Review of SQL injection attacks: Detection, to enhance the security of the website from client-side attacks

Document Type : Research Paper

Authors

1 Computer science Department, Informatics Institute for Postgraduate Studies, Iraq

2 University of Information Technology and Communications, Iraq

Abstract

The importance of cyber-security in protecting data and information is huge in this era of technology. With the number of cyber-attacks increasing daily, the security system has been developing for several years because we have been concerned about predicting and preventing cyber-attacks. The top 10 security threats identified by the OWASP are injection attacks. The most common vulnerability is SQL injection and is the most dangerous security vulnerability due to the multiplicity of its types and the rapid changes that can be caused by SQL injection and may lead to financial loss, data leakage, and significant damage to the database and this causes the site to be paralyzed. Detecting SQL injections is still a difficult task. How to successfully defend against SQL injection attacks has become the focus and frontier of web security in recent years. Machine learning has proven successful against these threats and effectively prevents and detects cross-site scripting and SQL input in web applications. Machine learning is used to analyze and identify security vulnerabilities. It uses classic machine learning algorithms and deep learning to evaluate the classified model using input validation features.

Keywords

[1] M. Hasan, Z. Balbahaith and M. Tarique, Detection of SQL injection attacks: A machine learning approach, Int. Conf. Electr. Comput. Technol. Appl. (ICECTA), 2019, p. 1-6.
[2] P. Ongsulee, Artificial intelligence, machine learning, and deep learning, 15th Int. Conf. ICT Knowledge Engin. 2017, p. 1–6.
[3] M.T. Muslihi and D. Alghazzawi, Detecting SQL injection on web application using deep learning techniques: A systematic literature review, Third Int. Conf. Vocational Edu. Electr. Eng. (ICVEE), 2020, p. 1–6.
[4] N. Singh, M. Dayal, S.R.Raw and S. Kumar, SQL injection: Types, methodology, attack queries and prevention, 3rd Int. Conf. Comput. Sustainable Global Dev. (INDIACom), 2016, p. 2872–2876.
[5] K. Zhang, A machine learning-based approach to identify SQL injection vulnerabilities, 2019 34th IEEE/ACM Int. Conf. Autom. Software Eng. (ASE), 2019, p. 1286-1288.
[6] S.S.A. Krishnan, A.N. Sabu, P.P. Sajan and A.L. Sreedeep SQL Injection detection using machine learning, Rev. Gest ao Inova¸cao e Tecnol. 11(3) (2021) 300–310.
[7] K. Kamtuo and C. Soomlek, Machine learning for SQL injection prevention on server-side scripting, 2016 Int. Comput. Sci. Engin. Conf. IEEE, 2016, p. 1–6.
[8] K. Ross, M. Moh, J. Yao and S.T. Moh, Multi-source data analysis and evaluation of machine learning techniques for SQL injection detection, Proc. ACMSE 2018 Conf., vol. 2018-Janua, 2018, p. 1-8.
[9] D. Tripathy, R.Gohil and T. Halabi, Detecting SQL injection attacks in cloud SaaS using machine learning, 2020 IEEE 6th Intl Conf. Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Int. Conf. Intell. Data Secur. (IDS), 2020, p. 145-150.
[10] Q. Li, W. Li, J. Wang and M. Cheng, A SQL injection detection method based on adaptive deep forest, IEEE Access 7 (2019) 145385–145394.
[11] A. Alam, M. Tahreen, M. Alam, S. A. Mohammad and S. Rana, SCAMM: Detection and prevention of SQL injection attacks using a machine learning approach, Doctoral dissertation, Brac University, 2021.
[12] P. Tang, W. Qiu, Z. Huang, H. Lian and G. Liu Detection of SQL injection based on artificial neural network, Knowledge-Based Syst. 190 (2020), 105528.
[13] A. Luo, W. Huang and W. Fan, A CNN-based approach to the detection of SQL injection attacks, 2019 IEEE/ACIS 18th Int. Conf. Comput. Inf. Sci. (ICIS), 2019, p. 320-324.
[14] N. Gandhi, J. Patel, R. Sisodiya, N. Doshi and S. Mishra A CNN-BiLSTM based approach for detection of SQL injection attacks, Proc. 2nd IEEE Int. Conf. Comput. Intell. Knowl. Econ. ICCIKE 2021, p. 378-383.
[15] X. Xie, C. Ren, Y. Fu, J. Xu and J. Guo SQL injection detection for web applications based on elastic-pooling CNN, IEEE Access 7 (2019), 151475–151481.
[16] SQL injection attacks-web-based app security, part 4 spanning, https://spanning.com/blog/sql-injection-attacks-web-based-application-security-part-4/ (accessed Dec. 30, 2021).
[17] OWASP top ten web application security risks OWASP, https://owasp.org/www-project-top-ten/ (accessed Jan. 04, 2022).
[18] What is SQL injection SQLI attack example & prevention methods imperva, https://www.imperva.com/learn/application-security/sql-injection-sqli/ (accessed Dec. 30, 2021).
[19] World internet users statistics and 2021 world population stats, https://www.internetworldstats.com/stats.htm (accessed Jan. 03, 2022).
Volume 13, Issue 1
March 2022
Pages 3773-3782
  • Receive Date: 06 June 2021
  • Revise Date: 02 March 2021
  • Accept Date: 22 October 2021