SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ

Emre Polat; Halil İbrahim Bülbül

Araştırma Makalesi

SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ

Yıl 2023, Cilt: 16 Sayı: 1, 16 - 23, 23.03.2023

Emre Polat Halil İbrahim Bülbül

Öz

Makale kapsamında, SQL enjeksiyonu saldırılarının tespit edilmesinde birbirinden farklı iki veri seti kullanılmak suretiyle makine öğrenmesi uygulaması önerilmiş ve literatürde yer alan tespit ve korunma yöntemleri incelenmiştir.

Anahtar Kelimeler

SQL Enjeksiyonu Saldırısı, Siber Saldırı, Makine Öğrenmesi

Kaynakça

Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume- 2, Issue-5,, 327-330.
Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International Journal of Computer Applications, 1-10.
Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress. Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/ adresinden alındı
Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service Networks. Conference For Homeland Security.
Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson. Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 1st Annual International Computer Software and Applications Conference, (s. 1-8).
Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC Applications. 26th International Conference on Software Engineering, (s. 697-698).
Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. IEEE and ACM International Conference on Automated Software Engineering.
Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures. Computer Science, Mathematics.
Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning Approach. 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).
Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by fault injection and behavior monitoring. Conference: Proceedings of the 12th international conference on World Wide Web.
Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research Volume 15, Number 6, 569-580.
Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.

Yıl 2023, Cilt: 16 Sayı: 1, 16 - 23, 23.03.2023

Emre Polat Halil İbrahim Bülbül

Öz

Anahtar Kelimeler

SQL Enjeksiyonu Saldırısı, Siber Saldırı, Makine Öğrenmesi

Kaynakça

Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume- 2, Issue-5,, 327-330.
Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International Journal of Computer Applications, 1-10.
Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress. Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/ adresinden alındı
Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service Networks. Conference For Homeland Security.
Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson. Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 1st Annual International Computer Software and Applications Conference, (s. 1-8).
Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC Applications. 26th International Conference on Software Engineering, (s. 697-698).
Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. IEEE and ACM International Conference on Automated Software Engineering.
Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures. Computer Science, Mathematics.
Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning Approach. 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).
Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by fault injection and behavior monitoring. Conference: Proceedings of the 12th international conference on World Wide Web.
Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research Volume 15, Number 6, 569-580.
Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.

Toplam 25 adet kaynakça vardır.

Ayrıntılar

Birincil Dil	Türkçe
Konular	Mühendislik
Bölüm	Mühendislik Bilimleri
Yazarlar	Emre Polat 0000-0002-9190-2039 Halil İbrahim Bülbül 0000-0002-6525-7232
Yayımlanma Tarihi	23 Mart 2023
Kabul Tarihi	22 Ocak 2023
Yayımlandığı Sayı	Yıl 2023 Cilt: 16 Sayı: 1

Kaynak Göster

APA	Polat, E., & Bülbül, H. İ. (2023). SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ. TÜBAV Bilim Dergisi, 16(1), 16-23.

Makale Dosyaları

Tam Metin

ISSN: 1308 - 4941