Detecting SQL Injection Web Attacks Using Ensemble Learners and Data Sampling

2021 ◽  
Author(s):  
Richard Zuech ◽  
John Hancock ◽  
Taghi M. Khoshgoftaar
Keyword(s):  
Data Sampling ◽  
Sql Injection ◽  
Web Attacks

scholarly journals Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website

2020 ◽  
Vol 11 (2) ◽  
pp. 245-256
Author(s):  
Bangkit Wiguna ◽  
Wahyu Adi Prabowo ◽  
Ridho Ananda
Keyword(s):  
Information Technology ◽  
Web Application ◽  
Security System ◽  
Sql Injection ◽  
Application Method ◽  
Web Attacks ◽  
The Media ◽  
Sql Injection Attack

Dalam beberapa tahun terakhir perkembangan teknologi informasi menjadi semakin pesat, perkembangan ini membuat segala aktifitas dan pekerjaan menjadi lebih mudah, seperti halnya untuk mengakses berita maupun informasi. Salah satu media yang sering digunakan untuk menemukan berbagai macam informasi pada saat ini yaitu website. Banyaknya website yang ada pada saat ini membuat ia sering dijadikan sasaran berbagai jenis serangan web yang beragam seperti SQL injection. Sehingga diperlukan suatu sistem yang mampu memberikan solusi dalam pengamanan website. Pada penelitian ini menggunakan metode web application firewall karena metode ini mampu untuk menjadi security system dalam mengamankan suatu website dari serangan. Metode web application firewall dilakukan dengan memblokir serangan sql injection yang masuk berdasarkan konfigurasi rules yang telah ditetapkan. Dan dari hasil penelitian ini serangan SQL injection yang telah diujicobakan pada website berhasil diblokir sehingga membuat website menjadi aman dari serangan tersebut..   Kata kunci: Keamanan, Serangan Web, SQL injection, Website, Web Application Firewall.   Abstract  In the last few years the development of information technology has become increasingly rapid, this has made all activities and jobs easier, such as accessing news and information. One of the media that is often used to find various kinds of information at this time is the website. The large number of websites that exist today makes it a frequent target of various types of web attacks such as SQL injection. So we need a system that is able to provide solutions in securing a website. This research uses a web firewall application method because this method is able to become a security system on a website from attacks. The firewall web application method is carried out by the sql injection attack method which is entered based on predefined rules. And from the results of this study, the SQL injection attack that was tested on the website was successful so that it made the website safe from these attacks.  Keywords: Security, Web Attack, SQL injection, Website, Web Application Firewall

scholarly journals Locate-Then-Detect: Real-time Web Attack Detection via Attention-based Deep Neural Networks

2019 ◽  
Author(s):  
Tianlong Liu ◽  
Yu Qi ◽  
Liang Shi ◽  
Jianan Yan
Keyword(s):  
Neural Networks ◽  
Real Time ◽  
Web Application ◽  
Deep Neural Networks ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Learning Approaches ◽  
Web Traffic ◽  
Sql Injection ◽  
Web Attacks

Web attacks such as Cross-Site Scripting and SQL Injection are serious Web threats that lead to catastrophic data leaking and loss. Because attack payloads are often short segments hidden in URL requests/posts that can be very long, classical machine learning approaches have difficulties in learning useful patterns from them. In this study, we propose a novel Locate-Then-Detect (LTD) system that can precisely detect Web threats in real-time by using attention-based deep neural networks. Firstly, an efficient Payload Locating Network (PLN) is employed to propose most suspicious regions from large URL requests/posts. Then a Payload Classification Network (PCN) is adopted to accurately classify malicious regions from suspicious candidates. In this way, PCN can focus more on learning malicious segments and highly increase detection accuracy. The noise induced by irrelevant background strings can be largely eliminated. Besides, LTD can greatly reduce computational costs (82.6% less) by ignoring large irrelevant URL content. Experiments are carried out on both benchmarks and real Web traffic. The LTD outperforms an HMM-based approach, the Libinjection system, and a leading commercial rule-based Web Application Firewall. Our method can be efficiently implemented on GPUs with an average detection time of about 5ms and well qualified for real-time applications.

scholarly journals MITIGATION HANDLING OF SQL INJECTION ATTACKS ON WEBSITES USING OWASP FRAMEWORK

Kursor ◽  
2019 ◽  
Vol 9 (4) ◽  
Author(s):  
Wasito Sukarno ◽  
Imam Riadi
Keyword(s):  
Information System ◽  
Web Application ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Injection Attacks ◽  
Information Technology Security ◽  
Web Attacks ◽  
Sql Injection Attacks

The development of the security system on the application of a website is now more advanced. But a software that has vulnerability will threaten all fields such as information system of health, defense, finance, and education. Information technology security issues will become the threat that made managers of the website (webadmin) alerted. This paper is focused on how to handle various application web attacks, especially attacks that uses SQL Injection, using The Open Web Application Security Project (OWASP), the aim is raise awareness about application security web and how to handle an occurred attack.

Measuring the Information Content of the Beige Book: A Mixed Data Sampling Approach

2008 ◽  
Author(s):  
Michelle T. Armesto ◽  
Ruben Hernandez-Murillo ◽  
Michael Owyang ◽  
Jeremy M. Piger
Keyword(s):  
Information Content ◽  
Mixed Data ◽  
Data Sampling ◽  
Mixed Data Sampling ◽  
Sampling Approach

scholarly journals COVID-19 Outbreak and CO2 Emissions: Macro-Financial Linkages

2020 ◽  
Vol 14 (1) ◽  
pp. 12
Author(s):  
Julien Chevallier
Keyword(s):  
Co2 Emissions ◽  
Fossil Fuels ◽  
Mixed Data ◽  
Energy Information Administration ◽  
Time Varying ◽  
Data Sampling ◽  
Quantitative Finance ◽  
Financial Variables ◽  
Mixed Data Sampling ◽  
The One

In the Dynamic Conditional Correlation with Mixed Data Sampling (DCC-MIDAS) framework, we scrutinize the correlations between the macro-financial environment and CO2 emissions in the aftermath of the COVID-19 diffusion. The main original idea is that the economy’s lock-down will alleviate part of the greenhouse gases’ burden that human activity induces on the environment. We capture the time-varying correlations between U.S. COVID-19 confirmed cases, deaths, and recovered cases that were recorded by the Johns Hopkins Coronavirus Center, on the one hand; U.S. Total Industrial Production Index and Total Fossil Fuels CO2 emissions from the U.S. Energy Information Administration on the other hand. High-frequency data for U.S. stock markets are included with five-minute realized volatility from the Oxford-Man Institute of Quantitative Finance. The DCC-MIDAS approach indicates that COVID-19 confirmed cases and deaths negatively influence the macro-financial variables and CO2 emissions. We quantify the time-varying correlations of CO2 emissions with either COVID-19 confirmed cases or COVID-19 deaths to sharply decrease by −15% to −30%. The main takeaway is that we track correlations and reveal a recessionary outlook against the background of the pandemic.

Sign in / Sign up

Export Citation Format

Share Document