One of the most critical attacks, threatening the security of databases is SQL Injection attack which is mostly held through web applications. This paper proposes a new method to detect and prevent SQL Injection attack. The method is based on combination of both static and dynamic approaches and semantic analysis of queries. Run time queries are matched with static list and semantic pattern and as a result the degree of attack factor existence will be checked. Ontology is used on creation of semantic patterns. According to tests which are gathered from different databases, this method acts efficiently and flexibly enough to discover new attacks. The suggested architecture, in contrast with the others, is designed in such a way that it does not have a great database dependency and by some changes it can be used for the other databases.

The functionality of a web-based system can be a ected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) Injection attacks. For that reason, many research e orts have been made to deal with such attacks. The majority of the protection techniques adopt a defense strategy which results to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL are always a serious challenge for the web-based system. This kind of attack is still attractive to hackers and it is in growing progress. For that reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on a statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL Injection attacks. In addition, it outlines challenges, open issues, and future trends of solutions in this context.

Due to the vast number of electronic attacks that occur on a daily basis, protecting users' data is extremely important in this age of technology. Nowadays, cyber security is regarded as a top priority. Thus, the preservation of user privacy and data security is essential. The SQL vulnerability isn't a new form of website attack; it's been around for a long time. However, it is a new attack nowadays. ML algorithms were used to solve the problem of detecting SQL Injection attacks on websites. By training seven ML algorithms on a batch of data comprising SQL Injection queries, including (Naive Bayes, Neural-Network, SVM, Random-Forest, KNN, and Logistic Regression) and choosing the best model that gives the highest accuracy. In comparison to previous studies, high-precision data were obtained, with the Naive-Bayes algorithm achieving 0.99 accuracies, 0.98 precision, 1.00 recall, and a 0.99 f1-score. In this paper, experiences, work schedules, and outcomes are examined. Compared to other methods, this naive Bayes approach has proven to be quite accurate in identifying SQL Injection threats.

The use of web applications has become increasingly popular in our routine activities, such as reading the news, paying bills, and shopping on-line. As the availability of these services grows, we are witnessing an increase in the number and sophistication of attacks that target web applications. SQL Injection attacks are a serious security threat to web applications in the cyberspace. SQL Injection attacks allow attackers to gain unlimited access to a database that includes applications and potentially sensitive information. Although researchers and practitioners have proposed different methods to solve the SQL Injection problem, current approaches either fail to solve the full scope of the problem or have limitations that prevent their use and adoption. This study is designed to provide a method for detecting and preventing SQL Injection attacks at runtime, which can detect and continuously monitor the existing and new attacks. The proposed detection and prevention method by runtime monitoring and implementation of the decision tree classification on the SQL Injection database, blocks existing SQL Injection attacks and also detects new attacks using the database supervisor. In the end, the proposed method is compared with other methods for detecting and preventing existing SQL Injection attacks, the results showing that the proposed method is significantly successful in detecting and preventing SQL Injection attacks. Compared to the two methods explored in this article, the presented method increases the accuracy by 12% for one method and 16% for the other.

SQL Injection (SQLi) is one of the most common attacks against database servers and has the potential to threaten server services by utilizing SQL commands to change, delete, or falsify data. In this study, researchers tested SQLi attacks against websites using a number of tools, including Whois, SSL Scan, Nmap, Open Web Application Security Project (OWASP) Zap, and SQL Map. Then, researchers identified SQLi vulnerabilities on the tested web server. Next, researchers developed and implemented mitigation measures to protect the website from SQLi attacks. Test results using OWASP Zap identified 14 vulnerabilities, with five of them at a medium level of 35%, seven at a low level of 50%, and two at an informational level of 14%. Meanwhile, testing using SQL Map succeeded in gaining access to the database and username on the web server. The next step in this research is to provide recommendations for installing a firewall on the website as a mitigation measure to reduce the risk of SQLi attacks. The main contribution of this research is the development of a structured methodology to identify and address SQLi vulnerabilities in web servers, which play an important role in maintaining data security and integrity in a rapidly evolving online environment.

Despite all the efforts of security experts to detect SQL Injection attacks, according to OWASP report’ s, SQL Injection attack is still used as the most important cyber attack by attackers. In order to detect attacks, two methods are used: signature-based and behavior-based. Signature-based methods are used for known attacks, and behavior-based methods are suitable for detecting unknown attacks. Behavior-based intrusion detection systems are more useful because attacks are implemented in different ways. Behavior can be analyzed by methods such as classification, clustering, etc. One of the most important classification algorithms is the random forest algorithm which has high accuracy and on the other hand the implementation and interpretation of the results can be done easily using this algorithm. According to the studies, the accuracy of the random forest algorithm is highly dependent on its input parameters. These parameters include 9 items, including the number of trees, their depth, voting method, information gain, and so on. Optimal determination of these parameters is an optimization problem with large state space. In this research, a method based on genetic algorithm to determine the optimal values of these parameters is presented. Due to the optimal determination of the parameters, the obtained results show an improvement in the detection accuracy compared to the default state of the algorithm and other researches. The evaluation results indicate that the intrusion detection accuracy in the proposed method was %98, which is about %11 higher than the random forest algorithm with default parameters and %08 higher than previous studies.

SQL Injection (SQLI) is one of the most important security threats against web applications. Many tech-niques have been proposed for counteracting SQLI attacks; however, second-order attacks and the Injection attacks that are raising data-type mismatch errors have been ignored in most of them. In this paper, we propose a new anomaly-based method (deploying as a proxy between the application server and its database server) for detection and/or prevention of SQLI attacks without requiring any modi cation to the source code of vulnerable applications. The majority of attacks, which lead to a change in the syntax of applica-tion queries, are identi ed in the detection phase by lexical analysis of the queries. The remained types of attacks, such as second-order attacks and attacks generating data type mismatch errors, are prevented to be executed in the prevention phase, where each query is automatically converted to a parameterized query (before submitting to its database) using a semantic analysis method.

Despite all the efforts of security experts to detect SQL Injection attacks, according to OWASP report’ s, SQL Injection attack is still used as the most important cyber attack by attackers. In order to detect attacks, two methods are used: signature-based and behavior-based. Signature-based methods are used for known attacks, and behavior-based methods are suitable for detecting unknown attacks. Behavior-based intrusion detection systems are more useful because attacks are implemented in different ways. Behavior can be analyzed by methods such as classification, clustering, etc. One of the most important classification algorithms is the random forest algorithm which has high accuracy and on the other hand the implementation and interpretation of the results can be done easily using this algorithm. According to the studies, the accuracy of the random forest algorithm is highly dependent on its input parameters. These parameters include 9 items, including the number of trees, their depth, voting method, information gain, and so on. Optimal determination of these parameters is an optimization problem with large state space. In this research, a method based on genetic algorithm to determine the optimal values of these parameters is presented. Due to the optimal determination of the parameters, the obtained results show an improvement in the detection accuracy compared to the default state of the algorithm and other researches. The evaluation results indicate that the intrusion detection accuracy in the proposed method was %98, which is about %11 higher than the random forest algorithm with default parameters and %08 higher than previous studies.