack detection. The authors presented a detailed comparative analysis of different types of ML techniques used for the detection of SQLI attacks.…”

Section: Acknowledgementsmentioning

confidence: 99%

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Demilie¹,

Deriba²

2022

J Big Data

View full text Add to dashboard Cite

show abstract

“…Their model also utilizes a multilayer LSTM structure. Deploying two LSTMs, researchers [131]- [133] all uses a bidirectional LSTM (BiLSTM). For instance, Gandhi et al [131] presented a hybrid module based on CNN combined with BiLSTM.…”

Section: ) Sql Injectionmentioning

confidence: 99%

“…Deploying two LSTMs, researchers [131]- [133] all uses a bidirectional LSTM (BiLSTM). For instance, Gandhi et al [131] presented a hybrid module based on CNN combined with BiLSTM. Wen et al [132] enhanced the BiLSTM model for SQL attack detection by adding an attention mechanism.…”

Section: ) Sql Injectionmentioning

confidence: 99%

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Faisal

Elshoush

2023

IEEE Access

View full text Add to dashboard Cite

In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks are performed and focused on the vulnerabilities related to web applications. Hence, nowadays the mitigation of application vulnerabilities is an ignited research area. Thus, due to the potential high severity impacts of web application, many different approaches have been proposed in the past decades to mitigate the damages of application vulnerabilities. Static and dynamic analysis are the two main techniques used. In this paper, a new classification for web application input validation vulnerabilities is proffered. In addition, various techniques/tools that are used to detect them are analyzed and evaluated to apprehend their strengths and weaknesses. Thus, this paper provides both technical as well as literature countermeasures to input validation vulnerabilities. Moreover, various statistical distributions of the reviewed techniques were manifested and scrutinize in different aspects to reveal the perception of the prevailing techniques and the gaps in the literature. In addition, the most widespread metrics are also propounded.

show abstract

“…This may create the system crashes, corrupted data and other harmful effects. [5] Illegitimate Access: Hackers can enter to the web applications and the control panels and the web applications by passing the systems authentication which permits them to control the programs and initiate the attacks on different individuals or companies. [15] Elevated Privileges: In speci c cases, malicious actors can raise the honors inside a weak dataset or database which can be able to ruin the whole system.…”

Section: Introductionmentioning

confidence: 99%

Augmenting SQL Injection Attack Detection via Deep Convolutional Neural Network

Sneha,

Singh

2024

Preprint

View full text Add to dashboard Cite

Advancing the systematic methods or algorithms is necessary because SQL injection attacks can be hazardous for the security of databases and various web applications. SQL injection can be a destructive security risks which targets vulnerable web applications. There were many techniques which was previously developed which is also known as traditional methods or techniques. Those techniques used to generally rely on the signature-based methods which struggle to adjust into new attack patterns. Therefore, different new techniques were introduced with integration of machine learning. SQL injection attack detection with the blend of machine learning facilitates improvement in cybersecurity providing the scalable and the proficient defense mechanism against the developing cyber-attack. This research paper provides a potential technique to the danger of SQL injection which is based on Machine Learning i.e. Deep Convolutional Neural Network (DCNN). The proposed model was trained on the large datasets which includes genuine as well as malicious SQL queries for assuring its ability to adapt different types of evolving attacks. We have used embedding layers and tokenization techniques for demonstrating SQL queries as numerical input for the model. It is made up of many convolutional layers and fully linked layers which is able to illustrate the complex patterns and the complex correlation that can be observed in SQL queries. Our approach to detect a SQL injection attack utilizing a DCNN illustrates the remarkable accuracy, precision, recall as well as F1 score. Additionally, we also had a look at the significances of using deep learning techniques in real-world scenarios along with the existing web application and the framework.

show abstract

A CNN-BiLSTM based Approach for Detection of SQL Injection Attacks

Cited by 24 publications

References 19 publications

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Augmenting SQL Injection Attack Detection via Deep Convolutional Neural Network

Contact Info

Product

Resources

About