Skip to main content Skip to main navigation

Publication

Multi-Phase Algorithmic Framework to Prevent SQL Injection Attacks using Improved Machine learning and Deep learning to Enhance Database security in Real-time

Ahmed Abadulla Ashlam; Atta Badii; Frederic Theodor Stahl
In: 2022 15th International Conference on Security of Information and Networks (SIN). International Conference on Security of Information and Networks (SIN-2022), November 11-13, Sousse, Tunisia, Pages 1-4, IEEE Xplore, Piscataway Township, New Jersey, 12/2022.

Abstract

Structured Query Language (SQL) Injection constitutes a most challenging type of cyber-attack on the security of databases. SQLI attacks provide opportunities by malicious actors to exploit the data, particularly client personal data. To counter these attacks security measures need to be deployed at all layers, namely application layer, network layer, and database layer; otherwise, the database remains vulnerable to attacks at all levels. Research studies have demonstrated that lack of input validation, incorrect use of dynamic SQL, and inconsistent error handling have continued to expose databased to SQ LI attacks. The security measures commonly deployed presently, being mostly focused on the network layer only, still leave the program code and the database at risk despite well-established approaches such as web server requests filtering, network firewalls and database access control. To overcome this deficiency, a Multi-Phase algorithmic framework is proposed with improved parameterised machine learning and deep learning to enhance database security in real-time at the database layer. The proposed method has been tested within a university and also in one of the branches of a commercial bank. The results show that the proposed method is able to i) prevent SQLi; ii) classify the type of attack during the detection process, and therefore iii) secure the database.

More links