SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

Xie, Xin; Ren, Chunhui; Fu, Yusheng; Xu, Jie; Guo, Jinhong

doi:10.1109/access.2019.2947527

Cited by 42 publications

(10 citation statements)

References 20 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The authors proposed an attack detection method based on elastic grouping; implementing the method provided greater security according to the different detection methods; the method helped eliminate redundant information in the system, early detection of the attack provided an accuracy of the behavior of attackers; as a result, an automatic behavioral analysis was obtained, identifying the traffic of the attack [43].…”

Section: A Materialsmentioning

confidence: 99%

Analysis for the Evaluation and Security Management of a Database in a Public Organization to Mitigate Cyber Attacks

et al. 2020

View full text Add to dashboard Cite

In data handling, security and privacy are essential for database administrators and users that own their information. Information about security models or architectures was analyzed for databases that minimize Cyber Attacks. The problem is that security models deployed in databases in public organizations suffer from computer attacks due to vulnerabilities in their security management systems. Data providers often publish the information for research purposes, publishing compromises on the privacy of the data of users registered in the entities. There are many security techniques for databases based on data encryption processes in transactions, however, the techniques found compromise information. The development of the document used the deductive method and exploratory research technique that allows us to study the information in the articles presented. In this document we have proposed a Security Model Assessment Prototype for Databases, a Prototype of Security Management Architecture in Blockchain for a Database, a Database Security Algorithm, a Logical Structure of the Management System in Blockchain, and a Prototype to mitigate cyberattacks. The use of a hybrid blockchain model provides the system with the optimal security that public organizations in relation to test results performed with a 99.50% security effectiveness. The simulations presented in this document were conducted based on in-depth studies and the data were randomly placed with a range according to the study results based on real-world situations.INDEX TERMS Blockchain, cyber attacks, cyber security, data base, public organization.

show abstract

Section: A Materialsmentioning

confidence: 99%

Analysis for the Evaluation and Security Management of a Database in a Public Organization to Mitigate Cyber Attacks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…It becomes increasingly dangerous when an attacker gains access to the data and performs unauthorized data modifications [4,5]. SQLi is performed by inserting SQL commands into web forms, domain names, or page queries and ultimately tricks the server into running malicious SQL commands, causing significant damage to websites and users [6]. XSS occurs when a malicious web code is sent, typically in the form of a script via a browser on the victim's computer.…”

Section: Introductionmentioning

confidence: 99%

An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

Stiawan¹,

Bardadi²,

Afifah³

et al. 2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short-Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM's Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks' patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM's Input Gate assists in finding out crucial information and stores specific relevant data in the memory.

show abstract

“…Specifically, this science works in the search, analysis, identification, and categorization of data that can be crime evidence [Garfinkel 2010;van Beek et al 2020]. For example, Digital Forensics may be used for preventing and detecting SQL Injection attacks [Xie et al 2019].…”

Section: Introductionmentioning

confidence: 99%

Exploring the Intersection between Databases and Digital Forensics

Seufitelli

Brandão²,

Moro³

2022

jidm

View full text Add to dashboard Cite

Digital forensics has attracted attention from assorted researchers, who primarily work on predicting and solving digital hacks and crimes. In turn, the number and types of digital crimes have increased considerably, mainly due to the growing use of digital media to perform daily personal and professional tasks. Like most computer-related activities, data is at the center of such hacks and crimes. Hence, this work presents a systematic literature review of publications at the intersection between Digital Forensics and Databases. We discuss problems and trends of two main categories: Data Building and Database Management Systems. Overall, this research opens the doors for the communication between databases and an area with several exciting and concrete challenges, with great potential for social, economic, and technical-scientific contributions.

show abstract

SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

Cited by 42 publications

References 20 publications

Analysis for the Evaluation and Security Management of a Database in a Public Organization to Mitigate Cyber Attacks

Analysis for the Evaluation and Security Management of a Database in a Public Organization to Mitigate Cyber Attacks

An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

Exploring the Intersection between Databases and Digital Forensics

Contact Info

Product

Resources

About