ABSTRACT
Cyber Physical Systems generate a significant volume of heterogeneous data often stored in relational databases. These databases are susceptible to various threats, including SQL Injection (SQLi) attacks. Consequently, there is a need for security solutions that are not only efficient in detection, but also meet the processing time requirements of detection. In this context, this article introduces a solution for SQLi Scalable Threat Detection (S-SQLi) based on Regular Expressions (RegEx). This solution acts as an initial filtering service, protecting against SQLi threats by addressing response time and scalability concerns. The experiments using a real dataset suggest that S-SQLi offers adequate detection efficiency for SQLi threats while addressing the scalability needs of CPSs.
- Antonia Raiane S. Araujo Cruz, Rafael L. Gomes, and Marcial P. Fernandez. 2021. An Intelligent Mechanism to Detect Cyberattacks of Mirai Botnet in IoT Networks. In 2021 17th International Conference on Distributed Computing in Sensor Systems (DCOSS). 236–243. https://doi.org/10.1109/DCOSS52077.2021.00047Google ScholarCross Ref
- Wanderson L Costa, Matheus M Silveira, Thelmo de Araujo, and Rafael L Gomes. 2020. Improving ddos detection in iot networks through analysis of network traffic characteristics. In 2020 IEEE Latin-American Conference on Communications (LATINCOM). IEEE, 1–6.Google ScholarCross Ref
- Debasish Das, Utpal Sharma, and D. K. Bhattacharyya. 2019. Defeating SQL injection attack in authentication security: an experimental study. International Journal of Information Security 18, 1 (01 Feb 2019), 1–22. https://doi.org/10.1007/s10207-017-0393-xGoogle ScholarDigital Library
- Vihar Devalla, S Srinivasa Raghavan, Swati Maste, Jaaswin D Kotian, and Dr. D Annapurna. 2022. mURLi: A Tool for Detection of Malicious URLs and Injection Attacks. Procedia Computer Science 215 (2022), 662–676. https://doi.org/10.1016/j.procs.2022.12.068 4th International Conference on Innovative Data Communication Technology and Application.Google ScholarDigital Library
- Daren Fadolalkarim, Elisa Bertino, and Asmaa Sallam. 2020. An Anomaly Detection System for the Protection of Relational Database Systems against Data Leakage by Application Programs. In 2020 IEEE 36th International Conference on Data Engineering (ICDE). 265–276. https://doi.org/10.1109/ICDE48307.2020.00030Google ScholarCross Ref
- Rafael L Gomes, Luiz F Bittencourt, and Edmundo RM Madeira. 2020. Reliability-aware network slicing in elastic demand scenarios. IEEE Communications Magazine 58, 10 (2020), 29–34.Google ScholarCross Ref
- Rafael L Gomes, Luiz F Bittencourt, Edmundo RM Madeira, Eduardo Cerqueira, and Mario Gerla. 2016. State-Aware allocation of reliable virtual software defined networks based on bandwidth and energy. In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC). IEEE, 411–416.Google ScholarDigital Library
- Rafael L. Gomes, Luiz F. Bittencourt, Edmundo R. M. Madeira, Eduardo C. Cerqueira, and Mario Gerla. 2016. Software-Defined Management of Edge as a Service Networks. IEEE Transactions on Network and Service Management 13, 2 (2016), 226–239. https://doi.org/10.1109/TNSM.2016.2538821Google ScholarCross Ref
- Eman Hosam, Hagar Hosny, Walaa Ashraf, and Ahmed S. Kaseb. 2021. SQL Injection Detection Using Machine Learning Techniques. In 2021 8th International Conference on Soft Computing Machine Intelligence (ISCMI). 15–20. https://doi.org/10.1109/ISCMI53840.2021.9654820Google ScholarCross Ref
- Qi Li, Weishi Li, Junfeng Wang, and Mingyu Cheng. 2019. A SQL Injection Detection Method Based on Adaptive Deep Forest. IEEE Access 7 (2019), 145385–145394. https://doi.org/10.1109/ACCESS.2019.2944951Google ScholarCross Ref
- Gowtham M and Pramod H B. 2022. Semantic Query-Featured Ensemble Learning Model for SQL-Injection Attack Detection in IoT-Ecosystems. IEEE Transactions on Reliability 71, 2 (2022), 1057–1074. https://doi.org/10.1109/TR.2021.3124331Google ScholarCross Ref
