CFP last date
16 December 2024
Call for Paper
January Edition
IJAIS solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 16 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Ordered Frequent Itemsets Matrix Based On Fp-Tree Structure And Apriori Algorithm

Abdulkader M. Al-Badani Abdualmajed A. Al-Khulaidi
Random Articles
Reseach Article

An Approach to Detect Cyber Attack on Server-side Application by using Data Mining Techniques and Evolutionary Algorithms

by Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Nazmus Sakib
journal cover thumbnail

International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 12 - Number 37
Year of Publication: 2021
Authors: Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Nazmus Sakib
10.5120/ijais2021451912

Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Nazmus Sakib . An Approach to Detect Cyber Attack on Server-side Application by using Data Mining Techniques and Evolutionary Algorithms. International Journal of Applied Information Systems. 12, 37 ( June 2021), 1-9. DOI=10.5120/ijais2021451912

@article{ 10.5120/ijais2021451912,
author = { Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Nazmus Sakib },
title = { An Approach to Detect Cyber Attack on Server-side Application by using Data Mining Techniques and Evolutionary Algorithms },
journal = { International Journal of Applied Information Systems },
issue_date = { June 2021 },
volume = { 12 },
number = { 37 },
month = { June },
year = { 2021 },
issn = { 2249-0868 },
pages = { 1-9 },
numpages = {9},
url = { https://www.ijais.org/archives/volume12/number37/1114-2021451912/ },
doi = { 10.5120/ijais2021451912 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T19:11:07.317962+05:30
%A Abu Syeed Sajid Ahmed
%A Afsana Afrin Brishty
%A Mehjabeen Shachi
%A Nurnaby Siddiqui Shourav
%A Nazmus Sakib
%T An Approach to Detect Cyber Attack on Server-side Application by using Data Mining Techniques and Evolutionary Algorithms
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 12
%N 37
%P 1-9
%D 2021
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cyber Attack is one of the biggest problems for people of different levels, especially for the industries, which can maliciously disable systems, steal data. It is an assault launched by cyber criminals using one or more computers against single or multiple computers or networks. Server-side attacks are launched directly from an attacker to a listening service. Server-side attacks want to compromise and infringe with data and applications on a server. Applications like web browsers, media players, email servers, office suites, and similar applications are the main targets for attackers. An injection attack is one of the most common types of attack in which the hacker can steal valuable information from the database or server and it is the most dangerous attack aimed at web applications and can lead to data theft, data loss, loss of data integrity, denial of service, as well as full system compromise. Malicious requests make it easier for attackers to attack server-side applications. Our idea has been demonstrated in this paper where a two-layer security firewall is implemented in the server-side application to detect malicious code(SQL/NoSQL injection) using both machine learning and non-machine learning approach. The first layer of the firewall that will be placed between controller and router will be responsible for detecting malicious code from the request object using input validation and a parameterized statement which is a non-machine learning approach. Moreover, the second layer of the firewall will be placed between the controller and database to detect malicious code from the query using a machine learning model. We use text mining for feature extraction from the query, GridSearchCV for best model evaluation and genetic algorithm for automated hyperparameter optimization.

References
  1. Alsobhi, H. and Alshareef, R. SQL Injection Countermeasures Methods. , 2020 International Conference on Computing and Information Technology (ICCIT-1441). (2020)
  2. Benson, V. (2017) The state of global cyber security: Highlights and key findings, Learning Tree.
  3. Website. . [Online]. Available: 02-Apr-(2021) , Cyber attacks hit over 200 organizations including Bangladesh Bank, BTRC. . [Online]. Available: https://www.dhakatribune.com/bangladesh/2021/04/02/cyberattacks- hit-over-200-organizations-including-bangladeshbank- btrc. [Accessed: 21-Apr-2021]. [Accessed: 23-Apr- 2021]
  4. By and Sobers, R. 13-Jan-(2020) , 134 Cybersecurity Statistics and Trends for 2021. . [Online]. Available: https://www.varonis.com/blog/cybersecurity-statistics/. [Accessed: 23-Apr-2021]
  5. 08-Nov-(2020) , 2021 Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends. . [Online]. Available: https://purplesec.us/resources/cyber-security-statistics/. [Accessed: 21-Apr-2021]
  6. Barolli, L. et al. (2019) Advances on P2P, Parallel, Grid, Cloud and Internet Computing: Proceedings of the 14th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2019), Springer Nature.
  7. Chen, X. et al. (2019) Machine Learning for Cyber Security: Second International Conference, ML4CS 2019, Xi’an, China, September 19-21, 2019, Proceedings, Springer Nature.
  8. Kim, M.-Y. and Lee, D.H. Data-mining based SQL injection attack detection using internal query trees. , Expert Systems with Applications, 41. (2014) , 5416–5430
  9. M., A. et al. NoSQL Racket: A Testing Tool for Detecting NoSQL Injection Attacks in Web Applications. , International Journal of Advanced Computer Science and Applications, 8. (2017)
  10. Okman, L. et al. Security Issues in NoSQL Databases. , 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. (2011)
  11. Schram, A. and Anderson, K.M. MySQL to NoSQL. , Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity - SPLASH ’12. (2012)
  12. Neumann, A. et al. An Analysis of Public REST Web Service APIs. , IEEE Transactions on Services Computing. (2018) , 1–1
  13. Chen, X. et al. (2017) Restful API Architecture Based on Laravel Framework. J. Phys. Conf. Ser. 910, 012016
  14. 08-Jul-(2019) , What is Middleware and How Does it Work? . [Online]. Available: https://www.cleverism.com/what-is-middleware-andhow- does-it-work/. [Accessed: 23-Apr-2021]
  15. Khaliluzzaman, M. and Chowdhury, I.I. Pre and post controller based MVC architecture for web application. , 2016 5th International Conference on Informatics, Electronics and Vision (ICIEV). (2016)
  16. Selfa, D.M. et al. A Database and Web Application Based on MVC Architecture. , 16th International Conference on Electronics, Communications and Computers (CONIELECOMP’ 06).
  17. Jailia, M. et al. Behavior of MVC (Model View Controller) basedWeb Application developed in PHP and .NET framework. , 2016 International Conference on ICT in Business Industry & Government (ICTBIG). (2016)
  18. Khasawneh, T.N. et al. (2020) , SQL, NewSQL, and NOSQL Databases: A Comparative Survey. , in 2020 11th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan
  19. Ul Islam, M.R. et al. (2019) , Automatic detection of NoSQL injection using supervised learning. , in 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA
  20. Johnson, P. et al. (2014) Genetic algorithm with logistic regression for prediction of progression to Alzheimer’s disease. BMC Bioinformatics 15 Suppl 16, S11
  21. Mayo, M. Using AutoML to Generate Machine Learning Pipelines with TPOT - KDnuggets. . [Online]. Available: https://www.kdnuggets.com/managing-machine-learningworkflows- with-scikit-learn-pipelines-part-4-generatingpipelines- with-automl.html/. [Accessed: 27-Apr-2021]
  22. Javel, I.M. et al. Epileptic Seizure Detection via EEG using Tree-based Pipeline Optimization Tool. , 2019 IEEE 11th International Conference on Humanoid, Nanotechnology, Information Technology, Communication and Control, Environment, and Management ( HNICEM ). (2019)
  23. Ghafarian, A. A hybrid method for detection and prevention of SQL injection attacks. , 2017 Computing Conference. (2017)
  24. Ron, A. et al. Analysis and Mitigation of NoSQL Injections. , IEEE Security & Privacy, 14. (2016) , 30–39
  25. Moore, A.W. and Lee, M.S. Efficient Algorithms for Minimizing Cross Validation Error. , Machine Learning Proceedings 1994. (1994) , 190–198
  26. Ross Quinlan, J. (2014) C4.5: Programs for Machine Learning, Elsevier.
  27. Aha, D.W. et al. Instance-based learning algorithms. , Machine Learning, 6. (1991) , 37–66
  28. Shah, S.S.H. sql injection dataset.
  29. Ferenc, R. et al. (2019) , Challenging machine learning algorithms in predicting vulnerable JavaScript functions. , in 2019 IEEE/ACM 7th International Workshop on Realizing Artificial Intelligence Synergies in Software Engineering (RAISE), Montreal, QC, Canada
Index Terms

Computer Science
Information Sciences

Keywords

Cyber Attack SQL(Structured Query Language) Injection NoSQL(Non-Structured Query Language) Injection Machine learning Data mining Evolutionary algorithms

Powered by PhDFocusTM