Accessibility navigation


Multi-phase algorithmic framework to prevent SQL injection attacks using improved machine learning and deep learning to enhance database security in real-time

Ashlam, A. A., Badii, A. and Stahl, F. ORCID: https://orcid.org/0000-0002-4860-0203 (2022) Multi-phase algorithmic framework to prevent SQL injection attacks using improved machine learning and deep learning to enhance database security in real-time. In: 15th International Conference on Security of Information and Networks (SIN), 11 - 13 November 2022, Sousse, Tunisia, https://doi.org/10.1109/SIN56466.2022.9970504. (IEEE Xplore)

[img]
Preview
Text - Accepted Version
· Please see our End User Agreement before downloading.

311kB

It is advisable to refer to the publisher's version if you intend to cite from this work. See Guidance on citing.

To link to this item DOI: 10.1109/SIN56466.2022.9970504

Abstract/Summary

Structured Query Language (SQL) Injection constitutes a most challenging type of cyber-attack on the security of databases. SQLI attacks provide opportunities by malicious actors to exploit the data, particularly client personal data. To counter these attacks security measures need to be deployed at all layers, namely application layer, network layer, and database layer; otherwise, the database remains vulnerable to attacks at all levels. Research studies have demonstrated that lack of input validation, incorrect use of dynamic SQL, and inconsistent error handling have continued to expose databased to SQLI attacks. The security measures commonly deployed presently, being mostly focused on the network layer only, still leave the program code and the database at risk despite well-established approaches such as web server requests filtering, network firewalls and database access control. To overcome this deficiency, a Multi-Phase algorithmic framework is proposed with improved parameterised machine learning and deep learning to enhance database security in realtime at the database layer. The proposed method has been tested within a university and also in one of the branches of a commercial bank. The results show that the proposed method is able to i) prevent SQLi; ii) classify the type of attack during the detection process, and therefore iii) secure the database.

Item Type:Conference or Workshop Item (Paper)
Refereed:Yes
Divisions:Science > School of Mathematical, Physical and Computational Sciences > Department of Computer Science
ID Code:108629

Downloads

Downloads per month over past year

University Staff: Request a correction | Centaur Editors: Update this record

Page navigation