An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

Stiawan, Deris; Bardadi, Ali; Afifah, Nurul; Melinda, Lisa; Heryanto, Ahmad; Septian, Tri Wanda; Idris, Mohd. Yazid; Subroto, Imam Much Ibnu; Lukman, Lukman; Budiarto, Rahmat

doi:10.32604/csse.2023.034047

Cited by 5 publications

(1 citation statement)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this context, a large number of Web security vulnerabilities have posed significant challenges to network security [1,2]. SQL Injection Attack (SQLIA) is a type of Web application attack [3,4]. Tools such as SQLMAP [5] that automate the implementation of SQLIAs have made it easier to perform such attacks.…”

Section: Introductionmentioning

confidence: 99%

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Guo

Chao-hui

et al. 2023

Electronics

View full text Add to dashboard Cite

An SQL Injection Attack (SQLIA) is a major cyber security threat to Web services, and its different stages can cause different levels of damage to an information system. Attackers can construct complex and diverse SQLIA statements, which often cause most existing inbound-based detection methods to have a high false-negative rate when facing deformed or unknown SQLIA statements. Although some existing works have analyzed different features for the stages of SQLIA from the perspectives of attackers, they primarily focus on stage analysis rather than different stages’ identification. To detect SQLIA and identify its stages, we analyze the outbound traffic from the Web server and find that it can differentiate between SQLIA traffic and normal traffic, and the outbound traffic generated during the two stages of SQLIA exhibits distinct characteristics. By employing 13 features extracted from outbound traffic, we propose an SQLIA detection and stage identification method based on outbound traffic (SDSIOT), which is a two-phase method that detects SQLIAs in Phase I and identifies their stages in Phase II. Importantly, it does not need to analyze the complex and diverse malicious statements made by attackers. The experimental results show that SDSIOT achieves an accuracy of 98.57% for SQLIA detection and 94.01% for SQLIA stage identification. Notably, the accuracy of SDSIOT’s SQLIA detection is 8.22 percentage points higher than that of ModSecurity.

show abstract

Section: Introductionmentioning

confidence: 99%