Combining Regular Expressions and Machine Learning for SQL Injection Detection in Urban Computing-Reference-Cited by-同舟云学术

Combining Regular Expressions and Machine Learning for SQL Injection Detection in Urban Computing

Published:2024-07-02 Issue:1 Volume:15 Page:103-111
ISSN:1869-0238
Container-title:Journal of Internet Services and Applications
language:
Short-container-title:JISA

Author:

Souza Michael S.^ORCID,Ribeiro Silvio E. S. B.^ORCID,Lima Vanessa C.^ORCID,Cardoso Francisco J.^ORCID,Gomes Rafael L.^ORCID

Abstract

Given the vast amount of data generated in urban environments the rapid advancements in information technology urban environments and the continual advancements in information technology, several online urban services have emerged in recent years. These services employ relational databases to store the collected data, thereby making them vulnerable to potential threats, including SQL Injection (SQLi) attacks. Hence, there is a demand for security solutions that improve detection efficiency and satisfy the response time and scalability requirements of this detection process. Based on this existing demand, this article proposes an SQLi detection solution that combines Regular Expressions (RegEx) and Machine Learning (ML), called Two Layer approach of SQLi Detection (2LD-SQLi). The RegEx acts as a first layer of filtering for protection against SQLi inputs, improving the response time of 2LD-SQLi through RegEx filtering. From this filtering, it is analyzed by an ML model to detect SQLi, increasing the accuracy. Experiments, using a real dataset, suggest that 2LD-SQLi is suitable for detecting SQLi while meeting the efficiency and scalability issues.

Publisher

Sociedade Brasileira de Computacao - SB

Reference27 articles.

1. Chen, Q., Wang, X., Ye, X., Durrett, G., and Dillig, I. (2020). Multi-modal synthesis of regular expressions. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2020, page 487–502, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3385412.3385988.

2. Costa, W. L., Portela, A. L., and Gomes, R. L. (2021). Features-aware ddos detection in heterogeneous smart environments based on fog and cloud computing. International Journal of Communication Networks and Information Security, 13(3):491-498. Available online [link].

3. Crespo-Martínez, I. S., Campazas-Vega, A., Guerrero-Higueras, Á. M., Riego-DelCastillo, V., Álvarez-Aparicio, C., and Fernández-Llamas, C. (2023). Sql injection attack detection in network flow data. Computers & Security, 127:103093. DOI: 10.1016/j.cose.2023.103093.

4. da Silva, G., Oliveira, D., Gomes, R. L., Bittencourt, L. F., and Madeira, E. R. M. (2020). Reliable network slices based on elastic network resource demand. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1-9. DOI: 10.1109/NOMS47738.2020.9110316.

5. Das, D., Sharma, U., and Bhattacharyya, D. K. (2019). Defeating sql injection attack in authentication security: an experimental study. International Journal of Information Security, 18(1):1-22. DOI: 10.1007/s10207-017-0393-x.