A Survey on SQL Injection Attack: Detection and Challenges

Marashdeh, Zain; Suwais, Khaled; Alia, Mohammad

doi:10.1109/icit52682.2021.9491117

Cited by 19 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Related works [26,31] have conducted many studies on traditional machine learning detection methods. Kamtuo et al [20] proposed a framework for SQLIA prevention using a compiler platform and machine learning.…”

Section: Machine Learning-based Detection Methodsmentioning

confidence: 99%

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Guo

Chao-hui

et al. 2023

Electronics

View full text Add to dashboard Cite

An SQL Injection Attack (SQLIA) is a major cyber security threat to Web services, and its different stages can cause different levels of damage to an information system. Attackers can construct complex and diverse SQLIA statements, which often cause most existing inbound-based detection methods to have a high false-negative rate when facing deformed or unknown SQLIA statements. Although some existing works have analyzed different features for the stages of SQLIA from the perspectives of attackers, they primarily focus on stage analysis rather than different stages’ identification. To detect SQLIA and identify its stages, we analyze the outbound traffic from the Web server and find that it can differentiate between SQLIA traffic and normal traffic, and the outbound traffic generated during the two stages of SQLIA exhibits distinct characteristics. By employing 13 features extracted from outbound traffic, we propose an SQLIA detection and stage identification method based on outbound traffic (SDSIOT), which is a two-phase method that detects SQLIAs in Phase I and identifies their stages in Phase II. Importantly, it does not need to analyze the complex and diverse malicious statements made by attackers. The experimental results show that SDSIOT achieves an accuracy of 98.57% for SQLIA detection and 94.01% for SQLIA stage identification. Notably, the accuracy of SDSIOT’s SQLIA detection is 8.22 percentage points higher than that of ModSecurity.

show abstract

Section: Machine Learning-based Detection Methodsmentioning

confidence: 99%

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Guo

Chao-hui

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…If the classifier is active, it will block data from reaching the database server; if it is passive, it will inform the administrator. Accordingly, three alternative learning techniques have been used to train the classifier to recognize and detect SQLI attacks [2,22].…”

Section: Introductionmentioning

confidence: 99%

“…When data are unclassified, it is unclear if they are normal or abnormal (malicious). The UL can make use of a variety of methods, including clustering and density estimation [2,22].…”

Section: Introductionmentioning

confidence: 99%

“…The Bayesian networks, DT, SVM, K-nearest neighbors, and neural networks are some of the most used SL techniques. The third technique, known as semi-supervised learning, combines SL and UL techniques [2,22]. Accordingly, by using SQLI, the attackers can alter the SQL statement by replacing the user's supplied data with their own data as depicted in Fig.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Demilie¹,

Deriba²

2022

J Big Data

View full text Add to dashboard Cite

A web application is a software system that provides an interface to its users through a web browser on any operating system (OS). Despite their growing popularity, web application security threats have become more diverse, resulting in more severe damage. Malware attacks, particularly SQLI attacks, are common in poorly designed web applications. This vulnerability has been known for more than two decades and is still a source of concern. Accordingly, different techniques have been proposed to counter SQLI attacks. However, the majority of them either fail to cover the entire scope of the problem. The structured query language injection (SQLI) attack is among the most harmful online application attacks and often happens when the attacker(s) alter (modify), remove (delete), read, and copy data from database servers. All facets of security, including confidentiality, data integrity, and data availability, can be impacted by a successful SQLI attack. This paper investigates common SQLI attack forms, mechanisms, and a method of identifying, detecting, and preventing them based on the existence of the SQL query. Here, we have developed a comprehensive framework for detecting and preventing the effectiveness of techniques that address specific issues following the essence of the SQLI attacks by using traditional Navies Bayes (NB), Decision Trees (DT), Support Vectors Machine (SVM), Random Forests (RF), Logistic Regression (LR), and Neural Networks Based on Multilayer Perceptron (MLP), and hybrid approach are used for our study. The machine learning (ML) algorithms were implemented using the Keras library, while the classical methods were implemented using the Tensor Flow-Learn package. For this proposed research work, we gathered 54,306 pieces of data from weblogs, cookies, session usage, and from HTTP (S) request files to train and test our model. The performance evaluation results for training set in metrics such as the hybrid approach (ANN and SVM) perform better accuracies in precision (99.05% and 99.54%), recall (99.65% and 99.61%), f1-score (99.35% and 99.57%), and training set (99.20% and 99.60%) respectively than other ML approaches. However, their training time is too high (i.e., 19.62 and 26.16 s respectively) for NB and RF. Accordingly, the NB technique performs poorly in accuracy, precision, recall, f1-score, training set evaluation metrics, and best in training time. Additionally, the performance evaluation results for test set in metrics such as hybrid approach (ANN and SVM) perform better accuracies in precision (98.87% and 99.20%), recall (99.13% and 99.47%), f1-score (99.00% and 99.33%) and test set (98.70% and 99.40%) respectively than other ML approaches. However, their test time is too high (i.e., 11.76 and 15.33 ms respectively). Accordingly, the NB technique performs poorly in accuracy, precision, recall, f1-score, test set evaluation metrics, and best in training time. Here, among the implemented ML techniques, SVM and ANN are weak learners. The achieved performance evaluation results indicated that the proposed SQLI attack detection and prevention mechanism has been improved over the previously implemented techniques in the theme. Finally, in this paper, we aimed to keep researchers up-to-date, with contributions, and recommendations to the understanding of the intersection between SQLI attacks and prevention in the artificial intelligence (AI) field.

show abstract

“…2. Ataques de injec ¸ão SQL [Marashdeh et al 2021] afirma que o termo injec ¸ão SQL compreende um tipo de ataque que permite que usuários obtenham acesso não autorizado a bases de dados através da injec ¸ão de código em conjunto de uma query SQL. Esse tipo de ataque pode ser executado facilmente em qualquer formulário de login, cadastro, ou campo de busca.…”

Section: Introduc ¸ãOunclassified

Estudo comparativo entre técnicas de detecção e prevenção de ataques de injeção SQL

Lages¹,

Pereira

2022

Anais Da XVII Escola Regional De Banco De Dados (ERBD 2022)

View full text Add to dashboard Cite

Atualmente, a segurança de dados se torna um aspecto que deve ser levado em consideração durante o desenvolvimento de aplicações Web. Um dos ataques mais comuns, e que requer grande consideração no processo de criação de sistemas, é o ataque de injeção SQL, que permite a adversários inserir códigos maliciosos ao banco de dados com o intuito de acessar, modificar ou até mesmo apagar informações confidenciais. Pensando nisso, o presente trabalho tem como objetivo apresentar um estudo comparativo entre sistemas de prevenção e detecção de intrusões e Web Application Firewalls baseado em testes automatizados de injeção de SQL, para definir opções efetivas para proteger diferentes aplicações desse tipo de ataque.

show abstract

A Survey on SQL Injection Attack: Detection and Challenges

Cited by 19 publications

References 18 publications

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques

Estudo comparativo entre técnicas de detecção e prevenção de ataques de injeção SQL

Contact Info

Product

Resources

About