SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ

Emre Polat; Halil İbrahim Bülbül

Research Article

SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ

Year 2023, Volume: 16 Issue: 1, 16 - 23, 23.03.2023

Emre Polat , Halil İbrahim Bülbül

Abstract

Makale kapsamında, SQL enjeksiyonu saldırılarının tespit edilmesinde birbirinden farklı iki veri seti kullanılmak suretiyle makine öğrenmesi uygulaması önerilmiş ve literatürde yer alan tespit ve korunma yöntemleri incelenmiştir.

Keywords

SQL Enjeksiyonu Saldırısı, Siber Saldırı, Makine Öğrenmesi

References

Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume- 2, Issue-5,, 327-330.
Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International Journal of Computer Applications, 1-10.
Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress. Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/ adresinden alındı
Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service Networks. Conference For Homeland Security.
Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson. Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 1st Annual International Computer Software and Applications Conference, (s. 1-8).
Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC Applications. 26th International Conference on Software Engineering, (s. 697-698).
Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. IEEE and ACM International Conference on Automated Software Engineering.
Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures. Computer Science, Mathematics.
Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning Approach. 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).
Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by fault injection and behavior monitoring. Conference: Proceedings of the 12th international conference on World Wide Web.
Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research Volume 15, Number 6, 569-580.
Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.

Year 2023, Volume: 16 Issue: 1, 16 - 23, 23.03.2023

Emre Polat , Halil İbrahim Bülbül

Abstract

Keywords

SQL Enjeksiyonu Saldırısı, Siber Saldırı, Makine Öğrenmesi

References

Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume- 2, Issue-5,, 327-330.
Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International Journal of Computer Applications, 1-10.
Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress. Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/ adresinden alındı
Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service Networks. Conference For Homeland Security.
Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson. Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL Injection Vulnerabilities. 1st Annual International Computer Software and Applications Conference, (s. 1-8).
Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC Applications. 26th International Conference on Software Engineering, (s. 697-698).
Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. IEEE and ACM International Conference on Automated Software Engineering.
Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures. Computer Science, Mathematics.
Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning Approach. 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).
Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by fault injection and behavior monitoring. Conference: Proceedings of the 12th international conference on World Wide Web.
Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research Volume 15, Number 6, 569-580.
Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.

There are 25 citations in total.

Details

Primary Language	Turkish
Subjects	Engineering
Journal Section	Mühendislik Bilimleri
Authors	Emre Polat 0000-0002-9190-2039 Halil İbrahim Bülbül 0000-0002-6525-7232
Publication Date	March 23, 2023
Acceptance Date	January 22, 2023
Published in Issue	Year 2023 Volume: 16 Issue: 1

Cite

APA	Polat, E., & Bülbül, H. İ. (2023). SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ. TÜBAV Bilim Dergisi, 16(1), 16-23.

Article Files

Full Text

ISSN: 1308 - 4941