Detection of SQL Injection Attack Using Neural Networks

Hubskyi, Oleksandr; Babenko, Tetiana; Myrutenko, Larysa; Oksiiuk, Oleksandr

doi:10.1007/978-3-030-58124-4_27

Cited by 4 publications

(1 citation statement)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As web applications play an increasingly significant role in various domains, ensuring their security has become a critical concern. Among the wide range of vulnerabilities that these applications face, SQL injection attacks pose a significant threat to the confidentiality and integrity of sensitive data stored in databases [1]. These attacks exploit vulnerabilities in web application input validation mechanisms, allowing attackers to manipulate SQL queries and gain unauthorized access to the underlying database.…”

Section: Introductionmentioning

confidence: 99%

Improving ML Accuracy in SQL Injection Detection using NLP and Feature Engineering.

Jaradat,

Rattrout,

Jayousi

2023

Preprint

View full text Add to dashboard Cite

This research proposes the DSQLIA model, which enhances the accuracy of machine learning (ML) algorithms in detecting SQL injection attacks. Traditional rule-based and signature-based methods face limitations in effectively identifying evolving attack techniques. To address this, DSQLIA employs feature engineering and Natural Language Processing (NLP). Relevant features capturing the unique characteristics of SQL injection attacks are identified and created through feature engineering. NLP techniques are applied to analyze the textual content of SQL queries and extract meaningful information for distinguishing between legitimate and malicious queries. The DSQLIA model evaluates different ML algorithms, including decision trees, support vector machines (SVM), and artificial neural networks (ANN), on a dataset. Various performance metrics such as accuracy, precision, recall, and F1-score are used to assess algorithm effectiveness. Results show that the SVM algorithm achieves the highest accuracy of 0.994, followed by the decision tree with 0.975, and the ANN with 0.966. This highlights the improved performance of SVM in accurately classifying SQL queries. By combining feature engineering and NLP techniques, the DSQLIA model enhances ML accuracy in SQL injection detection, offering a valuable approach to mitigating the risks posed by these vulnerabilities in web applications.

show abstract

Section: Introductionmentioning

confidence: 99%

Improving ML Accuracy in SQL Injection Detection using NLP and Feature Engineering.

Jaradat,

Rattrout,

Jayousi

2023

Preprint

View full text Add to dashboard Cite

show abstract

Securing web applications against XSS and SQLi attacks using a novel deep learning approach

Tadhani,

Vekariya,

Sorathiya

et al. 2024

Sci Rep

View full text Add to dashboard Cite

Modern web application development involves handling enormous amounts of sensitive and consequential data. Security is, therefore, a crucial component of developing web applications. A web application's security is concerned with safeguarding the data it processes. The web application framework must have safeguards to stop and find application vulnerabilities. Among all web application attacks, SQL injection and XSS attacks are common, which may lead to severe damage to Web application data or web functionalities. Currently, there are many solutions provided by various study for SQLi and XSS attack detection, but most of the work shown have used either SQL/XSS payload-based detection or HTTP request-based detection. Few solutions available can detect SQLi and XSS attacks, but these methods provide very high false positive rates, and the accuracy of these models can further be improved. We proposed a novel approach for securing web applications from both cross-site scripting attacks and SQL injection attacks using decoding and standardization of SQL and XSS payloads and HTTP requests and trained our model using hybrid deep learning networks in this paper. The proposed hybrid DL model combines the strengths of CNNs in extracting features from input data and LSTMs in capturing temporal dependencies in sequential data. The soundness of our approach lies in the use of deep learning techniques that can identify subtle patterns in the data that traditional machine learning-based methods might miss. We have created a testbed dataset of Normal and SQLi/XSS HTTP requests and evaluated the performance of our model on this dataset. We have also trained and evaluated the proposed model on the Benchmark dataset HTTP CSIC 2010 and another SQL/XSS payload dataset. The experimental findings show that our proposed approach effectively identifies these attacks with high accuracy and a low percentage of false positives. Additionally, our model performed better than traditional machine learning-based methods. This soundness approach can be applied to various network security applications such as intrusion detection systems and web application firewalls. Using our model, we achieved an accuracy of 99.84%, 99.23% and 99.77% on the SQL-XSS Payload dataset, Testbed dataset and HTTP CSIC 2010 dataset, respectively.

show abstract

Analyzing SQL payloads using logistic regression in a big data environment

Shareef,

Hasan,

Farhan

2023

Journal of Intelligent Systems

View full text Add to dashboard Cite

Protecting big data from attacks on large organizations is essential because of how vital such data are to organizations and individuals. Moreover, such data can be put at risk when attackers gain unauthorized access to information and use it in illegal ways. One of the most common such attacks is the structured query language injection attack (SQLIA). This attack is a vulnerability attack that allows attackers to illegally access a database quickly and easily by manipulating structured query language (SQL) queries, especially when dealing with a big data environment. To address these risks, this study aims to build an approach that acts as a middle protection layer between the client and database server layers and reduces the time consumed to classify the SQL payload sent from the user layer. The proposed method involves training a model by using a machine learning (ML) technique for logistic regression with the Spark ML library that handles big data. An experiment was conducted using the SQLI dataset. Results show that the proposed approach achieved an accuracy of 99.04, a precision of 98.87, a recall of 99.89, and an F-score of 99.04. The time taken to identify and prevent SQLIA is 0.05 s. Our approach can protect the data by using the middle layer. Moreover, using the Spark ML library with ML algorithms gives better accuracy and shortens the time required to determine the type of request sent from the user layer.

show abstract

Detection of SQL Injection Attack Using Neural Networks

Cited by 4 publications

References 1 publication

Improving ML Accuracy in SQL Injection Detection using NLP and Feature Engineering.

Improving ML Accuracy in SQL Injection Detection using NLP and Feature Engineering.

Securing web applications against XSS and SQLi attacks using a novel deep learning approach

Analyzing SQL payloads using logistic regression in a big data environment

Contact Info

Product

Resources

About