SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

Hassan, Mohamed H.; Ahmad, R. Badlishah; Ghosh, Tonmoy

doi:10.52549/.v9i3.3131

Cited by 5 publications

(5 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The precision score of 0.99 was achieved for the developed model in this research and the research by [27], however, the precision that determine the exactness of the model developed in this research for the detection and prevention of SQLiA in DBMS environment outperformed that of [27] as well as [28] with a score of 0.99782 superseding 0.993 and 0.97 for [27] and [29] respectively. The recall performance score recorded in this research which entails the measure of the completeness of the performance of detection of SQLiA achieved 0.99781, against that of [27], F1-score of 0.99781 with a significant difference against [23] as well as [27], though, [27] score 0.9934 that is slightly above 0.99, [29] had the worst performance score of 0.989, the robustness of the developed detection and prevent model for SQLiA in DBMS environment have established its optimality capability across all performance metrics relevant in the field of this research area. Though specificity and FPR was not recorded for the baseline journal model, this research used the performance metrics based on the fact that they are being employed for analysis engaging detection-based machine learning models, the developed detection and prevention model achieved the scores of 0.99409 and 0.00591 for specificity and FPR respectively, showing the efficient capability in detection of SQLiA in DBMS environment…”

Section: Resultsmentioning

confidence: 69%

“…Hassan et al [23] proposed a deep neural network-based technique for the detection of SQL injection vulnerability. The proposed method which is targeted at addressing the challenging effects associated with financial loss in business, application compromise and administrative exploit claimed to have outperformed existing methods in detections of SQL injection attack with the accuracy of 98.04% over 1850 dataset records, however, improve performance can be recorded if a significantly available dataset is used for training the machine learning algorithms.…”

Section: Related Workmentioning

confidence: 99%

“…Although, these solutions have contributed immensely towards providing an understanding on how SQLIAs attacks do occur and addressed, however despites these giant leaps, an ideal solution is far from been achieved. With the negative impact of SQLIAs, several researchers in [23][24][25][26][27][28][29] have tried to address concerns arising from such attacks through provision of techniques to serve as potential solutions. Despites the giant strides made in the detection and prevention of SQLIAs, the following limitations still exist:…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Countermeasure to Structured Query Language Injection Attack for Web Applications using Hybrid Logistic Regression Technique

Shagari

Gabi

Dankolo

et al. 2022

J. Nig. Soc. Phys. Sci.

View full text Add to dashboard Cite

The new generation of security threats has been promoted by real-time applications, where several users develop new ways to communicate on the internet via web applications. Structured Query Language injection Attacks (SQLiAs) is one of the major threats to web application security. Here, unauthorised users usually gain access to the database via web applications. Despite the giant strides made in the detection and prevention of SQLiAs by several researchers, an ideal approach is still far from over as most existing techniques still require improvement, especially in the area of addressing the weak characterisation of input vectors which often leads to low prediction accuracy. To deal with this concern, this paper put forward a hybrid optimised Logistic Regression (LR) model with Improved Term Frequency Inverse Document-Frequency (ITFIDF-LR). To show the effectiveness of the proposed approach, attack datasets is used and evaluated using selected performance metrics, i.e., accuracy, recall, specificity and False Positive Rate. The experimental results via simulation when compared with the benchmarked techniques, achieved performance record of 0.99781 for accuracy, recall and F1-score as well as 0.99782, 0.99409 and 0.00591 for precision, specificity and False Positive Rate (FPR) respectively. This is an indication that the proposed approach is efficient and when deployed is capable of detecting SQLiA on web applications.

show abstract

Section: Resultsmentioning

confidence: 69%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Countermeasure to Structured Query Language Injection Attack for Web Applications using Hybrid Logistic Regression Technique

Shagari

Gabi

Dankolo

et al. 2022

J. Nig. Soc. Phys. Sci.

View full text Add to dashboard Cite

show abstract

“…The feature extraction stage produced a set of SQL injection data features in the form of a one-dimensional array as its final result (Hassan et al, 2021). This stage will be using the "Reshape" algorithm to reformat the data in order to arrange it for its subsequent conversion to a two-dimensional array using Equation ( 2).…”

Section: Reshape Data Stagementioning

confidence: 99%

SQL Injection Detection Using RNN Deep Learning Model

ALAzzawi

2023

JAETS

View full text Add to dashboard Cite

SQL injection attacks are a common type of cyber-attack that exploit vulnerabilities in web applications to access databases through malicious SQL queries. These attacks pose a serious threat to the security and integrity of web applications and their data. The existing methods for detecting SQL injection attacks are based on predefined rules that can be easily circumvented by sophisticated attackers. Therefore, there is a need for a more robust and effective method for detecting SQL injection attacks. In this research, we propose a novel method for detecting SQL injection attacks using recurrent neural networks (RNN), which are a type of deep learning model that can capture the syntax and semantic features of SQL queries. We train an RNN model on a dataset of benign and malicious SQL queries, and use it to classify queries as either benign or malicious. We evaluate our method on a benchmark dataset and compare it with the existing rule-based methods. Our experimental results show that our method achieved high accuracy and outperformed the rule-based methods for detecting SQL injection attacks. Our research contributes to the field of web application security by providing a new and effective solution for protecting web applications from SQL injection attacks using deep learning. Our method has both practical and theoretical implications, as it can be easily integrated into existing web application security frameworks to provide an additional layer of protection against SQL injection attacks, and it can also advance the understanding of how deep learning models can be applied to natural language processing tasks such as SQL query analysis.

show abstract

“…For the detection of SQL injection vulnerabilities in a web application using deep learning, Maruf Hassan et al [8] recommended extracting numerous web application discovering points. The portion on SQL injection vulnerability prediction relied heavily on the deep learning component, which was extensively discussed in the article.…”

Section: Literature Reviewmentioning

confidence: 99%

Surgical Striking SQL Injection Attacks Using LSTM

N¹,

Ravishankar²,

B.³

et al. 2022

INDJCSE

View full text Add to dashboard Cite

When a software program or website employs SQL databases such as Oracle, SQL Server, or MySQL, a SQL injection attack is possible. Phishers utilize SQL injection attacks to infiltrate confidential corporate and personal information, increasing the risk of compromise. If a SQL injection exploit is successful, it can be used to read and alter database data (e.g., insert, update, or delete), perform database administration operations, retrieve the data of a database management system file, also issue commands to the operating system in some cases. In comparison to basic recurrent architectures, LSTM networks have been demonstrated to learn long-term dependencies more quickly and reduce gradient disappearance and explosion. Preventing SQL injection with the usage of LSTMs is the subject of the proposed research. The LSTM model has been suggested as a training method for tracing or filtering requests from an unauthentic user. The dataset trained is looking at records that include the sender and recipient information, as well as the success or failure of the transmission. If this transaction has repeatedly failed due to an on-going assault on the system, then this is a red flag. Then, this system will flag the transaction and block the user from accessing any of the system's resources. This model has been trained to increase security by creating a system that allows the user to authenticate a transaction.

show abstract

SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

Cited by 5 publications

References 66 publications

Countermeasure to Structured Query Language Injection Attack for Web Applications using Hybrid Logistic Regression Technique

Countermeasure to Structured Query Language Injection Attack for Web Applications using Hybrid Logistic Regression Technique

SQL Injection Detection Using RNN Deep Learning Model

Surgical Striking SQL Injection Attacks Using LSTM

Contact Info

Product

Resources

About