Machine Learning-Based Technique to Detect SQL Injection Attack

:- Lack of secure codes implemented in the web apps will lead to cyber-attack because of vulnerabilities. The statistic shows that highest record on the data theft related cyber-attacks are through the SQL injection technique. Hence, an effective SQL injection detection is needed in any web system to combat this threat. In this research, machine learning technique is used where training is provided to the SQL injection detector using a training data and then is evaluated against a testing data. The research relies on the preparation of the training and testing datasets. Training sets are used by the detector to establish the knowledge base and the test set is used to evaluate the performance of the detector. The result of the detection shows that the proposed technique produces high accuracy in recognizing malicious and begin web requests.


Introduction
As data is the most critical asset to any organization nowadays, the rise of cyber threat and cyberattack to the organisation's database is increasing. Hackers are the culprit and threat to data privacy and as an example, they could launch an SQL Injection Attack (SQLIA) against vulnerable websites. Furthermore, there are many existing tools that can be used to check a website's vulnerabilities and execute hacking activities automatically. These tools give an attacker more chance of getting into the web system database.
If a web developer has no proper security knowledge, he/she will likely develop codes that contain vulnerabilities. It is hard to implement secure odes to defend websites against such attacks. Because of that, the systems they developed are vulnerable to SQL injection attacks. SQL injection is a type of attack to manipulate the website to disclose sensitive data by injecting malicious SQL queries to the database. Hence, I the SQL injection can be recognised earlier, it can hel security officer or security analyst to terminate the attack.
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) can be used to detect SQL injections (Patil et al., 2017). In this research, a machine learning technique is used to detect an SQL injection attack by comparing the website access log file with the knowledge-based of malicious features. Machine learning part will undergo some training and which will then be used to scan the log for classifying where the log is being injected or not. The classification will result in a malicious or benign web request Literature:-SQL attact Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Intelligence SQL intelligence is the provision of evidence-based knowledge about existing or potential Intrusion. Benefits of threat intelligence include improved efficiency and effectiveness in security operations in terms of detective and preventive capabilities.
Successful threat intelligence within the cyber domain demands a knowledge base of threat information and an expressive way to represent this knowledge. This purpose is served by the use of taxonomies, sharing standards, and ontologies. This paper introduces the Cyber Threat Intelligence (CTI) model, which enables cyber defenders to explore their threat intelligence capabilities and understand their position against the ever-changing cyber threat landscape.
Probabilistic Threat Detection for Risk Management in Cyber-physical Medical Systems edical devices are complex cyber-physical systems exposed to numerous security risks and vulnerabilities.
This article presents a dynamic risk management and automated threat mitigation approach based on a probabilistic threat estimation framework. A smart connected pacemaker case study illustrates the approach Managing cyber threat intelligence in a graph databaseEfforts to cope jointly with the ever-increasing number of breach incidents have resulted in the establishment of the standard format and protocol and given birth to many consultative groups. In addition, various channels that distribute This paper also proposes a method of supporting the detection provided by existing security equipment with the information saved in the graph database and an effective method of analysis.
Lastly, the paper discusses the advantages that can be expected from saving cyber threat information in the graph database developed using information Collected From the outside. Cyber Threat Intelligence information free of charge have emerged, and studies on utilizing such channels have spread.
As the market for sharing information professionally is expanding, the need to manage the shared information in various ways in order to achieve better result has arisen. This paper proposes a standardized management structure and method based on the standardized format and a meaning and standard of Cyber Threat Intelligence that can be shared outside when loading OS INT information collected from various channels into the graph database A Design of IL-CyTIS for Automated Cyber Threat Detection As cyber squabbling has been intensified, the necessity of sharing cyber threat information has increased. Therefore, attempts to develop a technology to upgrade and Machineen the related system will continue. In particular, it is anticipated that automated response and analysis using machine learning will be actively conducted.
With the security situation in Cyberspace constantly becoming worse, Cy ber threat detection has attracted a lot of researching attentions. In this paper, exist ing detection technologies are firstly reviewed. Secondly, a framework of capturing the abnormal traffic of botnets is proposed.

SVM can be of two types:
o Linear SVM: Linear SVM is used for linearly separable data, which means if a dataset can be classified into two classes by using a single straight line, then such data is termed as linearly separable data, and classifier is used called as Linear SVM classifier.
o Non-linear SVM: Non-Linear SVM is used for non-linearly separated data, which means if a dataset cannot be classified by using a straight line, then such data is termed as non-linear data and classifier used is called as Non-linear SVM classifier. . s Step 1 Step 2 Step 4 Step 3 IJCRT23A5361 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org l421 Step 5 Step 6

Conclusion :-
This report helps machine learning to detect malicious and benign web requests de-rived from the access log files, which has successfully detected malicious log files. In addition, string matching is used to match the features in the classification phase. The main constraint of SQLIA research is to acquire reputable and suitable dataset on-line. Therefore, data collection is developed in-house, by setting up a simple login website and perform SQL Injection attacks. Fortunately, there are platform such as DVWA that can be used to perform injections to creates datasets. As a result, only a few samples of SQL injection dataset can be used for training and testing.
This research can be enhanced and improved further by implementing detection in real time, where detection of SQL injections can be discovered and stop faster before any damage inflicts the system. In addition, detecting the web request by session can improve the accuracy of the detector

Future scope:-
As future work, we want to evaluate methods using different web based application script with public domain to achieve great accuracy in SQL injection prevention approaches. Integrate SQLiX with nikto HTTP scanner, HTTP scanning proxies, and with metasploit will helps to detect other web vulnerabilities. Also add feature to dumpvenerable database and database schema.