Structured Query Language(SQL)injection attacks have become the most common means of attacking Web applications due to their simple implementation and high degree of harm.Traditional injection attack detection techniq...Structured Query Language(SQL)injection attacks have become the most common means of attacking Web applications due to their simple implementation and high degree of harm.Traditional injection attack detection techniques struggle to accurately identify various types of SQL injection attacks.This paper presents an enhanced SQL injection detection method that utilizes content matching technology to improve the accuracy and efficiency of detection.Features are extracted through content matching,effectively avoiding the loss of valid information,and an improved deep learning model is employed to enhance the detection effect of SQL injections.Considering that grammar parsing and word embedding may conceal key features and introduce noise,we propose training the transformed data vectors by preprocessing the data in the dataset and post-processing the word segmentation based on content matching.We optimized and adjusted the traditional Convolutional Neural Network(CNN)model,trained normal data,SQL injection data,and XSS data,and used these three deep learning models for attack detection.The experimental results show that the accuracy rate reaches 98.35%,achieving excellent detection results.展开更多
The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been...The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been published in journals,conferences,or integrated books from the scientific repository of universities and research institutes in Indonesia.The increasing popularity of the RAMA Repository leads to security issues,including the two most widespread,vulnerable attacks i.e.,Structured Query Language(SQL)injection and cross-site scripting(XSS)attacks.An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous.This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks.The proposed system combines a Long Short–Term Memory and Principal Component Analysis(LSTM-PCA)model as a classifier.This model can effectively solve the vanishing gradient problem caused by excessive positive samples.The experiment results show that the proposed system achieves an accuracy of 96.85%using an 80%:20%ratio of training data and testing data.The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’patterns.The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded.In addition,the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.展开更多
With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and...With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS + ASP + MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS. The result is verified by WVS report.展开更多
Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the data...Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.展开更多
SQL Injection(SQLi)attacks continue to pose significant threats to modern web applications,compromising data integrity and confidentiality.This research delves into the development and evaluation of methodologies desi...SQL Injection(SQLi)attacks continue to pose significant threats to modern web applications,compromising data integrity and confidentiality.This research delves into the development and evaluation of methodologies designed to detect and mitigate these malicious attacks.Employing a diverse set of web applications,the study unfolds in a controlled environment,simulating real-world conditions to assess the effectiveness of current defense mechanisms against SQLi.Building upon this baseline,the research introduces a two-pronged defense mechanism:a Static Analysis Tool to pre-emptively identify vulnerabilities in application code and a Runtime Query Sanitizer that employs rule-based patterns and machine learning models to scrutinize and sanitize SQL queries in real-time.Performance evaluation metrics,encompassing detection rate,false positives,response time,and machine learning efficiency,are meticulously documented.Further robustness of these mechanisms is ascertained through real-world simulations involving unsuspecting users and ethical hackers.Initial results indicate promising potential for the introduced methodologies in safeguarding web applications against SQLi attacks.The study's findings serve as a critical step towards fortifying web applications,emphasizing the amalgamation of static analysis and real-time query sanitization as an effective countermeasure against SQLi threats.展开更多
基金supported by Jiangsu Higher Education“Qinglan Project”,an Open Project of Criminal Inspection Laboratory in Key Laboratories of Sichuan Provincial Universities(2023YB03)Major Project of Basic Science(Natural Science)Research in Higher Education Institutions in Jiangsu Province(23KJA520004)+5 种基金Jiangsu Higher Education Philosophy and Social Sciences Research General Project(2023SJYB0467)Action Plan of the National Engineering Research Center for Cybersecurity Level Protection and Security Technology(KJ-24-004)Jiangsu Province Degree and Postgraduate Education and Teaching Reform Project(JGKT24_B036)Digital Forensics Engineering Research Center of the Ministry of Education Open Project(DF20-010)Teaching Practice of Web Development and Security Testing under the Background of Industry University Cooperation(241205403122215)Research on Strategies for Combating and Preventing Virtual Currency Telecommunications Fraud(2024SJYB0344).
文摘Structured Query Language(SQL)injection attacks have become the most common means of attacking Web applications due to their simple implementation and high degree of harm.Traditional injection attack detection techniques struggle to accurately identify various types of SQL injection attacks.This paper presents an enhanced SQL injection detection method that utilizes content matching technology to improve the accuracy and efficiency of detection.Features are extracted through content matching,effectively avoiding the loss of valid information,and an improved deep learning model is employed to enhance the detection effect of SQL injections.Considering that grammar parsing and word embedding may conceal key features and introduce noise,we propose training the transformed data vectors by preprocessing the data in the dataset and post-processing the word segmentation based on content matching.We optimized and adjusted the traditional Convolutional Neural Network(CNN)model,trained normal data,SQL injection data,and XSS data,and used these three deep learning models for attack detection.The experimental results show that the accuracy rate reaches 98.35%,achieving excellent detection results.
文摘The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been published in journals,conferences,or integrated books from the scientific repository of universities and research institutes in Indonesia.The increasing popularity of the RAMA Repository leads to security issues,including the two most widespread,vulnerable attacks i.e.,Structured Query Language(SQL)injection and cross-site scripting(XSS)attacks.An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous.This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks.The proposed system combines a Long Short–Term Memory and Principal Component Analysis(LSTM-PCA)model as a classifier.This model can effectively solve the vanishing gradient problem caused by excessive positive samples.The experiment results show that the proposed system achieves an accuracy of 96.85%using an 80%:20%ratio of training data and testing data.The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’patterns.The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded.In addition,the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.
文摘With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS + ASP + MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS. The result is verified by WVS report.
文摘Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.
文摘SQL Injection(SQLi)attacks continue to pose significant threats to modern web applications,compromising data integrity and confidentiality.This research delves into the development and evaluation of methodologies designed to detect and mitigate these malicious attacks.Employing a diverse set of web applications,the study unfolds in a controlled environment,simulating real-world conditions to assess the effectiveness of current defense mechanisms against SQLi.Building upon this baseline,the research introduces a two-pronged defense mechanism:a Static Analysis Tool to pre-emptively identify vulnerabilities in application code and a Runtime Query Sanitizer that employs rule-based patterns and machine learning models to scrutinize and sanitize SQL queries in real-time.Performance evaluation metrics,encompassing detection rate,false positives,response time,and machine learning efficiency,are meticulously documented.Further robustness of these mechanisms is ascertained through real-world simulations involving unsuspecting users and ethical hackers.Initial results indicate promising potential for the introduced methodologies in safeguarding web applications against SQLi attacks.The study's findings serve as a critical step towards fortifying web applications,emphasizing the amalgamation of static analysis and real-time query sanitization as an effective countermeasure against SQLi threats.
