WebAppShield: An Approach Exploiting Machine Learning to Detect SQLi Attacks in an Application Layer in Run-Time
In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented.
[1] C. Meyers, S. Powers, and D. Faissol, "Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches," Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States), 2009.
[2] R. Seebruck, "A typology of hackers: Classifying cyber malfeasance using a weighted arc circumplex model," Digital investigation, vol. 14, pp. 36-45, 2015.
[3] Y. Ye, T. Li, D. Adjeroh, and S. S. Iyengar, "A survey on malware detection using data mining techniques," ACM Computing Surveys (CSUR), vol. 50, no. 3, pp. 1-40, 2017.
[4] R. Peterson. "Database Architecture in DBMS: 1-Tier, 2-Tier and 3-Tier." https://www.guru99.com/dbms-architecture.html (accessed.
[5] S. Mishra, "SQL injection detection using machine learning," 2019.
[6] I. Tasevski and K. Jakimoski, "Overview of SQL Injection Defense Mechanisms," in 2020 28th Telecommunications Forum (TELFOR), 2020: IEEE, pp. 1-4.
[7] M. G. Schultz, E. Eskin, F. Zadok, and S. J. Stolfo, "Data mining methods for detection of new malicious executables," in Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, 2000: IEEE, pp. 38-49.
[8] A. Kapoor and S. Dhavale, "Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation," Defence Science Journal, vol. 66, no. 2, 2016.
[9] A. Tuor, R. Baerwolf, N. Knowles, B. Hutchinson, N. Nichols, and R. Jasper, "Recurrent neural network language models for open vocabulary event-level cyber anomaly detection," arXiv preprint arXiv:1712.00557, 2017.
[10] A. Tuor, S. Kaplan, B. Hutchinson, N. Nichols, and S. Robinson, "Deep learning for unsupervised insider threat detection in structured cybersecurity data streams," arXiv preprint arXiv:1710.00811, 2017.
[11] B. J. Radford, L. M. Apolonio, A. J. Trias, and J. A. Simpson, "Network traffic anomaly detection using recurrent neural networks," arXiv preprint arXiv:1803.10769, 2018.
[12] Y. Luo, G. She, P. Cheng, and Y. Xiong, "BotGraph: Web Bot Detection Based on Sitemap," arXiv preprint arXiv:1903.08074, 2019.
[13] P. Poornachandran and S. KP, "A Compendium on Network and Host based Intrusion Detection Systems," arXiv preprint arXiv:1904.03491, 2019.
[14] G. Berrada et al., "A baseline for unsupervised advanced persistent threat detection in system-level provenance," Future Generation Computer Systems, 2020.
[15] S. M. Devine and N. D. Bastian, "Intelligent Systems Design for Malware Classification under Adversarial Conditions," arXiv preprint arXiv:1907.03149, 2019.
[16] P. Wu and H. Guo, "LuNet: A Deep Neural Network for Network Intrusion Detection," in 2019 IEEE Symposium Series on Computational Intelligence (SSCI), 2019: IEEE, pp. 617-624.
[17] S. Ranveer and S. Hiray, "Comparative analysis of feature extraction methods of malware detection," International Journal of Computer Applications, vol. 120, no. 5, 2015.
[18] D. Gümüşbaş, T. Yıldırım, A. Genovese, and F. Scotti, "A Comprehensive Survey of Databases and Deep Learning Methods for Cybersecurity and Intrusion Detection Systems," IEEE Systems Journal, 2020.
[19] F. Pacheco, E. Exposito, M. Gineste, C. Baudoin, and J. Aguilar, "Towards the deployment of machine learning solutions in network traffic classification: A systematic survey," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1988-2014, 2018.
[20] I. Birzniece, "Security Analytics: Dispelling the Fog," in BIR Workshops, 2018, pp. 160-169.
[21] P. Vishnu, P. Vinod, and S. Y. Yerima, "A Deep Learning Approach for Classifying Vulnerability Descriptions Using Self Attention Based Neural Network," Journal of Network and Systems Management, vol. 30, no. 1, pp. 1-27, 2022.
[22] A. Badii and D. Patel, "Evolving features-algorithms knowledge map to support NIDS data intelligence and learning loop architecting–a generalised approach to NIDS pattern feature space knowledge processing," 2008.
[23] Pallam, R., Konda, S. P., Manthripragada, L. & Noone, R. A. 2021. Detection of Web Attacks using Ensemble Learning. learning, 3, 5.
[24] Tang, P., Qiu, W., Huang, Z., Lian, H. and Liu, G., 2020. Detection of SQL injection based on artificial neural network. Knowledge-Based Systems, 190, p.105528.
[1] C. Meyers, S. Powers, and D. Faissol, "Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches," Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States), 2009.
