Research Article
BibTex RIS Cite

SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ

Year 2023, Volume: 16 Issue: 1, 16 - 23, 23.03.2023

Abstract

Makale kapsamında, SQL enjeksiyonu saldırılarının tespit edilmesinde birbirinden farklı iki veri seti kullanılmak suretiyle makine öğrenmesi uygulaması önerilmiş ve literatürde yer alan tespit ve korunma yöntemleri incelenmiştir.

References

  • Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume- 2, Issue-5,, 327-330.
  • Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International Journal of Computer Applications, 1-10.
  • Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
  • Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
  • Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
  • Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress. Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/ adresinden alındı
  • Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service Networks. Conference For Homeland Security.
  • Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
  • Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
  • Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson. Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
  • Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 1st Annual International Computer Software and Applications Conference, (s. 1-8).
  • Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC Applications. 26th International Conference on Software Engineering, (s. 697-698).
  • Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. IEEE and ACM International Conference on Automated Software Engineering.
  • Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures. Computer Science, Mathematics.
  • Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning Approach. 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).
  • Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
  • Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by fault injection and behavior monitoring. Conference: Proceedings of the 12th international conference on World Wide Web.
  • Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research Volume 15, Number 6, 569-580.
  • Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
  • Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
  • Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
  • Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
  • OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
  • Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
  • Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.
Year 2023, Volume: 16 Issue: 1, 16 - 23, 23.03.2023

Abstract

References

  • Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume- 2, Issue-5,, 327-330.
  • Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International Journal of Computer Applications, 1-10.
  • Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
  • Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
  • Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
  • Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress. Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/ adresinden alındı
  • Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service Networks. Conference For Homeland Security.
  • Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
  • Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
  • Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson. Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
  • Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 1st Annual International Computer Software and Applications Conference, (s. 1-8).
  • Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC Applications. 26th International Conference on Software Engineering, (s. 697-698).
  • Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. IEEE and ACM International Conference on Automated Software Engineering.
  • Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures. Computer Science, Mathematics.
  • Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning Approach. 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).
  • Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
  • Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by fault injection and behavior monitoring. Conference: Proceedings of the 12th international conference on World Wide Web.
  • Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research Volume 15, Number 6, 569-580.
  • Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
  • Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
  • Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
  • Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
  • OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
  • Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
  • Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.
There are 25 citations in total.

Details

Primary Language Turkish
Subjects Engineering
Journal Section Mühendislik Bilimleri
Authors

Emre Polat 0000-0002-9190-2039

Halil İbrahim Bülbül 0000-0002-6525-7232

Publication Date March 23, 2023
Acceptance Date January 22, 2023
Published in Issue Year 2023 Volume: 16 Issue: 1

Cite

APA Polat, E., & Bülbül, H. İ. (2023). SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ. TÜBAV Bilim Dergisi, 16(1), 16-23.
ISSN: 1308 - 4941