WebAppShield: an approach exploiting machine learning to detect SQLi attacks in an application layer in run-time

Ashlam, A. A., Badii, A. and Stahl, F. ORCID: https://orcid.org/0000-0002-4860-0203 (2022) WebAppShield: an approach exploiting machine learning to detect SQLi attacks in an application layer in run-time. International Journal of Computer and Information Engineering, 16 (8). pp. 294-302. ISSN 1307-6892 doi: 10.5281/zenodo.6983905

Abstract/Summary

In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented.

Item Type	Article
URI	https://reading-clone.eprints-hosting.org/id/eprint/109639
Identification Number/DOI	10.5281/zenodo.6983905
Refereed	Yes
Divisions	Science > School of Mathematical, Physical and Computational Sciences > Department of Computer Science
Publisher	World Academy of Science, Engineering and Technology
Download/View statistics	View download statistics for this item