Litcius/Paper detail

Defending against SQL Injection Attacks in Web Applications using Machine Learning and Natural Language Processing

Bronjon Gogoi, Tasiruddin Ahmed, Arabinda Dutta

20212021 IEEE 18th India Council International Conference (INDICON)18 citationsDOI

Abstract

Today, most organizations use web applications for the delivery of services over the Internet. The risks to web applications have increased as their use has risen. SQL Injection Attack is a commonly exploited vulnerability used for stealing credentials, destroying and compromising data, and bypassing authentication and authorization controls of a web application. Traditional methods of detecting SQL injection attacks include software and hardware-based Web Application Firewalls, programmatic defense techniques like input filtering, input validation, using parameterized queries etc. and static and dynamic analysis are not sufficient for detection and prevention of SQLIA in web applications. In this paper, we present an approach to detecting SQLIA using NLP and Machine Learning. Experimental results show that the approach can detect SQLIA with precision, recall and an f1-score of 99.9.

Topics & Concepts

SQL injectionComputer scienceWeb applicationWeb application securityCross-site scriptingSQLThe InternetWorld Wide WebDatabaseWeb developmentQuery by ExampleSearch engineWeb search queryWeb Application Security VulnerabilitiesNetwork Security and Intrusion DetectionAdvanced Malware Detection Techniques