Abstract
SQL Injection (SQLI) is one of the most popular vulnerabilities of web applications. The consequences of SQL injection attack include the possibility of stealing sensitive information or bypassing authentication procedures. SQL injection attacks have different forms and variations. One difficulty in detecting malicious attacks is that such attacks do not have a specific pattern. A new fuzzy rule-based classification system (FBRCS) can tackle the requirements of the current stage of security measures. This paper proposes a genetic fuzzy system for detection of SQLI where not only the accuracy is a priority, but also the learning and the flexibility of the obtained rules. To create the rules having high generalization capabilities, our algorithm builds on initial rules, data-dependent parameters, and an enhancing function that modifies the rule evaluation measures. The enhancing function helps to assess the candidate rules more effectively based on decision subspace. The proposed system has been evaluated using a number of well-known data sets. Results show a significant enhancement in the detection procedure
Highlights
Web applications are vulnerable to numerous attacks
We proposed a genetic- fuzzy rule-based classification system for the SQL Injection (SQLI) attack detection
The SQL statement is treated as a feature vector that characterizes the SQLI attack keywords
Summary
Web applications are vulnerable to numerous attacks. SQL injection attacks are a type of vulnerability that is caused by insufficient input validation. Such attacks occur when data provided by the user is not properly validated and included directly in an SQL query. By leveraging these vulnerabilities, an attacker can submit SQL commands directly to the database. Web applications are threatened by this kind of vulnerability that uses user input to form SQL queries to access an underlying database [3]. SQL injection attacks are classified into seven types: tautologies, illegal/logically incorrect queries, piggy-backed queries, stored queries, inference and alternate encodings [2] [4] [5]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
