Search from over 60,000 research works

Advanced Search

A novel approach exploiting machine learning to detect SQLi attacks

Lists
Download
[thumbnail of paper 8.pdf]
Preview
paper 8.pdf - Accepted Version (409kB) | Preview
Tools
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Ashlam, A. A., Badii, A. and Stahl, F. orcid id iconORCID: https://orcid.org/0000-0002-4860-0203 (2022) A novel approach exploiting machine learning to detect SQLi attacks. In: 5th International Conference on Advanced Systems and Emergent Technologies, 22-25 Mar 2022, Hammamet, Tunisia. doi: 10.1109/IC_ASET53395.2022.9765948

Abstract/Summary

The increasing use of Information Technology applications in the distributed environment is increasing security exploits. Information about vulnerabilities is also available on the open web in an unstructured format that developers can take advantage of to fix vulnerabilities in their IT applications. SQL injection (SQLi) attacks are frequently launched with the objective of exfiltration of data typically through targeting the back-end server organisations to compromise their customer databases. There have been a number of high profile attacks against large enterprises in recent years. With the ever-increasing growth of online trading, it is possible to see how SQLi attacks can continue to be one of the leading routes for cyber-attacks in the future, as indicated by findings reported in OWASP. Various machine learning and deep learning algorithms have been applied to detect and prevent these attacks. However, such preventive attempts have not limited the incidence of cyber-attacks and the resulting compromised database as reported by (CVE) repository. In this paper, the potential of using data mining approaches is pursued in order to enhance the efficacy of SQL injection safeguarding measures by reducing the false-positive rates in SQLi detection. The proposed approach uses CountVectorizer to extract features and then apply various supervised machine-learning models to automate the classification of SQLi. The model that returns the highest accuracy has been chosen among available models. Also a new model has been created PALOSDM (Performance analysis and Iterative optimisation of the SQLI Detection Model) for reducing false-positive rate and false-negative rate. The detection rate accuracy has also been improved significantly from a baseline of 94% up to 99%.

Altmetric Badge

Item Type Conference or Workshop Item (Paper)
URI https://reading-clone.eprints-hosting.org/id/eprint/105667
Item Type Conference or Workshop Item
Refereed Yes
Divisions Science > School of Mathematical, Physical and Computational Sciences > Department of Computer Science
Download/View statistics View download statistics for this item
Download Statistics

Downloads

Downloads per month over past year

Deposit Details

University Staff: Request a correction | Centaur Editors: Update this record

Search Google Scholar