AN ENHANCED SQL INJECTION DETECTION USING ENSEMBLE METHOD
Abstract
SQL injection is a cybercrime that attacks websites. This issue is still a challenging issue in the realm of security that must be resolved. These attacks are very costly financially, which count millions of dollars each year. Due to large data leaks, the losses also impact the world economy, which averages nearly $50 per year, and most of them are caused by SQL injection. In a study of 300,000 attacks worldwide in any given month, 24.6% were SQL injection. Therefore, implementing a strategy to protect against web application attacks is essential and not easy because we have to protect user privacy and enterprise data. This study proposes an enhanced SQL injection detection using the voting classifier method based on several machine learning algorithms. The proposed classifier could achieve the highest accuracy from this research in 97.07%.
Full Text:
PDFReferences
D. Morgan, “Web application security - SQL injection attacks,” Netw. Secur., vol. 2006, no. 4, pp. 4–5, Apr. 2006, doi: 10.1016/S1353-4858(06)70353-1.
M. Hasan, Z. Balbahaith, and M. Tarique, “Detection of SQL Injection Attacks: A Machine Learning Approach,” 2019 Int. Conf. Electr. Comput. Technol. Appl. ICECTA 2019, 2019, doi: 10.1109/ICECTA48151.2019.8959617.
P. Tang, W. Qiu, Z. Huang, H. Lian, and G. Liu, “Detection of SQL injection based on artificial neural network,” Knowledge-Based Syst., vol. 190, p. 105528, Feb. 2020, doi: 10.1016/j.knosys.2020.105528.
Q. Li, F. Wang, J. Wang, and W. Li, “LSTM-Based SQL Injection Detection Method for Intelligent Transportation System,” IEEE Trans. Veh. Technol., vol. 68, no. 5, pp. 4182–4191, 2019, doi: 10.1109/TVT.2019.2893675.
S. O. and E.-Y. M. B., “Neutralizing SQL Injection Attack on Web Application Using Server Side Code Modification,” Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 5, no. 3, pp. 158–173, 2019, doi: 10.32628/cseit1952339.
C. Moral, A. de Antonio, R. Imbert, and J. Ramírez, “A Survey of Stemming Algorithms in Information Retrieval, Information Research: An International Electronic Journal, 2014-Mar,” p. 22, 2014, [Online]. Available: https://eric.ed.gov/?id=EJ1020841.
L. Skorkovská, “Application of lemmatization and summarization methods in topic identification module for large scale language modeling data filtering,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2012, vol. 7499 LNAI, pp. 191–198, doi: 10.1007/978-3-642-32790-2_23.
U. Salamah, “A Comparison of Text Classification Techniques Applied to Indonesian Text Dataset,” Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., pp. 217–222, Dec. 2019, doi: 10.32628/cseit195629.
Q. Liao and J. Li, “An adaptive reduced basis ANOVA method for high-dimensional Bayesian inverse problems,” J. Comput. Phys., vol. 396, no. June, pp. 364–380, 2019, doi: 10.1016/j.jcp.2019.06.059.
E. G. Adagbasa, S. A. Adelabu, and T. W. Okello, “Application of deep learning with stratified K-fold for vegetation species discrimation in a protected mountainous region using Sentinel-2 image,” Geocarto Int., vol. 0, no. 0, pp. 1–21, 2019, doi: 10.1080/10106049.2019.1704070.
M. S. Santos, J. P. Soares, P. H. Abreu, H. Araujo, and J. Santos, “Cross-validation for imbalanced datasets: Avoiding overoptimistic and overfitting approaches [Research Frontier],” IEEE Comput. Intell. Mag., vol. 13, no. 4, pp. 59–76, 2018, doi: 10.1109/MCI.2018.2866730.
Y. Fan et al., “Privacy preserving based logistic regression on big data,” J. Netw. Comput. Appl., vol. 171, p. 102769, 2020, doi: 10.1016/j.jnca.2020.102769.
T. Xiong and V. Cherkassky, “A combined SVM and LDA approach for classification,” Proc. Int. Jt. Conf. Neural Networks, vol. 3, pp. 1455–1459, 2005, doi: 10.1109/IJCNN.2005.1556089.
K. P. Merry and K. Tanchak, “Typecasting of Microarray Data Using Machine Learning Algorithms,” Procedia Comput. Sci., vol. 171, no. 2019, pp. 2572–2580, 2020, doi: 10.1016/j.procs.2020.04.279.
S. Lee, B. KC, and J. Y. Choeh, “Comparing performance of ensemble methods in predicting movie box office revenue,” Heliyon, vol. 6, no. 6, p. e04260, 2020, doi: 10.1016/j.heliyon.2020.e04260.
S.S.H, Shah, “Sql Injection Dataset,” Kaggle, 2022, url: https://www.kaggle.com/datasets/syedsaqlainhussain/sql-injection-dataset.
D.A. Setyawan, C. Fatichah, “Enhancement Of Decision Tree Method Based On Hierarchical Clustering And Dispersion Ratio,” Jurnal Ilmiah Teknologi Informasi (JUTI), Vol. 18, No. 2, July 2020, doi: http://dx.doi.org/10.12962/j24068535.v18i2.a1005
DOI: http://dx.doi.org/10.12962/j24068535.v21i1.a1060
Refbacks
- There are currently no refbacks.