Top

Published in:

2021 | OriginalPaper | Chapter

SQL Injection Attacks Detection and Prevention Based on Neuro—Fuzzy Technique

Authors : Doaa E. Nofal, Abeer A. Amer

Published in: Machine Learning and Big Data Analytics Paradigms: Analysis, Applications and Challenges

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

A Structured Query Language (SQL) injection attack (SQLIA) is one of most famous code injection techniques that threaten web applications, as it could compromise the confidentiality, integrity and availability of the database system of an online application. Whereas other known attacks follow specific patterns, SQLIAs are often unpredictable and demonstrate no specific pattern, which has been greatly problematic to both researchers and developers. Therefore, the detection and prevention of SQLIAs has been a hot topic. This paper proposes a system to provide better results for SQLIA prevention than previous methodologies, taking in consideration the accuracy of the system and its learning capability and flexibility to deal with the issue of uncertainty. The proposed system for SQLIA detection and prevention has been realized on an Adaptive Neuro-Fuzzy Inference System (ANFIS). In addition, the developed system has been enhanced through the use of Fuzzy C-Means (FCM) to deal with the uncertainty problem associated with SQL features. Moreover, Scaled Conjugate Gradient algorithm (SCG) has been utilized to increase the speed of the proposed system drastically. The proposed system has been evaluated using a well-known dataset, and the results show a significant enhancement in the detection and prevention of SQLIAs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Granules-Based Rough Set Theory for Circuit Breaker Fault Diagnosis

next chapter Convolutional Neural Network with Batch Normalization for Classification of Endoscopic Gastrointestinal Diseases

O.W.A.S.P.Top10Vulnerabilities.https://www.owasp.org/index.php/Top_10_2013-Top_10. Accessed 1 Dec 2016\

Shegokar, A., Manjaramkar, A.: A survey on SQL injection attack, detection and prevention techniques. Int. J. Comput. Sci. Inf. Technol. 5(2), 2553–2555 (2014)

Halfond, W., Orso, A.: AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks. In: 20th IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183, USA (2005)

Bhagat, M., Mane, V.: Protection of web application against SQL injection attack. Int. J. Sci. Res. Publ. 3(10), 1–5 (2013)

Moosa, A.: Artificial neural network based web application firewall for SQL injection. Int. J. Comput. Electr. Autom. Control Inf. Eng. 4(4), 12–21 (2010)

Nithya, V., Regan, R.: A survey on SQL injection attacks, their detection and prevention techniques. Int. J. Eng. Comput. Sci. 2(4), 886–905 (2013)

Tajpour, A., Massrum, M., Heydari, Z.: Comparison of SQL injection detection and prevention techniques. In: 2nd International Conference on Education Technology and Computer, China, pp. 174–179 (2010)

Gomaa, Y., El Aziz Ahmed, A., Mahmood, M., Hefny, H.: Survey on securing a querying process by blocking SQL injection. In: 3rd World Conference on Complex Systems, pp. 1–7, Morocco (2015)

Som, S., Sinha, S., Kataria, R.: Study on SQL injection attacks: mode, detection and prevention. Int. J. Eng. Appl. Sci. Technol. 1(8), 23–29 (2016)

10.

Verma, N.: A detailed study on prevention of SQLI attacks for web security. Int. J. Comput. Appl. Technol. Res. 1(4), 308–311 (2015)

11.

Kumar, P., Pateriya, K.: A survey on SQL injection attacks, detection and prevention techniques. In: 3rd International Conference on Computing Communication & Networking Technologies, India, pp. 1–5 (2012)

12.

Al-Khashab, E., Al-Anzi, F., Salman, A.: PSIAQOP: preventing SQL injection attacks based on query optimization process. In: The 2nd Kuwait Conference on e-Services and e-Systems, Kuwait, pp. 1–10 (2011)

13.

Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Austria, pp. 123–140 (2005)

14.

Wu, X., Chan, P.: SQL injection attacks detection in adversarial environments by K-centers. In: International Conference on Machine Learning and Cybernetic, China, pp. 406–410 (2012)

15.

Basta, C., Elfatatry, A., Darwish, S.: Detection of SQL injection using a genetic fuzzy classifier system. Int. J. Adv. Comput. Sci. Appl. 7(6), 129–137 (2016)

16.

Komiya, R., Paik, I., Hisada, M.: Classification of malicious web code by machine learning. In: 3rd International Conference on Awareness Science and Technology, China, pp. 406–411 (2011)

17.

Wang, X., Zhai, J.: Learning with Uncertaintey. CRC Press, pp. 1–227 (2016). ISBN 9781498724128 - CAT# K25713

18.

Hammer, B., Villmann, T.: How to process uncertainty in machine learning? In: European Symposium on Artificial Neural Networks, Belgium, pp. 79–90 (2007)

19.

Toosi, A., Kahani, M.: A novel soft computing model using adaptive neuro-fuzzy inference system for intrusion detection. In: The 2007 IEEE International Conference on Networking, Sensing and Control, UK, pp. 15–17 (2007

20.

