Open AccessHybrid method integrating SQL-IF and Naïve Bayes for SQL injection attack avoidance
Author(s) -
Faisal Yudo Hernawan,
Indra Hidayatulloh,
Ipam Fuaddina Adam
Publication year - 2021
Publication title -
journal of engineering and applied technology
Language(s) - English
Resource type - Journals
eISSN - 2716-2265
pISSN - 2716-2257
DOI - 10.21831/jeatech.v1i2.35497
Subject(s) - sql injection , computer science , sql , user defined function , web application , naive bayes classifier , database , data transformation services , stored procedure , data mining , query by example , operating system , artificial intelligence , world wide web , support vector machine , search engine , web search query
Web applications are the objects most targeted by attackers. The technique most often used to attack web applications is SQL injection. This attack is categorized as dangerous because it can be used to illegally retrieve, modify, delete data, and even take over databases and web applications. To prevent SQL injection attacks from being executed by the database, a system that can identify attack patterns and can learn to detect new patterns from various attack patterns that have occurred is required. This study aims to build a system that acts as a proxy to prevent SQL injection attacks using the Hybrid Method which is a combination of SQL Injection Free Secure (SQL-IF) and Naïve Bayes methods. Tests were carried out to determine the level of accuracy, the effect of constants (K) on SQL-IF, and the number of datasets on Naïve Bayes on the accuracy and efficiency (average load time) of web pages. The test results showed that the Hybrid Method can improve the accuracy of SQL injection attack prevention. Smaller K values and larger dataset will produce better accuracy. The Hybrid Method produces a longer average web page load time than using only the SQL-IF or Naïve Bayes methods.