[2] R. Seebruck, "A typology of hackers: Classifying cyber malfeasance using a weighted arc circumplex model," Digital investigation, vol. 14, pp. 36-45, 2015.
[3] Y. Ye, T. Li, D. Adjeroh, and S. S. Iyengar, "A survey on malware detection using data mining techniques," ACM Computing Surveys (CSUR), vol. 50, no. 3, pp. 1-40, 2017.
[4] R. Peterson. "Database Architecture in DBMS: 1-Tier, 2-Tier and 3-Tier." https://www.guru99.com/dbms-architecture.html (accessed.
[5] S. Mishra, "SQL injection detection using machine learning," 2019.
[6] I. Tasevski and K. Jakimoski, "Overview of SQL Injection Defense Mechanisms," in 2020 28th Telecommunications Forum (TELFOR), 2020: IEEE, pp. 1-4.
[7] M. G. Schultz, E. Eskin, F. Zadok, and S. J. Stolfo, "Data mining methods for detection of new malicious executables," in Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, 2000: IEEE, pp. 38-49.
[8] A. Kapoor and S. Dhavale, "Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation," Defence Science Journal, vol. 66, no. 2, 2016.
[9] A. Tuor, R. Baerwolf, N. Knowles, B. Hutchinson, N. Nichols, and R. Jasper, "Recurrent neural network language models for open vocabulary event-level cyber anomaly detection," arXiv preprint arXiv:1712.00557, 2017.
[10] A. Tuor, S. Kaplan, B. Hutchinson, N. Nichols, and S. Robinson, "Deep learning for unsupervised insider threat detection in structured cybersecurity data streams," arXiv preprint arXiv:1710.00811, 2017.
[11] B. J. Radford, L. M. Apolonio, A. J. Trias, and J. A. Simpson, "Network traffic anomaly detection using recurrent neural networks," arXiv preprint arXiv:1803.10769, 2018.
[12] Y. Luo, G. She, P. Cheng, and Y. Xiong, "BotGraph: Web Bot Detection Based on Sitemap," arXiv preprint arXiv:1903.08074, 2019.
[13] P. Poornachandran and S. KP, "A Compendium on Network and Host based Intrusion Detection Systems," arXiv preprint arXiv:1904.03491, 2019.
[14] G. Berrada et al., "A baseline for unsupervised advanced persistent threat detection in system-level provenance," Future Generation Computer Systems, 2020.
[15] S. M. Devine and N. D. Bastian, "Intelligent Systems Design for Malware Classification under Adversarial Conditions," arXiv preprint arXiv:1907.03149, 2019.
[16] P. Wu and H. Guo, "LuNet: A Deep Neural Network for Network Intrusion Detection," in 2019 IEEE Symposium Series on Computational Intelligence (SSCI), 2019: IEEE, pp. 617-624.
[17] S. Ranveer and S. Hiray, "Comparative analysis of feature extraction methods of malware detection," International Journal of Computer Applications, vol. 120, no. 5, 2015.
[18] D. Gümüşbaş, T. Yıldırım, A. Genovese, and F. Scotti, "A Comprehensive Survey of Databases and Deep Learning Methods for Cybersecurity and Intrusion Detection Systems," IEEE Systems Journal, 2020.
[19] F. Pacheco, E. Exposito, M. Gineste, C. Baudoin, and J. Aguilar, "Towards the deployment of machine learning solutions in network traffic classification: A systematic survey," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1988-2014, 2018.
[20] I. Birzniece, "Security Analytics: Dispelling the Fog," in BIR Workshops, 2018, pp. 160-169.
[21] P. Vishnu, P. Vinod, and S. Y. Yerima, "A Deep Learning Approach for Classifying Vulnerability Descriptions Using Self Attention Based Neural Network," Journal of Network and Systems Management, vol. 30, no. 1, pp. 1-27, 2022.
[22] A. Badii and D. Patel, "Evolving features-algorithms knowledge map to support NIDS data intelligence and learning loop architecting–a generalised approach to NIDS pattern feature space knowledge processing," 2008.
[23] Pallam, R., Konda, S. P., Manthripragada, L. & Noone, R. A. 2021. Detection of Web Attacks using Ensemble Learning. learning, 3, 5.
[24] Tang, P., Qiu, W., Huang, Z., Lian, H. and Liu, G., 2020. Detection of SQL injection based on artificial neural network. Knowledge-Based Systems, 190, p.105528.
@article{"International Journal of Information, Control and Computer Sciences:80885", author = "Ahmed Abdulla Ashlam and Atta Badii and Frederic Stahl", title = "WebAppShield: An Approach Exploiting Machine Learning to Detect SQLi Attacks in an Application Layer in Run-Time", abstract = "In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented.", keywords = "SQL injection, attacks, web application, accuracy, database, WebAppShield.", volume = "16", number = "8", pages = "294-9", }
