A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks
|
10.5120/ijca2021921428 |
Istiaque Hashem, Minhajul Islam, Shazid Morshedul Haque, Zobaidul Islam Jabed and Nazmus Sakib. A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks. International Journal of Computer Applications 183(11):50-57, June 2021. BibTeX
@article{10.5120/ijca2021921428,
author = {Istiaque Hashem and Minhajul Islam and Shazid Morshedul Haque and Zobaidul Islam Jabed and Nazmus Sakib},
title = {A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks},
journal = {International Journal of Computer Applications},
issue_date = {June 2021},
volume = {183},
number = {11},
month = {Jun},
year = {2021},
issn = {0975-8887},
pages = {50-57},
numpages = {8},
url = {http://www.ijcaonline.org/archives/volume183/number11/31975-2021921428},
doi = {10.5120/ijca2021921428},
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
Abstract
As people's reliance on the internet grows, they reveal their data without realizing the implications of a cyberattack. A cyberattack is any form of attack against one or more computers or networks to cause damage. These attacks have the potential to compromise network access, confidentiality, and data integrity. The most popular and powerful attacks to destroy an enterprise, server, or host are distributed denial-of-service (DDoS) and Structured Query Language injection (SQLi). A distributed denial-of-service (DDoS) attack can freeze an entire website with an intention to ransomware or push viruses. On the other hand, with a successful Structured Query Language injection (SQLi) attack, hackers can access the secret information of a legit user. To deal with DDoS and SQL injection attacks, a variety of techniques have been developed. However, hackers use different techniques to breach security mechanisms, many of which are undetectable by most intrusion detection systems because of their unpredictability. In this paper proposal of a system is given that can detect DDoS and SQL injection attacks simultaneously. Right now, there is no such system that can detect both attacks at the same time. A secure way of browsing the internet and sharing information can be ensured with this system. Webservers will be more secured.
References
- M. K. Pratt, 2021. [Online]. Available: https://searchsecurity.techtarget.com/definition/cyber-attack.
- J. Fruhlinger, 27 February 2020. [Online]. Available: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html.
- "CLOUDFLARE," [Online]. Available: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/.
- M. F. Y. Zainab S. Alwan, "Detection and Prevention of SQL Injection Attack: A Survey," vol. 6, no. 8, 2017.
- "OWASP," [Online]. Available: https://owasp.org/www-community/attacks/SQL_Injection.
- J. Thakkar. [Online]. Available: https://sectigostore.com/blog/ddos-attack-statistics-a-look-at-the-most-recent-and-largest-ddos-attacks/.
- N. Anthony Chadd, "DDoS attacks: past, present and future".
- J. Vijayan. [Online]. Available: https://www.darkreading.com/attacks-breaches/sql-injection-attacks-represent-two-third-of-all-web-app-attacks/d/d-id/1334960.
- R. A. Manjula Suresh, "Evaluating Machine Learning Algorithms for Detecting DDoS Attacks".
- P. H. H. Nguyen Ngoc Tuan, "A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN," 2020.
- T. X. Y. Mahjabin and G. J. Sun, "A survey of distributed denial-of-service attack, prevention, and mitigation techniques," vol. 13, no. 12, 2017.
- A.M. Christos Douligeris, "DDOS ATTACKS AND DEFENSE MECHANISMS: A CLASSIFICATION".
- J. Kuhns, "Global Information Assurance Certification Paper," 2001.
- 2001 CERT Advisories, CERT Division.
- D. Dittrich, "The DoS Project's ‘trinoo’ distributed denial of service attack tool".
- P. J. Criscuolo, "Distributed Denial of Service," 2000, p. 8.
- A.M. Christos Douligeris, "DDOS ATTACKS AND DEFENSE MECHANISMS: A CLASSIFICATION".
- S. S.Lakshminarasimman, "Detecting DDoS Attacks using Decision Tree AlgorithmAlgorithm," 2017.
- P. T. H. a. K. T. Khaing, "Detection Model for Daniel-of-Service Attacks using Random Forest and k-Nearest Neighbors," 2013.
- T. A. D. K.R.W.V.Bandara, "Preventing DDoS attack using Data mining Algorithms," 2016.
- A.K. D. G. a. D. N. H. T. Sagar Pande, "DDOS Detection Using Machine Learning Technique".
- A.M. Y. J. M. R. Kazi Abu Taher, "Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection," 2019.
- S. Mishra, "SQL Injection Detection Using Machine Learning," 2019.
- W. Aorso, "AMNESIA Analysis and Monitoring for Neutralizing SQL-Injection Attacks," in IEEE and ACM, 2005.
- D. a. M. V.Haldar, "Dynamic Taint Propagation for Java," 2005.
- S. SINGH. [Online]. Available: https://www.analyticsvidhya.com/blog/2019/07/how-get-started-nlp-6-unique-ways-perform-tokenization/.
- S. B. Anurekh Kumar, "Use of Query Tokenization to Detect and Prevent," IJSTE - International Journal of Science Technology & Engineering, 2015.
- J. Xu. [Online]. Available: https://towardsdatascience.com/how-to-detect-mean-tweets-with-machine-learning-deaa9dc6a8a8.
- A.S. Lohit Barki, "Detection of Distributed Denial of Service Attacks in Software Defined Networks," 2016.
- G. Saporito. [Online]. Available: https://towardsdatascience.com/a-deeper-dive-into-the-nsl-kdd-data-set-15c753364657.
- P. Aggarwal, "Analysis of KDD Dataset Attributes - Class wise For Intrusion".
Keywords
DDoS; SQL Injection; Machine learning; Knn; Random Forest and Decision Tree; NSL-KDD Dataset; Weka tool