Wu, X., Zhu, X., Li, X., Yu, H.: Realization of an improved adaptive neuro-fuzzy inference system in DSP. In: The International Symposium on Neural Networks, pp. 170–178. Springer (2007)

21.

Ghaffari, A., Abdollahi, H., Khoshayand, M., Bozchalooi, I., Dadgar, A., Rafiee-Tehrani, M.: Performance comparison of neural network training algorithms in modeling of bimodal drug delivery. Int. J. Pharm. 327(1), 126–138 (2006)CrossRef

22.

Falas, T., Stafylopatis, A.: Implementing temporal-difference learning with the scaled conjugate gradient algorithm. Neural Process. Lett. 22(3), 361–375 (2005)CrossRef

23.

Tajpour, A., Ibrahim, S., Masrom, M.: SQL injection detection and prevention techniques. Int. J. Adv. Comput. Technol. 3(7), 82–91 (2011)

24.

Wassermann, G., Su, Z.: An analysis framework for security in Web applications. In: The FSE Workshop on Specification and Verification of Component-Based Systems, pp. 70–78 (2004)

25.

Buehrer, G., Weide, B., Sivilotti, P.: Using parse tree validation to prevent SQL injection attacks. In: The 5th International Workshop on Software Engineering and Middleware, pp. 106–113 (2005)

26.

Bandhakavi, S., Bisht, P., Madhusudan, P., Venkatakrishnan, V.: CANDID: preventing SQL injection attacks using dynamic candidate evaluations. In: The 14th ACM Conference on Computer and Communications Security, pp. 12–24 (2007)

27.

Singh, S., Tripathi, U., Mishra, M.: Detection and prevention of SQL injection attack using hashing technique. Int. J. Mod. Commun. Technol. Res. 2(9), 27–30 (2014)

28.

Shar, L., Tan, H.: Defeating SQL injection. Comput. Softw. Eng. 46(3), 69–77 (2013)

29.

Tajpour, A., JorJor Zade Shooshtari, M.: Evaluation of SQL injection detection and prevention techniques. In: 2nd IEEE International Conference on Computational Intelligence, Communication Systems and Networks, UK, pp. 216–221 (2010)

30.

Sheykhkanloo, N.: SQL-IDS: evaluation of SQLI attack detection and classification based on machine learning techniques. In: The 8th International Conference on Security of Information and Networks, USA, pp. 258–266 (2015)

31.

Sheykhkanloo, N.: Employing neural networks for the detection of SQL injection attack. In: The 7th International Conference on Security of Information and Networks, UK, pp. 318–323 (2014)

32.

Shahriar, H., Haddad, H.: Risk assessment of code injection vulnerabilities using fuzzy logic-based system. In: The 29th Annual ACM Symposium on Applied Computing, Korea, pp. 1164–1170 (2014)

33.

Joshi, A., Geetha, V.: SQL injection detection using machine learning. In: The International Conference on Control, Instrumentation, Communication and Computational Technologies, India, pp. 1111–1115 (2014)

34.

Othman1, M., Yau, T.: Neuro fuzzy classification and detection technique for bioinformatics problems. In: The First Asia International Conference on Modelling & Simulation (AMS’07), pp. 375–380 (2007)

35.

Batista, L., et al. Fuzzy neural networks to create an expert system for detecting attacks by SQL injection. Int. J. Forensic Comput. Sci. 13(1), 8–21 (2018)

36.

Abdulshahed, A., Longstaff, A., Fletcher, S., Myers, A.: Thermal error modelling of machine tools based on Anfis with fuzzy C-means clustering using a thermal imaging camera. Appl. Math. Model. 39(7), 1837–1852 (2015)CrossRef

37.

Sharma, B., Venugopalan, K.: Comparison of neural network training functions for hematoma classification in brain CT images. J. Comput. Eng. 16(1), 31–35 (2014)

38.

Hager, W., Zhang, H.: A survey of nonlinear conjugate gradient methods. Pacific J. Optim. 2(1), 35–58 (2006)MathSciNetMATH

39.

Halfond, W.: Testbed. http://wwwbcf.usc.edu/~halfond/testbed.html

40.

Nasr, M., Mahmoud, A., Fawzy, M., Radwan, A.: Artificial intelligence modeling of cadmium biosorption using rice straw. Appl. Water Sci. 7(2), 823–831 (2017)CrossRef

41.

Sehga, P.: Prerana: comparative study of GD, LM and SCG method of neural network for thyroid disease diagnosis. Int. J. Appl. Res. 1(10), 34–39 (2015)

Title: SQL Injection Attacks Detection and Prevention Based on Neuro—Fuzzy Technique
Authors: Doaa E. Nofal
Abeer A. Amer
Publisher: Springer International Publishing
Book: Machine Learning and Big Data Analytics Paradigms: Analysis, Applications and Challenges
Print ISBN: 978-3-030-59337-7

Electronic ISBN: 978-3-030-59338-4

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-59338-4_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner