An ensemble classification-based approach to detect attack level of SQL injections

作     者：Kasim, Omer 

作者机构：Kutahya Dumlupinar Univ Technol Fac Dept Elect & Elect Engn Kutahya Turkey 

出 版 物：《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 (J. Inf. Secur. Appl.)

年 卷 期：2021年第59卷

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：All persons who have made substantial contributions to the work reported in the manuscript (e.g. technical help  writing and editing assistance  general support)  but who do not meet the criteria for authorship  are named in the Acknowledgements and have given us their written permission to be named. If we have not included an Acknowledgements  then that indicates that we have not received substantial contributions from non-authors 

主　　题：Sensitive data SQL injection attack Feature extraction Bagging algorithm Attack detection and rating 

摘      要：Sensitive data including identity information, passwords, financial and business processes belonging to the user are kept in the databases. These data can be obtained by attackers with malicious code added to SQL queries. The malicious and clean SQL queries are taken from OWASP dataset to ensure that the proposed approach effective and practical. The middleware application which is developed in this study analyzes these SQL queries instantly to prevent attackers from accessing sensitive data in databases. In order to provide protection, an ensemble classification algorithm is trained with 22 features which are obtained from queries containing malicious codes. The trained ensemble algorithm classifies queries as clean and malicious. For the first time in this study, malicious SQL injections are detected as simple, unified or lateral to determine the level of the cyber-attack. If the query is clean, the request is provided in the flow forwarding scheme, otherwise the query is blocked. If SQL injection is detected as simple, the SQL request is blocked. In other cases source IP address is blocked at different time intervals. The accuracy of the model maintains over 98% to detect SQL injections, and 92% to classify as simple, unified or lateral these attacks. This result demonstrates that the developed middleware application has an active role against simple, unified and lateral SQL Injection attacks which are so hard to detect and provides flexible decisions against the attacks.