Biblio
Filters: Author is Ariffin, Muhammad Azizi Mohd [Clear All Filters]
Predicting Confidentiality, Integrity, and Availability from SQL Injection Payload. 2022 International Conference on Information Management and Technology (ICIMTech). :600–605.
.
2022. SQL Injection has been around as a harmful and prolific threat on web applications for more than 20 years, yet it still poses a huge threat to the World Wide Web. Rapidly evolving web technology has not eradicated this threat; In 2017 51 % of web application attacks are SQL injection attacks. Most conventional practices to prevent SQL injection attacks revolves around secure web and database programming and administration techniques. Despite developer ignorance, a large number of online applications remain susceptible to SQL injection attacks. There is a need for a more effective method to detect and prevent SQL Injection attacks. In this research, we offer a unique machine learning-based strategy for identifying potential SQL injection attack (SQL injection attack) threats. Application of the proposed method in a Security Information and Event Management(SIEM) system will be discussed. SIEM can aggregate and normalize event information from multiple sources, and detect malicious events from analysis of these information. The result of this work shows that a machine learning based SQL injection attack detector which uses SIEM approach possess high accuracy in detecting malicious SQL queries.
Threats and Vulnerabilities Handling via Dual-stack Sandboxing Based on Security Mechanisms Model. 2022 IEEE 12th International Conference on Control System, Computing and Engineering (ICCSCE). :113–118.
.
2022. To train new staff to be efficient and ready for the tasks assigned is vital. They must be equipped with knowledge and skills so that they can carry out their responsibility to ensure smooth daily working activities. As transitioning to IPv6 has taken place for more than a decade, it is understood that having a dual-stack network is common in any organization or enterprise. However, many Internet users may not realize the importance of IPv6 security due to a lack of awareness and knowledge of cyber and computer security. Therefore, this paper presents an approach to educating people by introducing a security mechanisms model that can be applied in handling security challenges via network sandboxing by setting up an isolated dual stack network testbed using GNS3 to perform network security analysis. The finding shows that applying security mechanisms such as access control lists (ACLs) and host-based firewalls can help counter the attacks. This proves that knowledge and skills to handle dual-stack security are crucial. In future, more kinds of attacks should be tested and also more types of security mechanisms can be applied on a dual-stack network to provide more information and to provide network engineers insights on how they can benefit from network sandboxing to sharpen their knowledge and skills.