A Supervised Ensemble Learning-Based Approach to Mitigate SQL Injection Attack on Smart City Data

A Supervised Ensemble Learning-Based Approach to Mitigate SQL Injection Attack on Smart City Data

  IJETT-book-cover           
  
© 2023 by IJETT Journal
Volume-71 Issue-11
Year of Publication : 2023
Author : Asifiqbal Sirmulla, M. Prabhakar
DOI : 10.14445/22315381/IJETT-V71I11P202

How to Cite?

Asifiqbal Sirmulla, M. Prabhakar, "A Supervised Ensemble Learning-Based Approach to Mitigate SQL Injection Attack on Smart City Data," International Journal of Engineering Trends and Technology, vol. 71, no. 11, pp. 18-26, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I11P202

Abstract
Currently, the use of internet-based applications and technologies has grown drastically. Due to this growth, a massive amount of data is generated and stored on webservers. This increased use of these technologies faces several challenges, such as data vulnerability, security threats and data privacy. SQL-based programming language is widely adopted to access these data due to its simple and efficient use. However, the attacks can use the SQL-based query injection method, where they can insert malicious queries, posing serious threats to the server. Several techniques have been presented in the past, such as blacklisting and rule-based detection methods, but these methods fail to detect SQL injection attacks due to their diversity in input queries. Thus, currently, machine learning-based schemes have gained massive attention in this field, where supervised and unsupervised methods are widely employed. However, the varying nature of SQL queries demands a stable architecture. This work presents a machine learning-based approach for SQL injection attack detection by introducing an ensemble machine learning approach where SVM, NN, discriminant and random forest classifiers are employed. The experimental analysis shows that the average accuracy performance is achieved as 95.88%, 96.23%, 96.61%, 95.11%, and 99.30% using KNN, Discriminant classifier, Naïve Bayes, SVM, and proposed ensemble classification.

Keywords
SQL injection, Machine learning, Ensemble learning, Malicious query prediction, SQLIA.

References
[1] Tomás Sureda Riera et al., “A New Multi-Label Dataset for Web Attacks CAPEC Classification Using Machine Learning Techniques,” Computers and Security, vol. 120, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Ayush Falor et al., “A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks,” Proceedings of Data Analytics and Management, pp. 293-304, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[3] O.P. Voitovych, O.S. Yuvkovetskyi, and L.M. Kupershtein, “SQL Injection Prevention System,” International Conference Radio Electronics and Info Communications (UkrMiCo), IEEE, pp. 1-4, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[4] William G.J. Halfond, and Alessandro Orso, “AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks,” Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, pp. 174-183, 2005.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Chrystian Byzdra, and Grzegorz Kozieł, “Analysis of the Defending Possibilities Against SQL Injection Attacks,” Journal of Computer Sciences Institute, vol. 13, pp. 339-344, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Haifeng Gu et al., “DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data,” IEEE Transactions on Reliability, vol. 69, no. 1, pp. 188-202, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Syed Saqlain Hussain Shah, SQL Injection Dataset, Kaggle. [Online]. Available: https://www.kaggle.com/datasets/syedsaqlainhussain/sql-injection-dataset
[8] Ryan J. Urbanowicz et al., “Relief-Based Feature Selection: Introduction and Review,” Journal of Biomedical Informatics, vol. 85, pp. 189-203, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Qi Li et al., “A SQL Injection Detection Method Based on Adaptive Deep Forest,” IEEE Access, vol. 7, pp. 145385-145394, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Qi Li et al., “LSTM-Based SQL Injection Detection Method for Intelligent Transportation System,” IEEE Transactions on Vehicular Technology, vol. 68, no. 5, pp. 4182-4191, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Ömer Kasim, “An Ensemble Classification-Based Approach to Detect Attack Level of SQL Injections,” Journal of Information Security and Applications, vol. 59, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Lucas Oliveira Batista et al., “Fuzzy Neural Networks to Create an Expert System for Detecting Attacks by SQL Injection,” The International Journal of Forensic Computer Science - IJoFCS, vol. 13, no. 1, pp. 8-21, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Dharitri Tripathy, Rudrarajsinh Gohil, and Talal Halabi, “Detecting SQL Injection Attacks in Cloud Saas Using Machine Learning,” IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), IEEE, pp. 145-150, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Z. Zhuo et al., “Long Short-Term Memory on Abstract Syntax Tree for SQL Injection Detection,” IET Software, vol. 15, no. 2, pp. 188-197, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Yong Fang et al., “WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM,” Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 170-174, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Meriem Kherbache, Kamal Amroun, and David Espes, “A New Wrapper Feature Selection Model for Anomaly-Based Intrusion Detection Systems,” International Journal of Security and Networks, vol. 17, no. 2, pp. 107-123, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Aqsa Afroz et al., “An Algorithm for Prevention and Detection of Cross Site Scripting Attacks,” SSRG International Journal of Computer Science and Engineering, vol. 7, no. 7, pp. 8-18, 2020.
[CrossRef] [Publisher Link]