Intelligent SQL Injection Detection Integrating Cloud and Edge Environments
Abstract
In recent years, the number of urban computing services has grown exponentially. However, these are still vulnerable to potential SQL Injection (SQLi) threats. Security solutions to deal with SQLi need, in addition to detection efficiency, to satisfy response time and scalability requirements. Within this context, this article proposes an SQLi detection solution based on the integration between Edge and Cloud environments, which apply Regular Expression (RegEx) filtering and Machine Learning (ML) techniques. RegEx filtering in the Edge environment acts as a first layer of protection against SQLi inputs, improving the solution’s response time. Then, the result of the initial filtering is analyzed by an ML model to detect SQLi more efficiently. The experiments carried out, using a real data set, suggest that the proposed solution detects SQLi threats efficiently while meeting aspects of scalability and response time.References
Costa, W. L., Silveira, M. M., de Araujo, T., and Gomes, R. L. (2020). Improving ddos detection in iot networks through analysis of network traffic characteristics. In 2020 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6.
Crespo-Martínez, I. S., Campazas-Vega, A., Guerrero-Higueras, Á. M., Riego-DelCastillo, V., Álvarez-Aparicio, C., and Fernández-Llamas, C. (2023). Sql injection attack detection in network flow data. Computers & Security, 127:103093.
Das, D., Sharma, U., and Bhattacharyya, D. K. (2019). Defeating sql injection attack in authentication security: an experimental study. International Journal of Information Security, 18(1):1–22.
Devalla, V., Srinivasa Raghavan, S., Maste, S., Kotian, J. D., and Annapurna, D. D. (2022). murli: A tool for detection of malicious urls and injection attacks. Procedia Computer Science, 215:662–676. 4th International Conference on Innovative Data Communication Technology and Application.
Fadolalkarim, D., Bertino, E., and Sallam, A. (2020). An anomaly detection system for the protection of relational database systems against data leakage by application programs. In 2020 IEEE 36th International Conference on Data Engineering (ICDE), pages 265–276.
Funabiki, N. (2011). Wireless Mesh Networks. IntechOpen.
Geldenhuys, M. K., Will, J., Pfister, B. J. J., Haug, M., Scharmann, A., and Thamsen, L. (2021). Dependable iot data stream processing for monitoring and control of urban infrastructures. In 2021 IEEE International Conference on Cloud Engineering (IC2E), pages 244–250.
Gomes, R. L., Bittencourt, L. F., and Madeira, E. R. M. (2020). Reliability-aware network slicing in elastic demand scenarios. IEEE Communications Magazine, 58(10):29–34.
Hosam, E., Hosny, H., Ashraf, W., and Kaseb, A. S. (2021). Sql injection detection using machine learning techniques. In 2021 8th International Conference on Soft Computing Machine Intelligence (ISCMI), pages 15–20.
Lages, G. and Pereira, R. (2022). Estudo comparativo entre tecnicas de detecccao e prevencao de ataques de injecao sql. In Anais do XVII Escola Regional de Banco de Dados.
Li, Q., Li, W., Wang, J., and Cheng, M. (2019). A sql injection detection method based on adaptive deep forest. IEEE Access, 7:145385–145394.
Lv, Z., Hu, B., and Lv, H. (2020). Infrastructure monitoring and operation for smart cities based on iot system. IEEE Transactions on Industrial Informatics, 16(3):1957–1962.
M, G. and H B, P. (2022). Semantic query-featured ensemble learning model for sql-injection attack detection in iot-ecosystems. IEEE Transactions on Reliability, 71(2):1057–1074.
Musznicki, B., Piechowiak, M., and Zwierzykowski, P. (2022). Modeling real-life urban sensor networks based on open data. Sensors, 22(23).
Oliveira, D. H. L., Filho, F. M. V., de Araújo, T. P., Celestino, J., and Gomes, R. L. (2020). Adaptive model for network resources prediction in modern internet service providers. In 2020 IEEE Symposium on Computers and Communications (ISCC), pages 1–6.
Parashar, D., Sanagavarapu, L. M., and Reddy, Y. R. (2021). Sql injection vulnerability identification from text. In 14th Innovations in Software Engineering Conference (Formerly Known as India Software Engineering Conference), ISEC 2021, New York, NY, USA. Association for Computing Machinery.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management.
Rahul, S., Vajrala, C., and Thangaraju, B. (2021). A novel method of honeypot inclusive waf to protect from sql injection and xss. In 2021 International Conference on Disruptive Technologies for Multi-Disciplinary Research and Applications (CENTCON), volume 1, pages 135–140.
Roy, P., Kumar, R., and Rani, P. (2022). Sql injection attack detection by machine learning classifier. In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), pages 394–400.
Silva, M. V., Mosca, E. E., and Gomes, R. L. (2022). Green industrial internet of things through data compression. International Journal of Embedded Systems, 15(6):457–466.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Souza, M., Ribeiro, S., and Gomes, R. (2023). Detecção de ameaças de injeção de sql em serviços de computação urbana. In Anais do VII Workshop de Computação Urbana, pages 145–158, Porto Alegre, RS, Brasil. SBC.
Tang, P., Qiu, W., Huang, Z., Lian, H., and Liu, G. (2020). Detection of sql injection based on artificial neural network. Knowledge-Based Systems, 190:105528.
Xie, X., Ren, C., Fu, Y., Xu, J., and Guo, J. (2019). Sql injection detection for web applications based on elastic-pooling cnn. IEEE Access, 7:151475–151481.
