Abstract
Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.
Highlights
SQL is a programming language designed for handling data in a Relational Database Management System (RDBMS) [17]
SQLi attack is a technology weakness that comes from dynamic script language such as PHP: Hypertext Processor (PHP), Active Server Pages (ASP), Java Server pages (JSP) and Common Gateway Interface (CGI)
It takes advantages of inappropriate and/or poor coding of web applications that allows hackers to inject malformed SQL commands in order to gain un-authorised access to data resides in the related back-end database
Summary
SQL is a programming language designed for handling data in a Relational Database Management System (RDBMS) [17]. SQLi attack is a technology weakness that comes from dynamic script language such as PHP: Hypertext Processor (PHP), Active Server Pages (ASP), Java Server pages (JSP) and Common Gateway Interface (CGI) It takes advantages of inappropriate and/or poor coding of web applications that allows hackers to inject malformed SQL commands in order to gain un-authorised access to data resides in the related back-end database. The author further investigates the performance of the previous proposal [14,15,16] by implementing two different test beds and scenarios This includes employing different sets of data for the developed NN-based model in order to demonstrate the effectiveness of the proposed technique.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have