Affiliation:
1. Wachemo University Hossana
Abstract
Abstract
Web applications play an important role in everyday life. Various Web applications are used to carry out billions of online transactions. These applications are vulnerable to attacks due to their extensive use. The most prevalent attack is SQL injection, which accepts user input and runs queries in the backend based on the user's input, returning desired results. To counter the SQL injection attack, various approaches have been offered; however, the majority of them either fail to cover the full breadth of the problem. This research paper looks into frequent SQL injection attack forms, their mechanisms, and a way of identifying them based on the SQL query's existence. We propose a comprehensive framework for determining the effectiveness of techniques that address certain issues following the essence of the attack, using hybrid (Statistic and dynamic) and machine learning. An extensive examination of the model based on a test set indicates that the Hybrid and ANN approaches outperform Naive Bayes, SVM, and Decision trees in terms of accuracy in classifying injected Queries. However, when it came to web loading time during testing, Nave Bayes outperformed. The Hybrid Method improved the accuracy of SQL injection attack prevention, according to the test findings. Although we used a limited dataset for training and testing in our study, it is advised that the dataset be expanded and the model be tested in a real-world setting.
Publisher
Research Square Platform LLC
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. SQL Injection and Its Detection Using Machine Learning Algorithms and BERT;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2023