Prevention Of Sql Injection Attack Using Unsupervised Machine Learning Approach

Document Type : Primary Research paper

Authors

1 assistant Professor, Department Of Computer Technology (Ug), Kongu Engineering College, Erode-638060, Tamilnadu, India,

2 Associate Professor, Department Of Computer Science & Engineering, K.S.R. College Of Engineering, Tiruchengode- 637215, Tamilnadu, India,

3 Associate Professor, Department Of Computer Science & Engineering, Saveethaschool Of Engineering, Saveetha Institute Of Medical And Technical Sciences, Chennai,Tamilnadu, India,

4 professor& Head, Department Of Computer Science & Engineering, K.S.R. College Of Engineering, Tiruchengode - 637215, Tamilnadu, India,

Abstract

Now A Day’s Online Web Applications Or Online Database Applications Are
Increasingly Exposed To Various Kinds Of Attacks. One Such Attack To Steal Data Is
Called Sql Injection Attacks In Which Attackers Modify The Sql Query Initiated By The
User And Adds Malicious Code To Access And Manipulate The Information In The Web
Application Or Database. One Way To Prevent Such Attacks Is To Update And Test Web
Application Firewall (Waf) Regularly. Due To Tremendous Growth In Technology,
Attackers Who Intend To Attack The Applications Find Numerous New Ways To Enter
Into The System. In This Paper, We Incorporate The Concept Of Machine Learning With
Waf That Maximizes The Effectiveness Of Existing Systems. The Approach Adopted In
This Paper Is Unsupervised Machine Learning Technique Which Uses K-Means
Clustering Algorithm. The Flow Of The Proposed System Can Be Given As: The End User
Makes A Query In The Web Application, And The Values Of Query Are Extracted And
Sent To The Sql Injection Detector, Which Provides Two Layers Of Security. In The First
Layer Of Security, Patterns Are Created Using Context-Free Grammar (Cfg) For Low
Level Attacks. The Second Layer Of Security For High Level Attacks Is Trained Using
Unsupervised Learning Algorithm.

Keywords