A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm-Reference-Cited by-同舟云学术

A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm

Published:2020-08-18 Issue:1 Volume:2020 Page:
ISSN:2510-523X
Container-title:EURASIP Journal on Information Security
language:en
Short-container-title:EURASIP J. on Info. Security

Author:

Abikoye Oluwakemi Christiana,Abubakar Abdullahi,Dokoro Ahmed Haruna,Akande Oluwatobi Noah^ORCID,Kayode Aderonke Anthonia

Abstract

AbstractStructured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks

Publisher

Springer Science and Business Media LLC

Subject

Computer Science Applications,Signal Processing

Link

https://link.springer.com/content/pdf/10.1186/s13635-020-00113-y.pdf

Reference33 articles.

1. Acunetix_web_application_vulnerability_report_2019

2. B. Soewito, F.E. Gunawan, Prevention structured query language injection using regular regular expression and escape string. Procedia Comput. Sci. 135, 678–687 (2018) https://doi.org/10.1016/j.procs.2018.08.218

3. M.A. Ahmed, F. Ali, Multiple-path testing for cross site scripting using genetic algorithms. J. Syst. Archit. 000, 1–13 (2015) https://doi.org/10.1016/j.sysarc.2015.11.001

4. Y. Jang, J. Choi, Detecting SQL injection attacks using query result size. Comput Security, 1–15 (2014) https://doi.org/10.1016/j.cose.2014.04.007

5. P.R. Mcwhirter, K. Kifayat, Q. Shi, B. Askwith, SQL injection attack classification through the feature extraction of SQL query strings using a gap-weighted string subsequence kernel. J. Inform. Sec. Appl. 40, 199–216 (2018) https://doi.org/10.1016/j.jisa.2018.04.001

Cited by 31 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Swift Detection of XSS Attacks: Enhancing XSS Attack Detection by Leveraging Hybrid Semantic Embeddings and AI Techniques;Arabian Journal for Science and Engineering;2024-06-03

2. A CRITICAL EVALUATION OF SECURITY APPROACHES FOR DETECTION AND PREVENTION OF SQL INJECTION ATTACKS IN WEB-BASED APPLICATIONS;FUDMA JOURNAL OF SCIENCES;2024-04-30

3. Development of an Online Collectable Items Marketplace Using Modern Practices of SDLC and Web Technologies;Lecture Notes in Networks and Systems;2024

4. An Analysis of AI-based SQL Injection (SQLi) Attack Detection;2023 Second International Conference on Augmented Intelligence and Sustainable Systems (ICAISS);2023-08-23

5. Classification of SQL Injection Attacks using ensemble learning SVM and Naïve Bayes;2023 International Conference on Data Science and Its Applications (ICoDSA);2023-08-09