The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been...The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been published in journals,conferences,or integrated books from the scientific repository of universities and research institutes in Indonesia.The increasing popularity of the RAMA Repository leads to security issues,including the two most widespread,vulnerable attacks i.e.,Structured Query Language(SQL)injection and cross-site scripting(XSS)attacks.An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous.This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks.The proposed system combines a Long Short–Term Memory and Principal Component Analysis(LSTM-PCA)model as a classifier.This model can effectively solve the vanishing gradient problem caused by excessive positive samples.The experiment results show that the proposed system achieves an accuracy of 96.85%using an 80%:20%ratio of training data and testing data.The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’patterns.The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded.In addition,the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.展开更多
Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the data...Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.展开更多
E-commerce,online ticketing,online banking,and other web-based applications that handle sensitive data,such as passwords,payment information,and financial information,are widely used.Various web developers may have va...E-commerce,online ticketing,online banking,and other web-based applications that handle sensitive data,such as passwords,payment information,and financial information,are widely used.Various web developers may have varying levels of understanding when it comes to securing an online application.Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the OpenWeb Application Security Project(OWASP)for its 2017 Top Ten List Cross Site Scripting(XSS).An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws.Many published articles focused on these attacks’binary classification.This article described a novel deep-learning approach for detecting SQL injection and XSS attacks.The datasets for SQL injection and XSS payloads are combined into a single dataset.The dataset is labeledmanually into three labels,each representing a kind of attack.This work implements some pre-processing algorithms,including Porter stemming,one-hot encoding,and the word-embedding method to convert a word’s text into a vector.Our model used bidirectional long short-term memory(BiLSTM)to extract features automatically,train,and test the payload dataset.The payloads were classified into three types by BiLSTM:XSS,SQL injection attacks,and normal.The outcomes demonstrated excellent performance in classifying payloads into XSS attacks,injection attacks,and non-malicious payloads.BiLSTM’s high performance was demonstrated by its accuracy of 99.26%.展开更多
文摘The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been published in journals,conferences,or integrated books from the scientific repository of universities and research institutes in Indonesia.The increasing popularity of the RAMA Repository leads to security issues,including the two most widespread,vulnerable attacks i.e.,Structured Query Language(SQL)injection and cross-site scripting(XSS)attacks.An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous.This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks.The proposed system combines a Long Short–Term Memory and Principal Component Analysis(LSTM-PCA)model as a classifier.This model can effectively solve the vanishing gradient problem caused by excessive positive samples.The experiment results show that the proposed system achieves an accuracy of 96.85%using an 80%:20%ratio of training data and testing data.The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’patterns.The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded.In addition,the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.
文摘Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.
基金funded byResearchers Supporting Project Number(RSP2023R476)King Saud University,Riyadh,Saudi Arabia。
文摘E-commerce,online ticketing,online banking,and other web-based applications that handle sensitive data,such as passwords,payment information,and financial information,are widely used.Various web developers may have varying levels of understanding when it comes to securing an online application.Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the OpenWeb Application Security Project(OWASP)for its 2017 Top Ten List Cross Site Scripting(XSS).An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws.Many published articles focused on these attacks’binary classification.This article described a novel deep-learning approach for detecting SQL injection and XSS attacks.The datasets for SQL injection and XSS payloads are combined into a single dataset.The dataset is labeledmanually into three labels,each representing a kind of attack.This work implements some pre-processing algorithms,including Porter stemming,one-hot encoding,and the word-embedding method to convert a word’s text into a vector.Our model used bidirectional long short-term memory(BiLSTM)to extract features automatically,train,and test the payload dataset.The payloads were classified into three types by BiLSTM:XSS,SQL injection attacks,and normal.The outcomes demonstrated excellent performance in classifying payloads into XSS attacks,injection attacks,and non-malicious payloads.BiLSTM’s high performance was demonstrated by its accuracy of 99.26%.