- KK Mookhey and Nilesh Burghate. 2004. Detection of SQL injection and cross-site scripting attacks. Symantec SecurityFocus (2004).Google Scholar
- Diego AB Moreira, Humberto P Marques, Wanderson L Costa, Joaquim Celestino, Rafael L Gomes, and Michele Nogueira. 2021. Anomaly detection in smart environments using AI over fog and cloud computing. In 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC). IEEE, 1–2.Google ScholarDigital Library
- Bartosz Musznicki, Maciej Piechowiak, and Piotr Zwierzykowski. 2022. Modeling Real-Life Urban Sensor Networks Based on Open Data. Sensors 22, 23 (2022). https://doi.org/10.3390/s22239264Google ScholarCross Ref
- Dhruv Parashar, Lalit Mohan Sanagavarapu, and Y. Raghu Reddy. 2021. SQL Injection Vulnerability Identification from Text. In 14th Innovations in Software Engineering Conference (Formerly Known as India Software Engineering Conference) (Bhubaneswar, Odisha, India) (ISEC 2021). Association for Computing Machinery, New York, NY, USA, Article 22, 5 pages. https://doi.org/10.1145/3452383.3452405Google ScholarDigital Library
- Sapparapu Rahul, ChinmayeeSai Vajrala, and B. Thangaraju. 2021. A Novel Method of Honeypot Inclusive WAF to Protect from SQL Injection and XSS. In 2021 International Conference on Disruptive Technologies for Multi-Disciplinary Research and Applications (CENTCON), Vol. 1. 135–140. https://doi.org/10.1109/CENTCON52345.2021.9688059Google ScholarCross Ref
- Syed Rizvi, Andrew Kurtz, Joseph Pfeffer, and Mohammad Rizvi. 2018. Securing the Internet of Things (IoT): A Security Taxonomy for IoT. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). 163–168. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00034Google ScholarCross Ref
- Prince Roy, Rajneesh Kumar, and Pooja Rani. 2022. SQL Injection Attack Detection by Machine Learning Classifier. In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC). 394–400. https://doi.org/10.1109/ICAAIC53929.2022.9792964Google ScholarCross Ref
- Benfano Soewito, Fergyanto E. Gunawan, Hirzi, and Frumentius. 2018. Prevention Structured Query Language Injection Using Regular Expression and Escape String. Procedia Computer Science 135 (2018), 678–687. https://doi.org/10.1016/j.procs.2018.08.218 The 3rd International Conference on Computer Science and Computational Intelligence (ICCSCI 2018) : Empowering Smart Technology in Digital Era for a Better Life.Google ScholarCross Ref
- Peng Tang, Weidong Qiu, Zheng Huang, Huijuan Lian, and Guozhen Liu. 2020. Detection of SQL injection based on artificial neural network. Knowledge-Based Systems 190 (2020), 105528. https://doi.org/10.1016/j.knosys.2020.105528Google ScholarDigital Library
- Xin Xie, Chunhui Ren, Yusheng Fu, Jie Xu, and Jinhong Guo. 2019. SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN. IEEE Access 7 (2019), 151475–151481. https://doi.org/10.1109/ACCESS.2019.2947527Google ScholarCross Ref
- Mohd Amin Mohd Yunus, Muhammad Zainulariff Brohan, Nazri Mohd Nawi, Ely Salwana Mat Surin, Nurhakimah Azwani Md Najib, and Chan Wei Liang. 2018. Review of SQL injection: Problems and prevention. JOIV: International Journal on Informatics Visualization 2, 3-2 (2018), 215–219.Google Scholar
Index Terms
- Scalable Detection of SQL Injection in Cyber Physical Systems
Recommendations
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Security analysis for cyber-physical systems against stealthy cyber attacks
CERIAS '13: Proceedings of the 14th Annual Information Security SymposiumSecurity of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific ...
Analysis of different technique for detection of SQL injection
ICWET '11: Proceedings of the International Conference & Workshop on Emerging Trends in TechnologyVulnerability in web applications allows malicious users to obtain unrestricted access to private and confidential information. SQL Injection vulnerabilities are particularly relevant, as web services frequently access a relational database using SQL ...
Comments