SQL injection attacks countermeasures assessments

Alenezi, Mamdouh; Nadeem, Muhammad; Asif, Raja

doi:10.11591/ijeecs.v21.i2.pp1121-1131

Cited by 9 publications

(5 citation statements)

References 10 publications

(10 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cruise vector is a tangent vector to the circular and that is positioned perpendicular to the attack vector. The tangent hyperplane is calculated as (7),…”

Section: First Level Idsmentioning

confidence: 99%

“…An ID has two types such as signature-based intrusion detection (SIDS) and anomaly-based intrusion detection (AIDS). SIDS is used to detect known attacks such as structured query language (SQL), which can easily detect because these patterns already exist in system whereas AIDS is used to detect unknown attacks and these attacks are difficult to detect [6], [7]. Firewalls protect against outside cyber attackers by shielding your computer or network from malicious software or unnecessary network traffic.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Three level intrusion detection system based on conditional generative adversarial network

Abdulameer¹,

Musa²,

Salim

2023

IJECE

View full text Add to dashboard Cite

<span lang="EN-US">Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.</span>

show abstract

“…Cruise vector is a tangent vector to the circular and that is positioned perpendicular to the attack vector. The tangent hyperplane is calculated as (7),…”

Section: First Level Idsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Three level intrusion detection system based on conditional generative adversarial network

Abdulameer¹,

Musa²,

Salim

2023

IJECE

View full text Add to dashboard Cite

show abstract

“…Serangan injeksi SQL, biasanya terjadi ketika penyerang mengubah, menghapus, membaca, dan menyalin data dari server basis data dan termasuk serangan aplikasi web yang paling merusak [3]. Dalam beberapa tahun terakhir SQL injections telah muncul sebagai salah satu jenis serangan yang paling berbahaya untuk sistem berbasis web dan menduduki peringkat nomor satu di antara sepuluh kerentanan Open Web Application Security Project (OWASP) [2]. SQL tidak hanya berlaku untuk profesional TI atau geek yang memiliki keterampilan pemrograman saja.…”

Section: Pendahuluanunclassified

Perbandingan Tools SQL Sus, SQL Ninja, Dan the Mole Dalam Penerapan SQL Injection

Ekayanti

Cintiya

Suartana

et al. 2022

JINTEKS

View full text Add to dashboard Cite

In this modern era, the rapid development of science and technology is certainly very beneficial for human life. However, this development can also bring threats, such as cyber attacks. One type of cyber attack that is often used is SQL injection, which targets database security. Three tools that can be used in testing SQL injection are SQL sus, SQL ninja, and The mole. Testing these three tools uses two operating systems, that is Kali Linux and Windows. The test results are measured based on several parameters, namely, the speed of the tool in responding to commands, the number of stages in its application, the features contained therein, and its efficiency. Based on the test results, it is known that only the sus SQL tool successfully injected a website, while the other two tools failed.

show abstract

“…Injection attacks are more common in web applications where attacker supply unwarranted SQL statements which get processed by the target website resulting in exploitation. Machine learning and deep learning based solutions have proven efficient in combating these attacks as rule based Web Application Firewalls (WAFs) show less accuracy [37].…”

Section: Injection Attacksmentioning

confidence: 99%

Evaluation and Selection Models for Ensemble Intrusion Detection Systems in IoT

Alghamdi

Bellaïche

2022

IoT

View full text Add to dashboard Cite

Using the Internet of Things (IoT) for various applications, such as home and wearables devices, network applications, and even self-driven vehicles, detecting abnormal traffic is one of the problematic areas for researchers to protect network infrastructure from adversary activities. Several network systems suffer from drawbacks that allow intruders to use malicious traffic to obtain unauthorized access. Attacks such as Distributed Denial of Service attacks (DDoS), Denial of Service attacks (DoS), and Service Scans demand a unique automatic system capable of identifying traffic abnormality at the earliest stage to avoid system damage. Numerous automatic approaches can detect abnormal traffic. However, accuracy is not only the issue with current Intrusion Detection Systems (IDS), but the efficiency, flexibility, and scalability need to be enhanced to detect attack traffic from various IoT networks. Thus, this study concentrates on constructing an ensemble classifier using the proposed Integrated Evaluation Metrics (IEM) to determine the best performance of IDS models. The automated Ranking and Best Selection Method (RBSM) is performed using the proposed IEM to select the best model for the ensemble classifier to detect highly accurate attacks using machine learning and deep learning techniques. Three datasets of real IoT traffic were merged to extend the proposed approach’s ability to detect attack traffic from heterogeneous IoT networks. The results show that the performance of the proposed model achieved the highest accuracy of 99.45% and 97.81% for binary and multi-classification, respectively.

show abstract

SQL injection attacks countermeasures assessments

Cited by 9 publications

References 10 publications

Three level intrusion detection system based on conditional generative adversarial network

Three level intrusion detection system based on conditional generative adversarial network

Perbandingan Tools SQL Sus, SQL Ninja, Dan the Mole Dalam Penerapan SQL Injection

Evaluation and Selection Models for Ensemble Intrusion Detection Systems in IoT

Contact Info

Product

Resources

About