Skip to main content

Research Repository

Advanced Search

An applied pattern-driven corpus to predictive analytics in mitigating SQL injection attack

Uwagbole, Soloman Ogbomon; Buchanan, William J.; Fan, Lu

Authors

Soloman Ogbomon Uwagbole

Lu Fan



Abstract

Emerging computing relies heavily on secure back-end storage for the massive size of big data originating from the Internet of Things (IoT) smart devices to the Cloud-hosted web applications. Structured Query Language (SQL) Injection Attack (SQLIA) remains an intruder’s exploit of choice to pilfer confidential data from the back-end database with damaging ramifications. The existing approaches were all before the new emerging computing in the context of the Internet big data mining and as such will lack the ability to cope with new signatures concealed in a large volume of web requests over time. Also, these existing approaches were strings lookup approaches aimed at on-premise application domain boundary, not applicable to roaming Cloud-hosted services’ edge Software-Defined Network (SDN) to application endpoints with large web request hits. Using a Machine Learning (ML) approach provides scalable big data mining for SQLIA detection and prevention. Unfortunately, the absence of corpus to train a classifier is an issue well known in SQLIA research in applying Artificial Intelligence (AI) techniques. This paper presents an application context pattern-driven corpus to train a supervised learning model. The model is trained with ML algorithms of Two-Class Support Vector Machine (TC SVM) and Two-Class Logistic Regression (TC LR) implemented on Microsoft Azure Machine Learning (MAML) studio to mitigate SQLIA. This scheme presented here, then forms the subject of the empirical evaluation in Receiver Operating Characteristic (ROC) curve.

Citation

Uwagbole, S. O., Buchanan, W. J., & Fan, L. (2017). An applied pattern-driven corpus to predictive analytics in mitigating SQL injection attack. In 2017 Seventh International Conference on Emerging Security Technologies (EST),. https://doi.org/10.1109/est.2017.8090392

Conference Name 2017 Seventh International Conference on Emerging Security Technologies (EST)
Start Date Sep 6, 2017
End Date Sep 8, 2017
Acceptance Date Jul 11, 2017
Online Publication Date Nov 2, 2017
Publication Date Nov 2, 2017
Deposit Date Aug 22, 2017
Publicly Available Date Mar 29, 2024
Publisher Institute of Electrical and Electronics Engineers
Series ISSN 2472-7601
Book Title 2017 Seventh International Conference on Emerging Security Technologies (EST),
ISBN 9781538640180
DOI https://doi.org/10.1109/est.2017.8090392
Keywords SQL injection, SQLIA data analytics, SQLIA pattern-driven data set, SQLIA big data, SQLIA hashing,
Public URL http://researchrepository.napier.ac.uk/Output/978523

Files

An Applied Pattern-Driven Corpus to Predictive Analytics in Mitigating SQL Injection Attack (1.2 Mb)
PDF

Copyright Statement
© 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works







You might also like



Downloadable Citations