Visible to the public Predicting Confidentiality, Integrity, and Availability from SQL Injection Payload

Submitted by grigby1 on Fri, 02/03/2023 - 3:49pm
TitlePredicting Confidentiality, Integrity, and Availability from SQL Injection Payload
Publication TypeConference Paper
Year of Publication2022
AuthorsMuliono, Yohan, Darus, Mohamad Yusof, Pardomuan, Chrisando Ryan, Ariffin, Muhammad Azizi Mohd, Kurniawan, Aditya
Conference Name2022 International Conference on Information Management and Technology (ICIMTech)
KeywordsAdaptation models, Availability, confidentiality, Deep Learning, Detectors, Firewalls (computing), Human Behavior, integrity, Metrics, policy-based governance, privacy, pubcrawl, resilience, Resiliency, security information and event management, SIEM, SQL Injection, SQL injection detection, support vector machine, Support vector machines, Training data
AbstractSQL Injection has been around as a harmful and prolific threat on web applications for more than 20 years, yet it still poses a huge threat to the World Wide Web. Rapidly evolving web technology has not eradicated this threat; In 2017 51 % of web application attacks are SQL injection attacks. Most conventional practices to prevent SQL injection attacks revolves around secure web and database programming and administration techniques. Despite developer ignorance, a large number of online applications remain susceptible to SQL injection attacks. There is a need for a more effective method to detect and prevent SQL Injection attacks. In this research, we offer a unique machine learning-based strategy for identifying potential SQL injection attack (SQL injection attack) threats. Application of the proposed method in a Security Information and Event Management(SIEM) system will be discussed. SIEM can aggregate and normalize event information from multiple sources, and detect malicious events from analysis of these information. The result of this work shows that a machine learning based SQL injection attack detector which uses SIEM approach possess high accuracy in detecting malicious SQL queries.
DOI10.1109/ICIMTech55957.2022.9915227
Citation Keymuliono_predicting_2022
Groups: