Automation-Based User Input Sql Injection Detection and Prevention Framework
Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since...
Gespeichert in:
| Veröffentlicht in: | Computer and information science (Toronto) 2023-05, Vol.16 (2), p.51 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | 2 |
| container_start_page | 51 |
| container_title | Computer and information science (Toronto) |
| container_volume | 16 |
| creator | Okello, Fredrick Ochieng Kaburu, Dennis John, Ndia G. |
| description | Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since it is linked to a proxy database, which has a normal and abnormal code vector profiles that helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set. |
| doi_str_mv | 10.5539/cis.v16n2p51 |
| format | Article |
| fullrecord | <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_5539_cis_v16n2p51</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_5539_cis_v16n2p51</sourcerecordid><originalsourceid>FETCH-crossref_primary_10_5539_cis_v16n2p513</originalsourceid><addsrcrecordid>eNqVjssOgjAURBujifjY-QH9AMFWBOnSF9HEhYm6bhq4JCAUbAHj3wtG3buaM5lZHIQmlFiOY7NZEGurpq6cFw7tIIMyapseY8vujz3WRwOtE0Jcd0E9Ax1XVZlnooxzaa6FhhBfNSh8kEVV4vM9bSiBoJ3xFsoPCRnik4Ia5Lv6SmTwyNVthHqRSDWMPzlEU3932ezNQOVaK4h4oeJMqCenhLfGvDHmX2P7z_sLKlVLDA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Automation-Based User Input Sql Injection Detection and Prevention Framework</title><source>EZB-FREE-00999 freely available EZB journals</source><creator>Okello, Fredrick Ochieng ; Kaburu, Dennis ; John, Ndia G.</creator><creatorcontrib>Okello, Fredrick Ochieng ; Kaburu, Dennis ; John, Ndia G.</creatorcontrib><description>Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since it is linked to a proxy database, which has a normal and abnormal code vector profiles that helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.</description><identifier>ISSN: 1913-8989</identifier><identifier>EISSN: 1913-8997</identifier><identifier>DOI: 10.5539/cis.v16n2p51</identifier><language>eng</language><ispartof>Computer and information science (Toronto), 2023-05, Vol.16 (2), p.51</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27903,27904</link.rule.ids></links><search><creatorcontrib>Okello, Fredrick Ochieng</creatorcontrib><creatorcontrib>Kaburu, Dennis</creatorcontrib><creatorcontrib>John, Ndia G.</creatorcontrib><title>Automation-Based User Input Sql Injection Detection and Prevention Framework</title><title>Computer and information science (Toronto)</title><description>Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since it is linked to a proxy database, which has a normal and abnormal code vector profiles that helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.</description><issn>1913-8989</issn><issn>1913-8997</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNqVjssOgjAURBujifjY-QH9AMFWBOnSF9HEhYm6bhq4JCAUbAHj3wtG3buaM5lZHIQmlFiOY7NZEGurpq6cFw7tIIMyapseY8vujz3WRwOtE0Jcd0E9Ax1XVZlnooxzaa6FhhBfNSh8kEVV4vM9bSiBoJ3xFsoPCRnik4Ia5Lv6SmTwyNVthHqRSDWMPzlEU3932ezNQOVaK4h4oeJMqCenhLfGvDHmX2P7z_sLKlVLDA</recordid><startdate>20230502</startdate><enddate>20230502</enddate><creator>Okello, Fredrick Ochieng</creator><creator>Kaburu, Dennis</creator><creator>John, Ndia G.</creator><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20230502</creationdate><title>Automation-Based User Input Sql Injection Detection and Prevention Framework</title><author>Okello, Fredrick Ochieng ; Kaburu, Dennis ; John, Ndia G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-crossref_primary_10_5539_cis_v16n2p513</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><toplevel>online_resources</toplevel><creatorcontrib>Okello, Fredrick Ochieng</creatorcontrib><creatorcontrib>Kaburu, Dennis</creatorcontrib><creatorcontrib>John, Ndia G.</creatorcontrib><collection>CrossRef</collection><jtitle>Computer and information science (Toronto)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Okello, Fredrick Ochieng</au><au>Kaburu, Dennis</au><au>John, Ndia G.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Automation-Based User Input Sql Injection Detection and Prevention Framework</atitle><jtitle>Computer and information science (Toronto)</jtitle><date>2023-05-02</date><risdate>2023</risdate><volume>16</volume><issue>2</issue><spage>51</spage><pages>51-</pages><issn>1913-8989</issn><eissn>1913-8997</eissn><abstract>Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since it is linked to a proxy database, which has a normal and abnormal code vector profiles that helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.</abstract><doi>10.5539/cis.v16n2p51</doi></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1913-8989 |
| ispartof | Computer and information science (Toronto), 2023-05, Vol.16 (2), p.51 |
| issn | 1913-8989 1913-8997 |
| language | eng |
| recordid | cdi_crossref_primary_10_5539_cis_v16n2p51 |
| source | EZB-FREE-00999 freely available EZB journals |
| title | Automation-Based User Input Sql Injection Detection and Prevention Framework |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T16%3A19%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Automation-Based%20User%20Input%20Sql%20Injection%20Detection%20and%20Prevention%20Framework&rft.jtitle=Computer%20and%20information%20science%20(Toronto)&rft.au=Okello,%20Fredrick%20Ochieng&rft.date=2023-05-02&rft.volume=16&rft.issue=2&rft.spage=51&rft.pages=51-&rft.issn=1913-8989&rft.eissn=1913-8997&rft_id=info:doi/10.5539/cis.v16n2p51&rft_dat=%3Ccrossref%3E10_5539_cis_v16n2p51%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |