没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Citation: Alghawazi, M.;
Alghazzawi, D.; Alarifi, S. Detection
of SQL Injection Attack Using
Machine Learning Techniques: A
Systematic Literature Review. J.
Cybersecur. Priv. 2022, 2, 764–777.
https://doi.org/10.3390/jcp2040039
Academic Editor: Marina
L. Gavrilova
Received: 31 July 2022
Accepted: 14 September 2022
Published: 20 September 2022
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2022 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Article
Detection of SQL Injection Attack Using Machine Learning
Techniques: A Systematic Literature Review
Maha Alghawazi , Daniyal Alghazzawi and Suaad Alarifi *
Information Systems Department, Faculty of Computing and Information Technology, King Abdulaziz University,
Jeddah 80200, Saudi Arabia
* Correspondence: salarifi@kau.edu.sa
Abstract:
An SQL injection attack, usually occur when the attacker(s) modify, delete, read, and
copy data from database servers and are among the most damaging of web application attacks.
A successful
SQL injection attack can affect all aspects of security, including confidentiality, integrity,
and data availability. SQL (structured query language) is used to represent queries to database
management systems. Detection and deterrence of SQL injection attacks, for which techniques from
different areas can be applied to improve the detect ability of the attack, is not a new area of research
but it is still relevant. Artificial intelligence and machine learning techniques have been tested and
used to control SQL injection attacks, showing promising results. The main contribution of this paper
is to cover relevant work related to different machine learning and deep learning models used to
detect SQL injection attacks. With this systematic review, we aims to keep researchers up-to-date and
contribute to the understanding of the intersection between SQL injection attacks and the artificial
intelligence field.
Keywords: SQL injection; machine learning; deep learning; adversarial attacks
1. Introduction
Most cyber-physical system (CPS) applications are safety-critical; misbehavior caused
by random failures or cyber-attacks can considerably restrict their growth. Thus, it is
important to protect CPS from being damaged in this way [
1
]. Current security solutions
have been well-integrated into many networked systems including the use of middle boxes,
such as antivirus protection, firewall, and intrusion detection systems (IDS). A firewall
controls network traffic based on the source or destination address. It alters network traffic
according to the firewall rules. Firewalls are also limited to their knowledge of the hosts
receiving the content and the amount of state available. An IDS is a type of security tool that
scans the system for suspicious activity, monitors the network traffic, and alerts the system
or network administrator [
2
]. In this context, a number of frameworks and mechanisms
have been suggested in recent papers.
In this paper, we have considered SQL injection attacks that target the HTTP/HTTPS
protocol, which aim to pass through the web application firewall (WAF) and obtain an
unauthorized access to proprietary data. SQL injection belongs to the injection family
of web attacks, wherein an attacker inserts inputs into a system to execute malicious
statements. The victim system is usually not ready to process this input, typically resulting
in data leakage and/or granting of unauthorized access to the attacker; in this case, the
attacker can access and/or modify the data, affecting all aspects of security, including
confidentiality, integrity, and data availability [3].
In an SQL injection, the attacker inserts an SQL statement into an exchange between a
client and database server [
3
]. SQL (structured query language) is used to represent queries
to database management systems (DBMSs). The maliciously injected SQL statement is
designed to extract or modify data from the database server. A successful injection can result
J. Cybersecur. Priv. 2022, 2, 764–777. https://doi.org/10.3390/jcp2040039 https://www.mdpi.com/journal/jcp
J. Cybersecur. Priv. 2022, 2 765
in authentication and bypass and changes to the database by inserting, modifying, and/or
deleting data, causing data loss and/or destruction of the entire database. Furthermore,
such an attack could overrun and execute commands on the hosted operating system,
typically leading to more serious consequences [4].
Thus, SQL injection attacks present aserious threats to organizations. A variety of
research has been undertaken to address this threat, presenting various artificial intelligence
(AI)techniques for detection of SQL injection attacks using machine learning and deep learn-
ing models [
5
]. AI techniques to facilitate the detection of threats are usually implemented
via learning from historical data representing an attack and/or normal data. Historical data
are useful for learning, in order to recognize patterns of attacks, understanding detected
traffic, and even predicting future attacks before they occur [6].
SQL injection attackers and defenders must understand how SQL language works to
know how it can be misused [3]. To extract data from a database or modify the data, queries
must be written using SQL language and they must follow a standard syntax, such as:
“SELECT * FROM books WHERE author = ‘MAHA’”
The above query will return all books authored by MAHA. Queries are submitted to
the DBMS and are usually written through a web browser. For the query to be transmitted
to the database server through the web browser, it has to be encoded through a long
URL string, such as: http://www.xyz_website.com?QUERY=SELECT%20*%20FROM%20
books%20WHERE%20author=7453.
What if the attacker adds to the previous SQL query? For example:
“SELECT * FROM books WHERE author =
0
MAHA
0
OR
0
1
0
=
0
1
0
”
As the statement 1 = 1 is always true, the query will return all books in the database,
not just the books authored by MAHA.
The previous example might not represent a threat, especially if the stored list of books
is not confidential. However, it could be applied to valuable using different syntax, and if
successful, it might return sensitive data, such as passwords, bank accounts, trade secrets,
and personal data, which might be considered a privacy breach, among other consequences.
In some research, injecting a code using ‘OR’ followed by a TRUE statement, such as
1 = 1 is called “tautology” [
7
]. Methods other than tautology can be used, such as when
an attacker intentionally injects an incorrect query to force the database server to return a
default error page, which might contain valuable information that could help an attacker to
understand the database to form a more advance attack [
7
]. The SQL syntax “UNION” can
also be used to extract information, in addition to many other methods based on the same
idea, of misusing SQL syntax to extract or even update the data in the targeted database.
