CFP last date
20 August 2024
Call for Paper
September Edition
IJCA solicits high quality original research papers for the upcoming September edition of the journal. The last date of research paper submission is 20 August 2024

Submit your paper
Know more
Reseach Article

A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks

by Istiaque Hashem, Minhajul Islam, Shazid Morshedul Haque, Zobaidul Islam Jabed, Nazmus Sakib
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 183 - Number 11
Year of Publication: 2021
Authors: Istiaque Hashem, Minhajul Islam, Shazid Morshedul Haque, Zobaidul Islam Jabed, Nazmus Sakib
10.5120/ijca2021921428

Istiaque Hashem, Minhajul Islam, Shazid Morshedul Haque, Zobaidul Islam Jabed, Nazmus Sakib . A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks. International Journal of Computer Applications. 183, 11 ( Jun 2021), 50-57. DOI=10.5120/ijca2021921428

@article{ 10.5120/ijca2021921428,
author = { Istiaque Hashem, Minhajul Islam, Shazid Morshedul Haque, Zobaidul Islam Jabed, Nazmus Sakib },
title = { A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2021 },
volume = { 183 },
number = { 11 },
month = { Jun },
year = { 2021 },
issn = { 0975-8887 },
pages = { 50-57 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume183/number11/31975-2021921428/ },
doi = { 10.5120/ijca2021921428 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:16:33.621748+05:30
%A Istiaque Hashem
%A Minhajul Islam
%A Shazid Morshedul Haque
%A Zobaidul Islam Jabed
%A Nazmus Sakib
%T A Proposed Technique for Simultaneously Detecting DDoS and SQL Injection Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 183
%N 11
%P 50-57
%D 2021
%I Foundation of Computer Science (FCS), NY, USA
Abstract

As people's reliance on the internet grows, they reveal their data without realizing the implications of a cyberattack. A cyberattack is any form of attack against one or more computers or networks to cause damage. These attacks have the potential to compromise network access, confidentiality, and data integrity. The most popular and powerful attacks to destroy an enterprise, server, or host are distributed denial-of-service (DDoS) and Structured Query Language injection (SQLi). A distributed denial-of-service (DDoS) attack can freeze an entire website with an intention to ransomware or push viruses. On the other hand, with a successful Structured Query Language injection (SQLi) attack, hackers can access the secret information of a legit user. To deal with DDoS and SQL injection attacks, a variety of techniques have been developed. However, hackers use different techniques to breach security mechanisms, many of which are undetectable by most intrusion detection systems because of their unpredictability. In this paper proposal of a system is given that can detect DDoS and SQL injection attacks simultaneously. Right now, there is no such system that can detect both attacks at the same time. A secure way of browsing the internet and sharing information can be ensured with this system. Webservers will be more secured.

References
  1. M. K. Pratt, 2021. [Online]. Available: https://searchsecurity.techtarget.com/definition/cyber-attack.
  2. J. Fruhlinger, 27 February 2020. [Online]. Available: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html.
  3. "CLOUDFLARE," [Online]. Available: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/.
  4. M. F. Y. Zainab S. Alwan, "Detection and Prevention of SQL Injection Attack: A Survey," vol. 6, no. 8, 2017.
  5. "OWASP," [Online]. Available: https://owasp.org/www-community/attacks/SQL_Injection.
  6. J. Thakkar. [Online]. Available: https://sectigostore.com/blog/ddos-attack-statistics-a-look-at-the-most-recent-and-largest-ddos-attacks/.
  7. N. Anthony Chadd, "DDoS attacks: past, present and future".
  8. J. Vijayan. [Online]. Available: https://www.darkreading.com/attacks-breaches/sql-injection-attacks-represent-two-third-of-all-web-app-attacks/d/d-id/1334960.
  9. R. A. Manjula Suresh, "Evaluating Machine Learning Algorithms for Detecting DDoS Attacks".
  10. P. H. H. Nguyen Ngoc Tuan, "A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN," 2020.
  11. T. X. Y. Mahjabin and G. J. Sun, "A survey of distributed denial-of-service attack, prevention, and mitigation techniques," vol. 13, no. 12, 2017.
  12. A.M. Christos Douligeris, "DDOS ATTACKS AND DEFENSE MECHANISMS: A CLASSIFICATION".
  13. J. Kuhns, "Global Information Assurance Certification Paper," 2001.
  14. 2001 CERT Advisories, CERT Division.
  15. D. Dittrich, "The DoS Project's ‘trinoo’ distributed denial of service attack tool".
  16. P. J. Criscuolo, "Distributed Denial of Service," 2000, p. 8.
  17. A.M. Christos Douligeris, "DDOS ATTACKS AND DEFENSE MECHANISMS: A CLASSIFICATION".
  18. S. S.Lakshminarasimman, "Detecting DDoS Attacks using Decision Tree AlgorithmAlgorithm," 2017.
  19. P. T. H. a. K. T. Khaing, "Detection Model for Daniel-of-Service Attacks using Random Forest and k-Nearest Neighbors," 2013.
  20. T. A. D. K.R.W.V.Bandara, "Preventing DDoS attack using Data mining Algorithms," 2016.
  21. A.K. D. G. a. D. N. H. T. Sagar Pande, "DDOS Detection Using Machine Learning Technique".
  22. A.M. Y. J. M. R. Kazi Abu Taher, "Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection," 2019.
  23. S. Mishra, "SQL Injection Detection Using Machine Learning," 2019.
  24. W. Aorso, "AMNESIA Analysis and Monitoring for Neutralizing SQL-Injection Attacks," in IEEE and ACM, 2005.
  25. D. a. M. V.Haldar, "Dynamic Taint Propagation for Java," 2005.
  26. S. SINGH. [Online]. Available: https://www.analyticsvidhya.com/blog/2019/07/how-get-started-nlp-6-unique-ways-perform-tokenization/.
  27. S. B. Anurekh Kumar, "Use of Query Tokenization to Detect and Prevent," IJSTE - International Journal of Science Technology & Engineering, 2015.
  28. J. Xu. [Online]. Available: https://towardsdatascience.com/how-to-detect-mean-tweets-with-machine-learning-deaa9dc6a8a8.
  29. A.S. Lohit Barki, "Detection of Distributed Denial of Service Attacks in Software Defined Networks," 2016.
  30. G. Saporito. [Online]. Available: https://towardsdatascience.com/a-deeper-dive-into-the-nsl-kdd-data-set-15c753364657.
  31. P. Aggarwal, "Analysis of KDD Dataset Attributes - Class wise For Intrusion".
Index Terms

Computer Science
Information Sciences

Keywords

DDoS SQL Injection Machine learning Knn Random Forest and Decision Tree NSL-KDD Dataset Weka tool