Security in web applications: a comparative analysis of key SQL injection detection techniques

Veerabudren, Karel Ronan and Bekaroo, Girish ORCID: https://orcid.org/0000-0003-1753-4300 (2022) Security in web applications: a comparative analysis of key SQL injection detection techniques. 2022 4th International Conference on Emerging Trends in Electrical, Electronic and Communications Engineering (ELECOM). In: 4th International Conference on Emerging Trends in Electrical, Electronic and Communications Engineering (ELECOM), 22-24 Nov 2022, Mauritius. e-ISBN 9781665466974, e-ISBN 9781665466967, pbk-ISBN 9781665466981. [Conference or Workshop Item] (doi:10.1109/elecom54934.2022.9965264)

Preview

PDF - Final accepted version (with author's formatting)
Download (279kB) | Preview

Official URL: http://dx.doi.org/10.1109/elecom54934.2022.9965264

Abstract

Over the years, technological advances have driven massive proliferation of web systems and businesses have harbored a seemingly insatiable need for Internet systems and services. Whilst data is considered as a key asset to businesses and that their security is of extreme importance, there has been growing cybersecurity threats faced by web systems. One of the key attacks that web applications are vulnerable to is SQL injection (SQLi) attacks and successful attacks can reveal sensitive information to attackers or even deface web systems. As part of SQLi defence strategy, effective detection of SQLi attacks is important. Even though different techniques have been devised over the years to detect SQLi attacks, limited work has been undertaken to review and compare the effectiveness of these detection techniques. As such, in order to address this gap in literature, this paper performs a review and comparative analysis of the different SQLi detection techniques, with the aim to detect SQLi attacks in an effective manner and enhance the security of web applications. As part of the investigation, seven SQLi detection techniques including machine learning based detection are reviewed and their effectiveness against different types of SQLi attacks are compared. Results identified positive tainting and adoption of machine learning among the most effective techniques and stored procedures based SQLi as the most challenging attack to detect.

Item Type:	Conference or Workshop Item (Paper)
Sustainable Development Goals:	Goal 9: Industry, Innovation, and Infrastructure
Theme:	Creativity, Culture & Enterprise
Keywords (uncontrolled):	SQL injection attacks, detection techniques, comparative analysis, SQLi, SQLia, web applications, cybersecurity
Research Areas:	A. > School of Science and Technology
Item ID:	36941
Notes on copyright:	© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Depositing User:	Jisc Publications Router
Date Deposited:	15 Dec 2022 12:10
Last Modified:	12 Jan 2023 13:34
URI:	https://eprints.mdx.ac.uk/id/eprint/36941

Actions (login required)

View Item

Statistics

DownloadsShow export options

Activity Overview

6 month trend

20Downloads

6 month trend

28Hits

Additional statistics are available via IRStats2.

CORE (COnnecting REpositories)