[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Prediction of SQL Injection Attacks in Web Applications

  • Conference paper
  • First Online:
Computational Science and Its Applications – ICCSA 2019 (ICCSA 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11622))

Included in the following conference series:

  • 1884 Accesses

Abstract

As web applications become increasingly complex and connected, it becomes imperative to reduce the vulnerabilities in applications. SQLIA is a part of OWASP vulnerabilities and it is extremely important to prevent them. The proposed system aims to predict the occurrence of SQLIA on a given server, with applications deployed on it, from a given source, at a particular time. This prediction can be done with the help of JMeter tool. Apache JMeter is used to simulate logs data. From this, one can pre-process, extract features, and classify, which is then fed to a model for prediction of SQLIA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Scholte, T., Robertson, W., Balzarotti, D., Kirda., E.: An empirical analysis of input validation mechanisms in web applications and languages. In: 27th Annual ACM Symposium on Applied Computing, pp. 1419–1426 (2012)

    Google Scholar 

  2. Alkhalaf, M., Aydin, A., Bultan, T.: Semantic differential repair for input validation and sanitization. In: ACM International Symposium on Software Testing and Analysis, pp. 225–236 (2014)

    Google Scholar 

  3. Frajták, K., Bureš, M., Jelínek, I.: Reducing user input validation code in web applications using Pex extension. In: ACM 15th International Conference on Computer Systems and Technologies, pp. 302–308 (2014)

    Google Scholar 

  4. Li, X., Xue, Y.: A survey on server-side approaches to securing web applications. ACM Comput. Surv. (CSUR) 46(4), 54:1–54:29 (2014)

    Article  Google Scholar 

  5. Cho, S., Choi, J., Kim, G., Park, M., Cho, S., Han, S.: Runtime input validation for Java web applications using static bytecode instrumentation. In: ACM International Conference on Research in Adaptive and Convergent Systems, pp. 148–152 (2016)

    Google Scholar 

  6. Medeiros, I., Neves, N.F., Correia, M.: Automatic detection and correction of web application vulnerabilities using data mining to predict false positives. In: ACM 23rd International Conference on World Wide Web, pp. 63–73 (2014)

    Google Scholar 

  7. Shar, L.K., Tan, H.B.K.: Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: 27th IEEE/ACM International Conference on Automated Software Engineering, pp. 310–313 (2012)

    Google Scholar 

  8. Shar, L.K., Tan, H.B.K.: Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities. In: 34th International Conference on Software Engineering, pp. 1293–1296 (2012)

    Google Scholar 

  9. Solomon, O.U., William, J.B., Lu, F.: Applied machine learning predictive analytics to SQL injection attack detection and prevention. In: IFIP/IEEE IM 2017 Workshop: 3rd International Workshop on Security for Emerging Distributed Network Technologies, pp. 1087–1090 (2017)

    Google Scholar 

  10. Fang, Y., Peng, J., Liu, L., Huang, C.: WOVSQLI: detection of SQL injection behaviors using word vector and LSTM. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 170–174 (2018)

    Google Scholar 

  11. Haldar, V., Chandra, D., Franz, M.: Dynamic taint propagation for Java. In: Annual Computer Security Applications Conference, pp. 09–15 (2005)

    Google Scholar 

  12. Halfond, W.G.J., Orso, A.: AMNESIA analysis and monitoring for neutralizing SQL-injection attacks. In: Proceedings of IEEE and ACM International Conference on Automatic Software Engineering, Long Beach, CA, USA, pp. 54–59 (2005)

    Google Scholar 

  13. Komiya, R., Paik, I., Hisada, M.: Classification of malicious web code by machine learning. In: 3rd International Conference on Awareness Science and Technology (iCAST), pp. 406–411 (2011)

    Google Scholar 

  14. Jingling, Z., Junxin, Q., Liang, Z., Baojiang, C.: Dynamic taint tracking of Web application based on static code analysis. In: 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 96–101 (2016)

    Google Scholar 

  15. Kumar, S., Mahajan, R., Kumar, N., Khatri, S.K.: A study on web application security and detecting security vulnerabilities. In: 6th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO), pp. 451–455 (2017)

    Google Scholar 

  16. Jane, P.Y., Chaudhari, M.S.: SQLIA: detection and prevention techniques: a survey. IOSR J. Comput. Eng. (IOSR-JCE) 2, 56–60 (2009). Second International Conference on Emerging Trends in Engineering (SICETE)

    Google Scholar 

  17. Peng, C.J., Lee, K.L., Ingersoll, G.M.: An introduction to logistic regression analysis and reporting. J. Educ. Res. 96, 3–14 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, SSN College of Engineering, Kalavakkam, Chennai, Tamil Nadu, India

    Chamundeswari Arumugam, Varsha Bhargavi Dwarakanathan, S. Gnanamary, Vishalraj Natarajan Neyveli, Rohit Kanakuppaliyalil Ramesh & Yeshwanthraa Kandhavel

  2. Indium Software (India) Limited, Chennai, India

    Sadhanandhan Balakrishnan

Authors
  1. Chamundeswari Arumugam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Varsha Bhargavi Dwarakanathan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Gnanamary
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vishalraj Natarajan Neyveli
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rohit Kanakuppaliyalil Ramesh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yeshwanthraa Kandhavel
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Sadhanandhan Balakrishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Chamundeswari Arumugam , Varsha Bhargavi Dwarakanathan , S. Gnanamary , Vishalraj Natarajan Neyveli , Rohit Kanakuppaliyalil Ramesh , Yeshwanthraa Kandhavel or Sadhanandhan Balakrishnan .

Editor information

Editors and Affiliations

  1. Covenant University, Ota, Nigeria

    Sanjay Misra

  2. University of Perugia, Perugia, Italy

    Osvaldo Gervasi

  3. University of Basilicata, Potenza, Italy

    Beniamino Murgante

  4. Saint Petersburg State University, Saint Petersburg, Russia

    Elena Stankova

  5. Saint Petersburg State University, Saint Petersburg , Russia

    Vladimir Korkhov

  6. Polytechnic University of Bari, Bari, Italy

    Carmelo Torre

  7. University of Minho, Braga, Portugal

    Ana Maria A.C. Rocha

  8. Monash University, Clayton, VIC, Australia

    David Taniar

  9. Kyushu Sangyo University, Fukuoka, Japan

    Bernady O. Apduhan

  10. Polytechnic University of Bari, Bari, Italy

    Eufemia Tarantino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Arumugam, C. et al. (2019). Prediction of SQL Injection Attacks in Web Applications. In: Misra, S., et al. Computational Science and Its Applications – ICCSA 2019. ICCSA 2019. Lecture Notes in Computer Science(), vol 11622. Springer, Cham. https://doi.org/10.1007/978-3-030-24305-0_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24305-0_37

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24304-3

  • Online ISBN: 978-3-030-24305-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics