Automation-Based User Input Sql Injection Detection and Prevention Framework

IF 1.2 4区 计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Computer Science and Information Systems Pub Date : 2023-05-02 DOI:10.5539/cis.v16n2p51
Fredrick Ochieng Okello, D. Kaburu, Ndia G. John
{"title":"Automation-Based User Input Sql Injection Detection and Prevention Framework","authors":"Fredrick Ochieng Okello, D. Kaburu, Ndia G. John","doi":"10.5539/cis.v16n2p51","DOIUrl":null,"url":null,"abstract":"Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since                 it is linked to a proxy database, which has a normal and abnormal code vector profiles that      helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework     is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.","PeriodicalId":50636,"journal":{"name":"Computer Science and Information Systems","volume":"77 1","pages":""},"PeriodicalIF":1.2000,"publicationDate":"2023-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science and Information Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.5539/cis.v16n2p51","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since                 it is linked to a proxy database, which has a normal and abnormal code vector profiles that      helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework     is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于自动化的用户输入Sql注入检测与预防框架
Autodect框架保护管理信息系统(MIS)和数据库免受用户输入SQL注入攻击。该框架通过自动检测和防止来自用户输入端的攻击来克服对系统的入侵或渗透。攻击意图也是已知的,因为它链接到一个代理数据库,该数据库具有正常和异常的代码矢量配置文件,有助于收集有关意图的信息,并在进行攻击时了解感兴趣的领域。有关攻击的信息被转发到Autodect知识库(数据库),这意味着来自代理数据库的任何连续攻击都将与知识库中现有的攻击模式日志进行比较,将来这个知识库驱动的数据库将帮助组织分析攻击者的趋势,对他们进行分析并阻止他们。该研究评估了用于防止用户输入SQL注入的现有安全框架;分析了导致检测到SQL注入的因素。这种基于知识的框架能够预测任何注入攻击向量的最终目标。(已知和未知签名)。在真实和仿真网站以及开源数据集上进行了实验,分析了Autodect框架的性能,并与其他现有工具进行了比较。研究表明,Autodect框架的准确率水平为0.98。研究发现,所有现有的工具和框架都没有提供sql注入的标准数据集,我们也没有一个普遍接受的标准数据集。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computer Science and Information Systems
Computer Science and Information Systems COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING
CiteScore
2.30
自引率
21.40%
发文量
76
审稿时长
7.5 months
期刊介绍: About the journal Home page Contact information Aims and scope Indexing information Editorial policies ComSIS consortium Journal boards Managing board For authors Information for contributors Paper submission Article submission through OJS Copyright transfer form Download section For readers Forthcoming articles Current issue Archive Subscription For reviewers View and review submissions News Journal''s Facebook page Call for special issue New issue notification Aims and scope Computer Science and Information Systems (ComSIS) is an international refereed journal, published in Serbia. The objective of ComSIS is to communicate important research and development results in the areas of computer science, software engineering, and information systems.
期刊最新文献
Reviewer Acknowledgements for Computer and Information Science, Vol. 16, No. 3 Drawbacks of Traditional Environmental Monitoring Systems Improving the Classification Ability of Delegating Classifiers Using Different Supervised Machine Learning Algorithms Reinforcement learning - based adaptation and scheduling methods for multi-source DASH On the Convergence of Hypergeometric to Binomial Distributions
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1