A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.

Download Full-text

Models and scenarios of implementation of threats for internet resources

Российский технологический журнал ◽

10.32362/2500-316x-2020-8-6-9-33 ◽

2020 ◽

Vol 8 (6) ◽

pp. 9-33

Author(s):

S. A. Lesko

Keyword(s):

Web Application ◽

Query Language ◽

Sql Injection ◽

Web Resource ◽

Injection Attacks ◽

Sql Injections ◽

Sql Injection Attacks ◽

Client Side ◽

Cross Site ◽

The Web

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

Download Full-text

WLI Fuzzy Clustering and Adaptive Lion Neural Network (ALNN) for Cloud Intrusion Detection

International Journal of Distributed Artificial Intelligence ◽

10.4018/ijdai.2019010101 ◽

2019 ◽

Vol 11 (1) ◽

pp. 1-17

Author(s):

Pinki Sharma ◽

Jyotsna Sengupta ◽

P. K. Suri

Keyword(s):

Neural Network ◽

Fuzzy Clustering ◽

Clustered Data ◽

False Positive Rate ◽

Cloud Service ◽

True Positive Rate ◽

Aggregated Data ◽

Marquardt Algorithm ◽

Positive Rate ◽

And Performance

Cloud computing is the internet-based technique where the users utilize the online resources for computing services. The attacks or intrusion into the cloud service is the major issue in the cloud environment since it degrades performance. In this article, we propose an adaptive lion-based neural network (ALNN) to detect the intrusion behaviour. Initially, the cloud network has generated the clusters using a WLI fuzzy clustering mechanism. This mechanism obtains the different numbers of clusters in which the data objects are grouped together. Then, the clustered data is fed into the newly designed adaptive lion-based neural network. The proposed method is developed by the combination of Levenberg-Marquardt algorithm of neural network and adaptive lion algorithm where female lions are used to update the weight adaptively using lion optimization algorithm. Then, the proposed method is used to detect the malicious activity through training process. Thus, the different clustered data is given to the proposed ALNN model. Once the data is trained, then it needs to be aggregated. Subsequently, the aggregated data is fed into the proposed ALNN method where the intrusion behaviour is detected. Finally, the simulation results of the proposed method and performance is analysed through accuracy, false positive rate, and true positive rate. Thus, the proposed ALNN algorithm attains 96.46% accuracy which ensures better detection performance.

Download Full-text

Bind but Dynamic Technique

Handbook of Research on Innovations in Database Technologies and Applications ◽

10.4018/978-1-60566-242-8.ch093 ◽

2009 ◽

pp. 880-890

Author(s):

Ahmad Hammoud ◽

Ramzi A. Haraty

Keyword(s):

Web Application ◽

Efficient Solution ◽

Web Applications ◽

Query Language ◽

Sql Injection ◽

Injection Attacks ◽

Dynamic Technique ◽

Structured Query Language ◽

Sql Injection Attacks ◽

Web Developers

Most Web developers underestimate the risk and the level of damage that might be caused when Web applications are vulnerable to SQL (structured query language) injections. Unfortunately, Web applications with such vulnerability constitute a large part of today’s Web application landscape. This article aims at highlighting the risk of SQL injection attacks and provides an efficient solution.

Download Full-text

A hybrid optimization-based deep belief neural network for the classification of vegetation area in multi-spectral satellite image

International Journal of Knowledge-based and Intelligent Engineering Systems ◽

10.3233/kes-170376 ◽

2021 ◽

Vol 24 (4) ◽

pp. 363-379

Author(s):

Anil B. Gavade ◽

Vijay S. Rajpurohit

Keyword(s):

Neural Network ◽

Land Use ◽

Land Cover ◽

False Positive Rate ◽

Satellite Image ◽

Harmony Search ◽

Classification Problem ◽

True Positive Rate ◽

Positive Rate

Over the last few decades, multiple advances have been done for the classification of vegetation area through land cover, and land use. However, classification problem is one of the most complicated and contradicting problems that has received considerable attention. Therefore, to tackle this problem, this paper proposes a new Firefly-Harmony search based Deep Belief Neural Network method (FHS-DBN) for the classification of land cover, and land use. The segmentation process is done using Bayesian Fuzzy Clustering,and the feature matrix is developed. The feature matrix is given to the proposed FHS-DBN method that distinguishes the land coverfrom the land use in the multispectral satellite images, for analyzing the vegetation area. The proposed FHS-DBN method is designedby training the DBN using the FHS algorithm, which is developed by the combination of Firefly Algorithm (FA) and Harmony Search (HS) algorithm. The performance of the FHS-DBN model is evaluated using three metrics, such as Accuracy, True Positive Rate (TPR), and False Positive Rate (FPR). From the experimental analysis, it is concludedthat the proposed FHS-DBN model achieves ahigh classification accuracy of 0.9381, 0.9488, 0.9497, and 0.9477 usingIndian Pine, Salinas scene, Pavia Centre and university, and Pavia University scene dataset.