This is how SQL injection works; the question then becomes: how does one detect this
type of attack using deep learning methods?
Deep learning is a machine learning and artificial intelligence method. It can be used
to support the detection of SQL injection attacks by training a classifier to achieve the ability
to recognize and therefore detect an attack. The classifier is trained using deep learning
models and can be used to classify new data, such as traffic or data in log files. If the
classifier is passive, it will alert the administrator; if it is active, it will prevent data from
passing to the database server. The classifier can be trained to recognize and detect SQL
injection attacks using three different learning methods [8].
First is, unsupervised learning, where features are extracted from unclassified data, i.e.,
data that are labelled as neither normal nor abnormal. Using information and the Bayesian
probability theory, the classifier detects hidden structures in the unclassified dataset. An
unclassified dataset means that it is not known whether these data are normal or abnormal
(malicious). Different techniques can be used in unsupervised learning, such as clustering
and density estimation [8].
J. Cybersecur. Priv. 2022, 2 766
The second is, supervised learning, whereby a labelled training dataset is used to train
the classifier. As the input data are labelled, i.e., normal or abnormal, the output is known
beforehand. Therefore, the process involves simple mapping between the input training data
and the known output, followed by continuous modification of the algorithm and changing
of the weights until an acceptable classification accuracy is achieved. Then, a test dataset
is used to test the classifier; if the result is with an acceptable accuracy range, the classifier
is ready to detect novel data, i.e., data not previously used in training or testing. The main
drawback of supervised learning is generating and labelling the training and testing data,
which might consume processing time, especially for complex attacks. Supervised learning
is categorized into classification and regression algorithms. The most common supervised
learning algorithms include Bayesian networks, decision trees, support vector machines
(SVMs), K-nearest neighbors, and neural networks. Third is, semi-supervised learning, which
use combination of supervised and unsupervised learning methods [8].
The main contribution of this paper is to provide a systematic review of the machine
learning and deep learning solutions that, are used to improve the detectability of SQL
injection attacks. With this systematic review, we aim to keep researchers up-to-date and
contribute to the understanding of the intersection between an SQL injection attack and
artificial intelligence.
The paper is organized as follows. Section 1 is an introduction to SQL injection
attacks and deep learning algorithms. In Section 2, we discuss related studies and consider
previous systematic reviews. In Section 3, we present the research method and planning of
the systematic review. In Section 4, highlights the results and review all related studies. In
Section 5, presents the discussion and answers to research questions. Finally, in Section 6,
we present our conclusions.
2. Related Studies
In this section, four published systematic reviews were considered. Newer systematic
reviews typically include both recent and older studies in the area under investigation. There-
fore, all of the papers we considered were relatively recent. The first was published in 2017 [
9
]
and it covered previous primary studies on SQL injection attacks, techniques, and tools. In [
9
],
forty-six primary studies were analyzed related to SQL injection attacks, tools, and techniques,
in addition to the impact of the attack. We adapted the same methodology as that used
in [
9
] due to its comprehensiveness and because it achieves satisfying results, in addition, this
research was similar to that in [9] in terms of objectives, ideas, and the area of research.
Qiu et al. [
10
] provided a comprehensive review of using artificial intelligence in
attacking and defending against security attacks, concentrating on the training and testing
stages. In their study, they sorted technologies and applications of adversarial attacks
in terms of natural language processing, cyberspace security, computer vision, and the
physical world. Furthermore, the authors considered defense strategies in their research
and proposed methods to deal with specific types of adversarial attack. Martins et al. [
11
]
explored more than 15 papers that applied adversarial machine learning techniques used in
intrusion and malware detection models. In their study, the authors summarized the most
common adversarial attacks and defense mechanisms for intrusion and malware detection.
Muslihi et al. [
12
] conducted a review of more than 14 studies published using deep
learning methods to detect SQL injection attacks, including CNN, LSTM, DBN, MLP, and
Bi-LSTM. They also provided a comparison of methods in terms of objectives, techniques,
features, and datasets. Muhammad et al. [
13
] reviewed and analytically evaluated the
methods and tools that are commonly used to detect and prevent SQL injection attacks,
considering a total of 82 studies. Their review results showed that most researchers focused
on proposing approaches to detect and mitigate SQL injection attacks (SQLIAs) rather than
evaluating the effectiveness of existing SQLIA detection methods.
剩余13页未读,继续阅读
资源评论
百态老人
- 粉丝: 9940
- 资源: 2万+
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 毕设和企业适用springboot自动化仓库管理平台类及云计算资源管理平台源码+论文+视频.zip
- 毕设和企业适用springboot自动化仓库管理平台类及直播流媒体平台源码+论文+视频.zip
- 360图床HTML源码.zip
- 毕设和企业适用springboot订餐类及虚拟人类交互系统源码+论文+视频.zip
- 毕设和企业适用springboot二手跳蚤类及共享经济平台源码+论文+视频.zip
- 2023年总结,个人资料
- 2024年下半年计算机水平考试模拟盘.zip
- A10-Tray自动上料抓取工位工程图机械结构设计图纸和其它技术资料和技术方案非常好100%好用.zip
- MySQL基础-布尔全文搜索.pdf
- ANQU磁铁检测机工程图机械结构设计图纸和其它技术资料和技术方案非常好100%好用.zip
- AS014-XD10检测设备装配体工程图机械结构设计图纸和其它技术资料和技术方案非常好100%好用.zip
- 2023工作总结,个人使用
- 1212338883_2402103_10.2.1.1_20241216090042_951322129_a.apk
- 圣诞树html网页代码
- Linux应急响应手册
- 555构成的多路波形发生器.ms14
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功