SQL Injection Attacks Detection and Prevention Based on Neuro—Fuzzy Technique

• Published in: Machine Learning and Big Data Analytics Paradigms: Analysis, Applications and Challenges Vol. 77; pp. 93 - 112
• Main Authors: Nofal, Doaa E., Amer, Abeer A.
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2020; Springer International Publishing
• Series: Studies in Big Data
• Subjects: ANFIS; FCM; Neuro-fuzzy; SCG; SQL injection attacks; Web security
• ISBN: 3030593371; 9783030593377
• ISSN: 2197-6503; 2197-6511
• DOI: 10.1007/978-3-030-59338-4_6

A Structured Query Language (SQL) injection attack (SQLIA) is one of most famous code injection techniques that threaten web applications, as it could compromise the confidentiality, integrity and availability of the database system of an online application. Whereas other known attacks follow specific patterns, SQLIAs are often unpredictable and demonstrate no specific pattern, which has been greatly problematic to both researchers and developers. Therefore, the detection and prevention of SQLIAs has been a hot topic. This paper proposes a system to provide better results for SQLIA prevention than previous methodologies, taking in consideration the accuracy of the system and its learning capability and flexibility to deal with the issue of uncertainty. The proposed system for SQLIA detection and prevention has been realized on an Adaptive Neuro-Fuzzy Inference System (ANFIS). In addition, the developed system has been enhanced through the use of Fuzzy C-Means (FCM) to deal with the uncertainty problem associated with SQL features. Moreover, Scaled Conjugate Gradient algorithm (SCG) has been utilized to increase the speed of the proposed system drastically. The proposed system has been evaluated using a well-known dataset, and the results show a significant enhancement in the detection and prevention of SQLIAs.