Download Full-text

Prevention of SQL Injection Attacks in Web Browsers

Cryptographic Solutions for Secure Online Banking and Commerce - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-0273-9.ch011 ◽

2016 ◽

pp. 174-208

Author(s):

Kannan Balasubramanian

Keyword(s):

Web Application ◽

Credit Card ◽

Web Applications ◽

Query Language ◽

User Input ◽

Server Side ◽

Injection Attacks ◽

Structured Query Language ◽

User Data ◽

Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

Download Full-text

Neural Network Detection and Segmentation of Mental Foramen in Panoramic Imaging

Journal of Clinical Pediatric Dentistry ◽

10.17796/1053-4625-44.3.6 ◽

2020 ◽

Vol 44 (3) ◽

pp. 168-173

Author(s):

Lazar Kats ◽

Marilena Vered ◽

Sigalit Blumer ◽

Eytan Kats

Keyword(s):

Neural Network ◽

Deep Learning ◽

Biomedical Application ◽

False Positive Rate ◽

True Positive Rate ◽

Mental Foramen ◽

Dice Similarity Coefficient ◽

Tel Aviv ◽

Positive Rate ◽

Panoramic Images

Objective: To apply the technique of deep learning on a small dataset of panoramic images for the detection and segmentation of the mental foramen (MF). Study design: In this study we used in-house dataset created within the School of Dental Medicine, Tel Aviv University. The dataset contained randomly chosen and anonymized 112 digital panoramic X-ray images and corresponding segmentations of MF. In order to solve the task of segmentation of the MF we used a single fully convolution neural network, that was based on U-net as well as a cascade architecture. 70% of the data were randomly chosen for training, 15% for validation and accuracy was tested on 15%. The model was trained using NVIDIA GeForce GTX 1080 GPU. The SPSS software, version 17.0 (Chicago, IL, USA) was used for the statistical analysis. The study was approved by the ethical committee of Tel Aviv University. Results: The best results of the dice similarity coefficient ( DSC), precision, recall, MF-wise true positive rate (MFTPR) and MF-wise false positive rate (MFFPR) in single networks were 49.51%, 71.13%, 68.24%, 87.81% and 14.08%, respectively. The cascade of networks has shown better results than simple networks in recall and MFTPR, which were 88.83%, 93.75%, respectively, while DSC and precision achieved the lowest values, 31.77% and 23.92%, respectively. Conclusions: Currently, the U-net, one of the most used neural network architectures for biomedical application, was effectively used in this study. Methods based on deep learning are extremely important for automatic detection and segmentation in radiology and require further development.

Download Full-text

Prevention of SQL Injection Attacks in Web Browsers

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch052 ◽

2018 ◽

pp. 1240-1274

Author(s):

Kannan Balasubramanian

Keyword(s):

Web Application ◽

Credit Card ◽

Web Applications ◽

Query Language ◽

User Input ◽

Server Side ◽

Injection Attacks ◽

Structured Query Language ◽

User Data ◽

Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

Download Full-text

Automatic Detection of HTTP Injection Attacks using Convolutional Neural Network and Deep Neural Network

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.941 ◽

2021 ◽

Author(s):

Victor Odumuyiwa ◽

Analogbei Chibueze

Keyword(s):

Neural Network ◽

Deep Learning ◽

Cyber Security ◽

Web Application ◽

False Positive Rate ◽

Attack Detection ◽

Detection Model ◽

Injection Attacks ◽

Rule Based Approach ◽

The Right

HTTP injection attacks are well known cyber security threats with fatal consequences. These attacks initiated by malicious entities (either human or computer) send dangerous or unsafe malicious contents into the parameters of HTTP requests. Combatting injection attacks demands for the development of Web Intrusion Detection Systems (WIDS). Common WIDS follow a rule-based approach or a signature-based approach which have the common problem of high false-positive rate (wrongly classifying malicious HTTP requests) hence making them restricted to only one type of web application. They are easily bypassed and unable to detect new kinds of malicious attacks as they lack a sufficient model of understanding the representations of HTTP request parameters. In this paper, deep learning techniques are used to develop models that would automatically detect injection attacks in HTTP requests. A special layer called the character embedding layer in the deep learning models is used to allow the learning of the representation of the request parameter of HTTP requests in higher abstract levels and also aid in learning the relationships between the characters of the request parameter. The experimentation results showed that with deep learning, better injection attack detection is possible and given the right dataset, a deep learning detection model would be able to correctly classify HTTP requests for any web application.

Download Full-text

SQL Injection Detection and Prevention Techniques in ASP.NET Web Application

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c6319.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 7759-7766

Keyword(s):

Private Information ◽

Web Application ◽

Query Language ◽

Mobile Apps ◽

Economic Loss ◽

Structure Query Language ◽

Sql Injection ◽

Injection Attacks ◽

Structure Query ◽

Sql Injection Attacks

Injection in SQL (structure query language) is one of the threats to web-based apps, mobile apps and even desktop applications associated to the database. An effective SQL Injection Attacks (SQLIA) could have severe implications for the victimized organization including economic loss, loss of reputation, enforcement and infringement of regulations. Systems which do not validate the input of the user correctly make them susceptible to SQL injection. SQLIA happens once an attacker can incorporate a sequence of harmful SQL commands into a request by changing back-end database through user information. To use this sort of attacks may readily hack applications and grab the private information by the attacker. In this article we introduce deferential sort of process to safeguard against current SQLIA method and instruments that are used in ASP.NET apps to detect or stop these attacks.

Download Full-text