Bahjat Arif, Sarajaldeen Akram and Wani, Sharyar (2025) The implications for ahybrid detection technique against malicious sqlattacks on web applications. Journal of Information Systems Engineering and Management, 10 (35s). pp. 1101-1109. E-ISSN 2468-4376
|
PDF
- Published Version
Download (2MB) | Preview |
Abstract
Today, most web applications are vulnerable to SQL-injection attacks. Malicious inputs by unauthorized attackers causing the deletion, modification, or retrieval of confidential data from remote database which creates huge losses of money and even affect the work of commercial vendors and financial companies. Therefore, it is essential to develop a new technique to authenticate access to database related to web applications and prevent SQL injection vulnerabilities. But the large number of available prevention techniques make the selection of the best solution a big challenge, because not every technique fit all types of web application, hence a one technique for all is another issue and a difficult task. Accordingly, the aim of this study is to identify the latest SQL injection attacks based on user’s inputs in web application associated with remote server database, and to develop a new method based on dynamic detection technique to prevent SQL injection attacks. The methodology is based on JavaScript and PHP languages for developing a new technique called DetectCombined capable of filtering queries using parameterized queries to protect against SQL injection which is a safe method. It is a code with double shield protection that prevents unauthorized extraction or damaging the remote database in the server side due to malicious SQL injection. The proposed DetectCombined is an innovated technique that execute a protection code based on a sequence of three stages: filtration-validation-history, this technique produces a robust protection code that distinguish between safe SQL commands and malicious ones, and reinforce the memory of detection procedure by saving previous SQL attacks in special tables in the remote database, regardless of the types of users whether a general user of admin. The outcome of this study will add to the body of knowledge the most important and recent proposed solutions to mitigate SQL injection attack, in particular those based on machine learning algorithm
Item Type: | Article (Journal) |
---|---|
Uncontrolled Keywords: | SQL injection, Malicious Attack, SQL detection, Machine Learning |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology > Department of Computer Science Kulliyyah of Information and Communication Technology > Department of Computer Science |
Depositing User: | Dr. Sharyar Wani |
Date Deposited: | 30 Apr 2025 11:23 |
Last Modified: | 30 Apr 2025 11:23 |
URI: | http://irep.iium.edu.my/id/eprint/120773 |
Actions (login required)
![]() |
View Item |