Litcius/Paper detail

Multi-Phase Algorithmic Framework to Prevent SQL Injection Attacks using Improved Machine learning and Deep learning to Enhance Database security in Real-time

Ahmed Abadulla Ashlam, Atta Badii, Frederic Stahl

202215 citationsDOI

Abstract

Structured Query Language (SQL) Injection constitutes a most challenging type of cyber-attack on the security of databases. SQLI attacks provide opportunities by malicious actors to exploit the data, particularly client personal data. To counter these attacks security measures need to be deployed at all layers, namely application layer, network layer, and database layer; otherwise, the database remains vulnerable to attacks at all levels. Research studies have demonstrated that lack of input validation, incorrect use of dynamic SQL, and inconsistent error handling have continued to expose databased to SQ LI attacks. The security measures commonly deployed presently, being mostly focused on the network layer only, still leave the program code and the database at risk despite well-established approaches such as web server requests filtering, network firewalls and database access control. To overcome this deficiency, a Multi-Phase algorithmic framework is proposed with improved parameterised machine learning and deep learning to enhance database security in real-time at the database layer. The proposed method has been tested within a university and also in one of the branches of a commercial bank. The results show that the proposed method is able to i) prevent SQLi; ii) classify the type of attack during the detection process, and therefore iii) secure the database.

Topics & Concepts

Computer scienceSQL injectionSQLDatabaseArtificial intelligenceMachine learningQuery by ExampleInformation retrievalSearch engineWeb search queryWeb Application Security VulnerabilitiesNetwork Security and Intrusion DetectionSecurity and Verification in Computing