A Comprehensive Review for Detection and Prevention Techniques for SQL Injection Attack in Cloud Computing

Authors

  • Munish Saran Research Scholar, Department of Computer Science, DDU Gorakhpur University, Gorakhpur, India Author
  • Rajan Kumar Yadav Research Scholar, Department of Computer Science, DDU Gorakhpur University, Gorakhpur, India Author
  • Pranjal Maurya Research Scholar, Department of Computer Science, DDU Gorakhpur University, Gorakhpur, India Author
  • Sangeeta Devi Research Scholar, Department of Computer Science, DDU Gorakhpur University, Gorakhpur, India Author
  • Upendra Nath Tripathi Associate Professor, Department of Computer Science, DDU Gorakhpur University, Gorakhpur, India Author

Keywords:

QL injection attack(SQLIA), Cloud Security, Machine Learning, SQL injection vulnerability, Web applicatio, Structured Query Language

Abstract

 In today’s world web applications are  integral part of our day today life. Currently there are  infinite numbers of web users around the world. These web  applications allows users to use the services provided by  them upon justa simple clicks from anywhere in the world.  Due to rapid growth as well as competition in the business  the service providers are making use of the web  applications to attract the user. Some of the common examples of the web applications are banking applications,  social networking applications, ecommerce applications  etc. There exists a variety of attacks that imposes threat on  these web applications. One of such attack is known as  SQL Injection attack. Research has shown that about 64%  of the overall web applications running worldwide are  prone to SQLIA. SQL injection is a SQL code injection  technique, which forces the database to execute malicious  SQL commands that can perform unwanted actions on the  underlying database such as getting access to private  information or even deleting the entire tables or the  database itself. So the prevention against such an attack is  must for the web applications.  Various research work in this area have been carried out so  as to provide better and more accurate defence mechanism  against SQLIA, but still the incident of SQLIA are reported  time and again even with big cloud service providers. This  paper reviews some latest work from some of the best  journals in this area.

Downloads

Download data is not yet available.

References

Gu H., Zhang J., Liu T., Hu M., Zhou J., Wei T., Chen M, “DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data”. IEEE TRANSACTIONS ON RELIABILITY, pp. 188-202, 2019.

Tripathy D., Gohil R., and Halabi T., “Detecting SQL Injection Attacks in Cloud SaaS using Machine Learning”. IEEE International Conference on Big Data Security on Cloud (BigDataSecurity), High Performance and Smart Computing (HPSC) and Intelligent Data and Security (IDS), 2020.

Aliero M.S., Ghani I., Qureshi K.N., Rohani M.F, “An algorithm for detecting SQL injection vulnerability using black-box testing”. Journal of Ambient Intelligence and Humanized Computing, pp. 249-266, 2019.

Hasan M., Balbahaith Z., Tarique M., “Detection of SQL Injection Attacks: A Machine Learning Approach”. International Conference on Electrical and Computing Technologies and Applications (ICECTA), 2019.

Li Q., Wang F., Wang J., Li W., “LSTM-Based SQL Injection Detection Method for Intelligent Transportation System”. IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, pp. 4182-4191, 2019.

Latchoumi T.P., Reddy M.S., Balamurugan K., “Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention”. European Journal of Molecular & Clinical Medicine, 2020.

Hlaing Z.C.S.S., Khaing M., “A Detection and Prevention Technique on SQL Injection Attacks”. IEEE Conference on Computer Applications(ICCA), 2020.

LI Q., LI W., WANG J., CHENG M., “A SQL Injection Detection Method Based on Adaptive Deep Forest”. IEEE Access, pp. 145385-145394, 2019.

Abikoye O.C., Abubakar A., Dokoro A.D., Akande O.N., Kayode A.A, “A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm”. EURASIP Journal on Information Security, 2020.

Durai K.N., Subha R., Haldorai A, “A Novel Method to Detect and Prevent SQLIA Using Ontology to Cloud Web Security”. Wireless Personal Communications, 2020.

Patil A., Athawale S.V., Tathawade. P., Laturkar A., Takale R., “A Multilevel System to Mitigate DDoS, Brute force and SQL Injection Attack for Cloud Security”. IEEE, International Conference on Information, Communication, Instrumentation and Control, 2017.