Yunus, M. A. M., Brohan, M. Z., Nawi, N. M., Surin, E. S. M., Najib, N. A. M., and Liang, C. W. (2018). Review of sql injection: Problems and prevention. JOIV: International Journal on Informatics Visualization, 2(3-2):215–219.
Crespo-Martínez, I. S., Campazas-Vega, A., Guerrero-Higueras, Á. M., Riego-DelCastillo, V., Álvarez-Aparicio, C., and Fernández-Llamas, C. (2023). Sql injection attack detection in network flow data. Computers & Security, 127:103093.
Das, D., Sharma, U., and Bhattacharyya, D. K. (2019). Defeating sql injection attack in authentication security: an experimental study. International Journal of Information Security, 18(1):1–22.
Devalla, V., Srinivasa Raghavan, S., Maste, S., Kotian, J. D., and Annapurna, D. D. (2022). murli: A tool for detection of malicious urls and injection attacks. Procedia Computer Science, 215:662–676. 4th International Conference on Innovative Data Communication Technology and Application.
Fadolalkarim, D., Bertino, E., and Sallam, A. (2020). An anomaly detection system for the protection of relational database systems against data leakage by application programs. In 2020 IEEE 36th International Conference on Data Engineering (ICDE), pages 265–276.
Funabiki, N. (2011). Wireless Mesh Networks. IntechOpen.
Geldenhuys, M. K., Will, J., Pfister, B. J. J., Haug, M., Scharmann, A., and Thamsen, L. (2021). Dependable iot data stream processing for monitoring and control of urban infrastructures. In 2021 IEEE International Conference on Cloud Engineering (IC2E), pages 244–250.
Gomes, R. L., Bittencourt, L. F., and Madeira, E. R. M. (2020). Reliability-aware network slicing in elastic demand scenarios. IEEE Communications Magazine, 58(10):29–34.
Hosam, E., Hosny, H., Ashraf, W., and Kaseb, A. S. (2021). Sql injection detection using machine learning techniques. In 2021 8th International Conference on Soft Computing Machine Intelligence (ISCMI), pages 15–20.
Lages, G. and Pereira, R. (2022). Estudo comparativo entre tecnicas de detecccao e prevencao de ataques de injecao sql. In Anais do XVII Escola Regional de Banco de Dados.
Li, Q., Li, W., Wang, J., and Cheng, M. (2019). A sql injection detection method based on adaptive deep forest. IEEE Access, 7:145385–145394.
Lv, Z., Hu, B., and Lv, H. (2020). Infrastructure monitoring and operation for smart cities based on iot system. IEEE Transactions on Industrial Informatics, 16(3):1957–1962.
M, G. and H B, P. (2022). Semantic query-featured ensemble learning model for sql-injection attack detection in iot-ecosystems. IEEE Transactions on Reliability, 71(2):1057–1074.
Musznicki, B., Piechowiak, M., and Zwierzykowski, P. (2022). Modeling real-life urban sensor networks based on open data. Sensors, 22(23).
Oliveira, D. H. L., Filho, F. M. V., de Araújo, T. P., Celestino, J., and Gomes, R. L. (2020). Adaptive model for network resources prediction in modern internet service providers. In 2020 IEEE Symposium on Computers and Communications (ISCC), pages 1–6.
Parashar, D., Sanagavarapu, L. M., and Reddy, Y. R. (2021). Sql injection vulnerability identification from text. In 14th Innovations in Software Engineering Conference (Formerly Known as India Software Engineering Conference), ISEC 2021, New York, NY, USA. Association for Computing Machinery.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management.
Rahul, S., Vajrala, C., and Thangaraju, B. (2021). A novel method of honeypot inclusive waf to protect from sql injection and xss. In 2021 International Conference on Disruptive Technologies for Multi-Disciplinary Research and Applications (CENTCON), volume 1, pages 135–140.
Roy, P., Kumar, R., and Rani, P. (2022). Sql injection attack detection by machine learning classifier. In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), pages 394–400.
Silva, M. V., Mosca, E. E., and Gomes, R. L. (2022). Green industrial internet of things through data compression. International Journal of Embedded Systems, 15(6):457–466.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Souza, M., Ribeiro, S., and Gomes, R. (2023). Detecção de ameaças de injeção de sql em serviços de computação urbana. In Anais do VII Workshop de Computação Urbana, pages 145–158, Porto Alegre, RS, Brasil. SBC.
Tang, P., Qiu, W., Huang, Z., Lian, H., and Liu, G. (2020). Detection of sql injection based on artificial neural network. Knowledge-Based Systems, 190:105528.
Xie, X., Ren, C., Fu, Y., Xu, J., and Guo, J. (2019). Sql injection detection for web applications based on elastic-pooling cnn. IEEE Access, 7:151475–151481.
Yunus, M. A. M., Brohan, M. Z., Nawi, N. M., Surin, E. S. M., Najib, N. A. M., and Liang, C. W. (2018). Review of sql injection: Problems and prevention. JOIV: International Journal on Informatics Visualization, 2(3-2):215–219.
Published
2024-05-20
How to Cite
SOUZA, Michael S.; RIBEIRO, Silvio E. S. B.; PIMENTA, Ivo A.; ALMEIDA, Yanne O.; CARDOSO, Francisco J.; GOMES, Rafael L..
Intelligent SQL Injection Detection Integrating Cloud and Edge Environments. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 435-448.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1417.
