A hybrid framework for detecting structured query language injection attacks in web-based applications
| Autor: | Md. Hasan Furhad, Ripon K. Chakrabortty, Michael J. Ryan, Jia Uddin, Iqbal H. Sarker |
|---|---|
| Rok vydání: | 2022 |
| Předmět: | |
| Zdroj: | International Journal of Electrical and Computer Engineering (IJECE). 12:5405 |
| ISSN: | 2722-2578 2088-8708 |
| DOI: | 10.11591/ijece.v12i5.pp5405-5414 |
| Popis: | Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|