Abstract

One of the most dangerous vulnerabilities exploited to gain unauthorized access, disclose private information, and cause financial harm to both individuals and companies is the structured query language injection attack (SQLia). Structured query language (SQL) is widely used as a backend for data storage in most web applications. Through SQL injection, attackers can bypass authorization and authentication mechanisms, gaining access to sensitive data. Although various researchers have proposed methods to detect and mitigate this vulnerability, their efforts have not been entirely successful. Some of these strategies have yet to be fully implemented, leading to confusion among users when selecting the appropriate tool. This study introduces a simple yet effective method for detecting and preventing SQLia. The proposed method involves modifying attribute values in SQL queries on web pages upon parameter submission and subsequently comparing them with predefined values using both static and dynamic analysis techniques. The results from the experiments demonstrate the effectiveness and simplicity of the proposed approach when compared to existing methods.

Keyword

Web application, Database, SQL injection, Ethical hacking, Query processing.

Cite this article

Hariyani A, Dolia P.An innovative method for detecting SQLi attacks by altering SQL query attribute values. International Journal of Advanced Computer Research. 2024;14(68):89-96. DOI:10.19101/IJACR.2024.1466005

Refference

[1]Sarker IH. Data science and analytics: an overview from data-driven smart computing, decision-making and applications perspective. SN Computer Science. 2021; 2(5):377.

[2]Nie Q, Nie Y. Application of computer database technology in information management Use. In international conference on bigdata blockchain and economy management 2022 (pp. 1486-92). Atlantis Press.

[3]https://owasp.org/www-project-top-ten/. Accessed 04 January 2024.

[4]Arif AA, Purwoko R, Qomariasih N, Setiawan H. Analysis of SQL injection attack detection and prevention on MySQL database using input categorization and input verifier. In IEEE 8th information technology international seminar 2022(pp. 190-4). IEEE.

[5]Rahimi N. A study of the landscape of security issues, vulnerabilities, and defense mechanisms in web based applications. In international conference on computational science and computational intelligence 2021 (pp. 806-11). IEEE.

[6]Marashdeh Z, Suwais K, Alia M. A survey on sql injection attack: detection and challenges. In international conference on information technology 2021 (pp. 957-62). IEEE.

[7]Al Anhar A, Suryanto Y. Evaluation of web application vulnerability scanner for modern web application. In international conference on artificial intelligence and computer science technology 2021 (pp. 200-4). IEEE.

[8]Albalawi SM, Mohamed AM. Authentication enhancement against SQL injection attacks (SQLIAs). In 2nd international conference on computing and information technology 2022 (pp. 405-8). IEEE.

[9]Ravishankar N, Raju MB, Vyuha NC. Secure software immune receptors from SQL injection and cross site scripting attacks in content delivery network web applications. In 9th international conference on reliability, Infocom technologies and optimization (Trends and Future Directions) 2021 (pp. 1-5). IEEE.

[10]https://www.clickittech.com/devops/web-application-architecture/. Accessed 04 January 2024.

[11]Joshi N, Sheth T, Shah V, Gupta J, Mujawar S. A detailed evaluation of SQL injection attacks, detection and prevention techniques. In 5th international conference on advances in science and technology 2022 (pp. 352-7). IEEE.

[12]Qbeah M, Alrabaee S, Alshraideh M, Sabri KE. Diverse approaches have been presented to mitigate sql injection attack, but it is still alive: a review. In international conference on computer and applications 2022 (pp. 1-5). IEEE.

[13]Shobana R, Suriakala M. A Thorough Study on SQL Injection attack-detection and prevention techniques and research issues. Part time Research Scholar, University of Madras, Assistant Professor, Department of Computer Science and Applications, DKM College for Women. 2020:135-43.

[14]Abdullayev V, Chauhan AS. SQL injection attack: Quick view. Mesopotamian Journal of CyberSecurity. 2023; 2023:30-4.

[15]Elbaabaa MM. Using filter and parameterize inputs model to detect and prevent SQL injection attacks. International conference on technical sciences (pp. 478-81). 2019.

[16]Ma L, Zhao D, Gao Y, Zhao C. Research on SQL injection attack and prevention technology based on web. In international conference on computer network, electronic and automation 2019 (pp. 176-9). IEEE.

[17]Al-Shareeda MA, Manickam S, Sari SA. A survey of SQL injection attacks, their methods, and prevention techniques. In international conference on data science and intelligent computing 2022 (pp. 31-5). IEEE.

[18]Chowdhury S, Nandi A, Ahmad M, Jain A, Pawar M. A comprehensive survey for detection and prevention of SQL injection. In 7th international conference on advanced computing and communication systems 2021 (pp. 434-7). IEEE.

[19]Hu J, Zhao W, Cui Y. A survey on SQL injection attacks, detection and prevention. In proceedings of the 2020 12th international conference on machine learning and computing 2020 (pp. 483-8).

[20]Jothi KR, Pandey N, Beriwal P, Amarajan A. An efficient SQL injection detection system using deep learning. In international conference on computational intelligence and knowledge economy 2021(pp. 442-5). IEEE.

[21]Swarup Y, Kumar A, Tyagi A, Kumar V. Prevention of SQL injection attacks using query hashing technique. In 2nd international conference on range technology 2021(pp. 1-5). IEEE.

[22]Kini S, Patil AP, Pooja M, Balasubramanyam A. SQL Injection detection and prevention using aho-corasick pattern matching algorithm. In 3rd international conference for emerging technology 2022 (pp. 1-6). IEEE.

[23]Li Q, Li W, Wang J, Cheng M. A SQL injection detection method based on adaptive deep forest. IEEE Access. 2019; 7:145385-94.

[24]Kumar MN, Sujatha B. Early detection and mitigation methods for Sql injection attacks using adaptive free algorithm. Journal of Positive School Psychology. 2022; 6(8):6315-26.

[25]Rankothge WH, Randeniya M, Samaranayaka V. Identification and mitigation tool for Sql injection attacks (SQLIA). In 15th international conference on industrial and information systems 2020 (pp. 591-5). IEEE.

[26]Medeiros I, Beatriz M, Neves N, Correia M. SEPTIC: detecting injection attacks and vulnerabilities inside the DBMS. IEEE Transactions on Reliability. 2019; 68(3):1168-88.

[27]https://typeset.io/questions/amnesia-analysis-and-monitoring-for-neutralizing-sql-25jrrqmd1a. , Accessed 04 January 2024.

[28]https://jonathansblog.co.uk/amnesia-analysis-and-monitoring-for-neutralizing-sql-injection-attacks. Accessed 04 June 2024.

[29]https://amnesia.openaire.eu/ Accessed 04 June 2024.

[30]https://sql-code-guard.software.informer.com/2.8/. Accessed 04 June 2024.

[31]https://www.idera.com/productssolutions/freetools/sqlcheck/ Accessed 04 June 2024.