Yassin M., Slimane H., Talhi T., Boucheneb H., “SQLIIDaaS: A SQL injection intrusion detection framework as a service for SaaS providers”. IEEE 4th International Conference on Cyber Security and Cloud Computing, 2017.

Uwagbole S.O., Buchanan W.J., Fan L., “Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention”. 3rd International Workshop on Security for Emerging Distributed Network Technologies, 2017.

Leelavathy S., Jaichandran R. Shobana R., Bhaskaran S., Aravindh, Prathyunnan., “A Secure Methodology to Detect and Prevent Ddos and Sql Injection Attacks”. Turkish Journal of Computer and Mathematics Education, 2021.

Jemal I., Cheikhrouhou O., Hamam H. Mahfoudhi A., “SQL Injection Attack Detection and Prevention Techniques Using Machine Learning”. International Journal of Applied Engineering Research, pp. 569-580, 2020.

Hu J., Zhao W., Cui Y., “A Survey on SQL Injection Attacks, Detection and Prevention”. ICMLC: International

Conference on Machine Learning and Computing, pp. 483- 488, 2020.

Uwagbole S.O., Buchanan W.J., Fan L., “Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention”. IFIP/IEEE International Symposium on Integrated Network Management, 2017.

Alwan Z.S., Younis M.F., “Detection and Prevention of SQL Injection Attack: A Survey”. International Journal of Computer Science and Mobile Computing, pp. 5-17, 2017.

Marashdeh Z., Suwais K., Alia M., “A Survey on SQL Injection Attack: Detection and Challenges”. International Conference on Information Technology (ICIT), 2020.

Sharma K., Bhatt S., “SQL injection attacks - a systematic review”. International Journal of Information and Computer Security, pp. 493-509, 2019.

Fu X., Wang Z. , Chen Y., Chen Y., Wu H., “SQL Injection in Cloud: An Actual Case Study”. International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pp. 137-147, 2019.

Xiao F., Zhijian W., Meiling W., Ning C., Yue Z., Lei Z., Pei W., Xiaoning C., “An old risk in the new era: SQL injection in cloud environment”. International Journal of Grid and Utility Computing, pp. 43-54, 2021.

Kourai, K., T. Azumi, and S. Chiba. A self-protection mechanism Pietraszek T., Berghe C.V. Defending against Injection Attacks through Context-Sensitive String evaluation. Recent Advances in Intrusion Detection, pp: 124-145.

Su Z., Wassermann G. The essence of command injection attacks in _b applications. ACM Symposium on Principles of Programming Languages.

Hegde A.K., Jayanthi P.N., “A Survey on SQL Injection Attacks and Prevention Methods”. International Research Journal of Engineering and Technology, pp. 535-537, 2020.

McClure RA., Kruger I.H., “SQL DOM: compile time checking of dynamic SQL statements”. International Conference on, pp. 88- 96.

Wei K., Muthuprasanna M., Kothari S. Preventing SQL Injection Attacks in Stored Procedures. Proceedings of the 2006 Australian Software Engineering Conference (ASWEC'06 IEEE).

Chowdhury S., Nandi A., Ahmad M., Jain A., Pawar M., “A Comprehensive Survey for Detection and Prevention of SQL Injection”. 7th International Conference on Advanced Computing and Communication Systems (ICACCS), 2021.

Bhateja N., Sikka S., Malhotra A., “A Review of SQL Injection Attack and Various Detection Approaches”. Smart and Sustainable Intelligent Systems, 2021.

Johny J.H.B., Nordin W.A.F.B., Lahapi N.M.B., Leau Y., “SQL Injection Prevention in Web Application: A Review”. International Conference on Advances in Cyber Security, 2022.

Downloads

Published

2022-10-30

How to Cite

A Comprehensive Review for Detection and Prevention Techniques for SQL Injection Attack in Cloud Computing. (2022). International Journal of Innovative Research in Engineering & Management, 9(5), 11–17. Retrieved from https://acspublisher.com/journals/index.php/ijirem/article/view/10159