Visible to the public Web Browser Extension Development of Structured Query Language Injection Vulnerability Detection Using Long Short-Term Memory Algorithm

Submitted by grigby1 on Fri, 04/14/2023 - 3:14pm
TitleWeb Browser Extension Development of Structured Query Language Injection Vulnerability Detection Using Long Short-Term Memory Algorithm
Publication TypeConference Paper
Year of Publication2022
AuthorsTurnip, Togu Novriansyah, Aruan, Hotma, Siagian, Anita Lasmaria, Siagian, Leonardo
Conference Name2022 IEEE International Conference of Computer Science and Information Technology (ICOSNIKOM)
Keywordsbrowser extension, browser security, Browsers, Classification algorithms, compositionality, Deep Learning, Human Behavior, long short-term memory (LSTM), Metrics, pubcrawl, resilience, Resiliency, SQL Injection, static analysis, Structured Query Language, Uniform resource locators, Web pages, web security
AbstractStructured Query Language Injection (SQLi) is a client-side application vulnerability that allows attackers to inject malicious SQL queries with harmful intents, including stealing sensitive information, bypassing authentication, and even executing illegal operations to cause more catastrophic damage to users on the web application. According to OWASP, the top 10 harmful attacks against web applications are SQL Injection attacks. Moreover, based on data reports from the UK's National Fraud Authority, SQL Injection is responsible for 97% of data exposures. Therefore, in order to prevent the SQL Injection attack, detection SQLi system is essential. The contribution of this research is securing web applications by developing a browser extension for Google Chrome using Long Short-Term Memory (LSTM), which is a unique kind of RNN algorithm capable of learning long-term dependencies like SQL Injection attacks. The results of the model will be deployed in static analysis in a browser extension, and the LSTM algorithm will learn to identify the URL that has to be injected into Damn Vulnerable Web Application (DVWA) as a sample-tested web application. Experimental results show that the proposed SQLi detection model based on the LSTM algorithm achieves an accuracy rate of 99.97%, which means that a reliable client-side can effectively detect whether the URL being accessed contains a SQLi attack or not.
DOI10.1109/ICOSNIKOM56551.2022.10034905
Citation Keyturnip_web_2022
Groups: