IIUM Repository

The implications for ahybrid detection technique against malicious sqlattacks on web applications

Bahjat Arif, Sarajaldeen Akram and Wani, Sharyar (2025) The implications for ahybrid detection technique against malicious sqlattacks on web applications. Journal of Information Systems Engineering and Management, 10 (35s). pp. 1101-1109. E-ISSN 2468-4376

[img]
Preview
PDF - Published Version
Download (2MB) | Preview

Abstract

Today, most web applications are vulnerable to SQL-injection attacks. Malicious inputs by unauthorized attackers causing the deletion, modification, or retrieval of confidential data from remote database which creates huge losses of money and even affect the work of commercial vendors and financial companies. Therefore, it is essential to develop a new technique to authenticate access to database related to web applications and prevent SQL injection vulnerabilities. But the large number of available prevention techniques make the selection of the best solution a big challenge, because not every technique fit all types of web application, hence a one technique for all is another issue and a difficult task. Accordingly, the aim of this study is to identify the latest SQL injection attacks based on user’s inputs in web application associated with remote server database, and to develop a new method based on dynamic detection technique to prevent SQL injection attacks. The methodology is based on JavaScript and PHP languages for developing a new technique called DetectCombined capable of filtering queries using parameterized queries to protect against SQL injection which is a safe method. It is a code with double shield protection that prevents unauthorized extraction or damaging the remote database in the server side due to malicious SQL injection. The proposed DetectCombined is an innovated technique that execute a protection code based on a sequence of three stages: filtration-validation-history, this technique produces a robust protection code that distinguish between safe SQL commands and malicious ones, and reinforce the memory of detection procedure by saving previous SQL attacks in special tables in the remote database, regardless of the types of users whether a general user of admin. The outcome of this study will add to the body of knowledge the most important and recent proposed solutions to mitigate SQL injection attack, in particular those based on machine learning algorithm

Item Type: Article (Journal)
Uncontrolled Keywords: SQL injection, Malicious Attack, SQL detection, Machine Learning
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Computer Science
Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User: Dr. Sharyar Wani
Date Deposited: 30 Apr 2025 11:23
Last Modified: 30 Apr 2025 11:23
URI: http://irep.iium.edu.my/id/eprint/120773

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year