Search for: All records

In recent years, web-based platforms and business applications have been rising in popularity deeming themselves indispensable as they constitute the main backbone of business processes and in- formation sharing. However, the unprecedented increased number of cyber-attacks have been threatening their day-to-day opera- tions. In particular, the Standard Query Language Injection Attack (SQLIA) remains one of the most prevalent cyber attacks targeting web-based applications. As a consequence, the SQLIA detection techniques need to be constantly revamped and stay up-to-date in order to achieve the full potential of mitigating such threats. In this paper, we propose an artificial intelligence model based on super- vised machine learning techniques to detect SQLIA. As part of the proposed model, we introduce an input string validation technique as a primary anomaly identifier using pattern matching for SQL Query data with anomalies-injections. To evaluate our approach we injected one type of SQLIA that is tautology attacks and measured the performance of our model. We used three main classifiers in our model and our findings indicate a model prediction accuracy of 98.3605% for Support Vector Machine (SVM), 96.296% for K-Nearest Neighbors (KNN), and 97.530% for Random Forest. The approach proposed in this paper has the potential of being used to integrate an automated SQL Injection detection mechanism with Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS).