Abstract
Lack of secure codes implemented in the web apps will lead to cyber-attack because of vulnerabilities. The statistic shows that highest record on the data theft related cyber-attacks are through the SQL injection technique. Hence, an effective SQL injection detection is needed in any web system to combat this threat. In this research, machine learning technique is used where training is provided to the SQL injection detector using a training data and then is evaluated against a testing data. The research relies on the preparation of the training and testing datasets. Training sets are used by the detector to establish the knowledge base and the test set is used to evaluate the performance of the detector. The result of the detection shows that the proposed technique produces high accuracy in recognizing malicious and benign web requests.
Highlights
As data is the most critical asset to any organisation nowadays, the rise of cyber threat and cyberattack to the organisation's database is increasing
The web system responds by sending the request to the application server and records any transactions in the access log file (AltexSoft, 2019)
The developed tool extracts the URL and queries which appear inside the access.log files from the application server, (Apache server) and converts it into five sets of signatures as k-fold cross validation (Wong and Yang, 2017)
Summary
As data is the most critical asset to any organisation nowadays, the rise of cyber threat and cyberattack to the organisation's database is increasing. Hackers are the culprit and threat to data privacy and as an example, they could launch an SQL Injection Attack (SQLIA) against vulnerable websites. There are many existing tools that can be used to check a website's vulnerabilities and execute hacking activities automatically. These tools give an attacker more chance of getting into the web system database. It is hard to implement secure codes to defend websites against such attacks. The systems they developed are vulnerable to SQL injection attacks. SQL injection is a type of attack to manipulate the website to disclose sensitive data by injecting malicious SQL queries to the database. If the SQL injection can be recognised earlier, it can help security officer or security analyst to terminate the attack
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
