IJIREM

Abstract

In today’s world web applications are integral part of our day today life. Currently there are infinite numbers of web users around the world. These web applications allows users to use the services provided by them upon just a simple clicks from anywhere in the world. Due to rapid growth as well as competition in the business the service providers are making use of the web applications to attract the user. Some of the common examples of the web applications are banking applications, social networking applications, ecommerce applications etc. There exists a variety of attacks that imposes threat on these web applications. One of such attack is known as SQL Injection attack. Research has shown that about 64% of the overall web applications running worldwide are prone to SQLIA. SQL injection is a SQL code injection technique, which forces the database to execute malicious SQL commands that can perform unwanted actions on the underlying database such as getting access to private information or even deleting the entire tables or the database itself. So the prevention against such an attack is must for the web applications.

Various research work in this area have been carried out so as to provide better and more accurate defence mechanism against SQLIA, but still the incident of SQLIA are reported time and again even with big cloud service providers. This paper reviews some latest work from some of the best journals in this area.

Keywords

QL injection attack(SQLIA), Cloud Security, Machine Learning, SQL injection vulnerability, Web application, Structured Query Language

Reference

Gu H., Zhang J., Liu T., Hu M., Zhou J., Wei T., Chen M, “DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data”. IEEE TRANSACTIONS ON RELIABILITY, pp. 188-202, 2019.
Tripathy D., Gohil R., and Halabi T., “Detecting SQL Injection Attacks in Cloud SaaS using Machine Learning”. IEEE International Conference on Big Data Security on Cloud (BigDataSecurity), High Performance and Smart Computing (HPSC) and Intelligent Data and Security (IDS), 2020.
Aliero M.S., Ghani I., Qureshi K.N., Rohani M.F, “An algorithm for detecting SQL injection vulnerability using black-box testing”. Journal of Ambient Intelligence and Humanized Computing, pp. 249-266, 2019.
Hasan M., Balbahaith Z., Tarique M., “Detection of SQL Injection Attacks: A Machine Learning Approach”. International Conference on Electrical and Computing Technologies and Applications (ICECTA), 2019.
Li Q., Wang F., Wang J., Li W., “LSTM-Based SQL Injection Detection Method for Intelligent Transportation System”. IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, pp. 4182-4191, 2019.
Latchoumi T.P., Reddy M.S., Balamurugan K., “Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention”. European Journal of Molecular & Clinical Medicine, 2020.
Hlaing Z.C.S.S., Khaing M., “A Detection and Prevention Technique on SQL Injection Attacks”. IEEE Conference on Computer Applications(ICCA), 2020.
LI Q., LI W., WANG J., CHENG M., “A SQL Injection Detection Method Based on Adaptive Deep Forest”. IEEE Access, pp. 145385-145394, 2019.
Abikoye O.C., Abubakar A., Dokoro A.D., Akande O.N., Kayode A.A, “A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm”. EURASIP Journal on Information Security, 2020.
Durai K.N., Subha R., Haldorai A, “A Novel Method to Detect and Prevent SQLIA Using Ontology to Cloud Web Security”. Wireless Personal Communications, 2020.
Patil A., Athawale S.V., Tathawade. P., Laturkar A., Takale R., “A Multilevel System to Mitigate DDoS, Brute force and SQL Injection Attack for Cloud Security”. IEEE, International Conference on Information, Communication, Instrumentation and Control, 2017.
Yassin M., Slimane H., Talhi T., Boucheneb H., “SQLIIDaaS: A SQL injection intrusion detection framework as a service for SaaS providers”. IEEE 4th International Conference on Cyber Security and Cloud Computing, 2017.
Uwagbole S.O., Buchanan W.J., Fan L., “Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention”. 3rd International Workshop on Security for Emerging Distributed Network Technologies, 2017.
Leelavathy S., Jaichandran R. Shobana R., Bhaskaran S., Aravindh, Prathyunnan., “A Secure Methodology to Detect and Prevent Ddos and Sql Injection Attacks”. Turkish Journal of Computer and Mathematics Education, 2021.
Jemal I., Cheikhrouhou O., Hamam H. Mahfoudhi A., “SQL Injection Attack Detection and Prevention Techniques Using Machine Learning”. International Journal of Applied Engineering Research, pp. 569-580, 2020.
Hu J., Zhao W., Cui Y., “A Survey on SQL Injection Attacks, Detection and Prevention”. ICMLC: International Conference on Machine Learning and Computing, pp. 483-488, 2020.
Uwagbole S.O., Buchanan W.J., Fan L., “Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention”. IFIP/IEEE International Symposium on Integrated Network Management, 2017.
Alwan Z.S., Younis M.F., “Detection and Prevention of SQL Injection Attack: A Survey”. International Journal of Computer Science and Mobile Computing, pp. 5-17, 2017.
Marashdeh Z., Suwais K., Alia M., “A Survey on SQL Injection Attack: Detection and Challenges”. International Conference on Information Technology (ICIT), 2020.
Sharma K., Bhatt S., “SQL injection attacks - a systematic review”. International Journal of Information and Computer Security, pp. 493-509, 2019.
Fu X., Wang Z. , Chen Y., Chen Y., Wu H., “SQL Injection in Cloud: An Actual Case Study”.
International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pp. 137-147, 2019.
Xiao F., Zhijian W., Meiling W., Ning C., Yue Z., Lei Z., Pei W., Xiaoning C., “An old risk in the new era: SQL injection in cloud environment”. International Journal of Grid and Utility Computing, pp. 43-54, 2021.
Kourai, K., T. Azumi, and S. Chiba. A self-protection mechanism Pietraszek T., Berghe C.V. Defending against Injection Attacks through Context-Sensitive String evaluation. Recent Advances in Intrusion Detection, pp: 124-145.
Su Z., Wassermann G. The essence of command injection attacks in _b applications. ACM Symposium on Principles of Programming Languages.
Hegde A.K., Jayanthi P.N., “A Survey on SQL Injection Attacks and Prevention Methods”. International Research Journal of Engineering and Technology, pp. 535-537, 2020.
McClure RA., Kruger I.H., “SQL DOM: compile time checking of dynamic SQL statements”. International Conference on, pp. 88- 96.
Wei K., Muthuprasanna M., Kothari S. Preventing SQL Injection Attacks in Stored Procedures. Proceedings of the 2006 Australian Software Engineering Conference (ASWEC'06 IEEE).
Chowdhury S., Nandi A., Ahmad M., Jain A., Pawar M., “A Comprehensive Survey for Detection and Prevention of SQL Injection”. 7th International Conference on Advanced Computing and Communication Systems (ICACCS), 2021.
Bhateja N., Sikka S., Malhotra A., “A Review of SQL Injection Attack and Various Detection Approaches”. Smart and Sustainable Intelligent Systems, 2021.
Johny J.H.B., Nordin W.A.F.B., Lahapi N.M.B., Leau Y., “SQL Injection Prevention in Web Application: A Review”. International Conference on Advances in Cyber Security, 2022.

Cites this article as

[Munish Saran, Rajan Kumar Yadav, Pranjal Maurya, Sangeeta Devi, Upendra Nath Tripathi (2022), A Comprehensive Review for Detection and Prevention Techniques for SQL Injection Attack in Cloud Computing , International Journal of Innovative Research in Engineering & Management (IJIREM), Vol-9, Issue-5, Page No-11-17], (ISSN 2347 - 5552). www.ijirem.org