Evaluation of SQL injection (SQLi) attack detection strategies in web applications using machine learning. Industry semester
ABSTRACT : This work evaluates strategies for detecting SQL injection attacks based on artificial intelligence to generate a recommendation that allows the improvement of the web application firewall of AizoOn Technology Consulting (Mithril). To achieve this, detection techniques known as Naïve Baye...
- Autores:
-
Taborda Echeverri, Santiago
- Tipo de recurso:
- Trabajo de grado de pregrado
- Fecha de publicación:
- 2024
- Institución:
- Universidad de Antioquia
- Repositorio:
- Repositorio UdeA
- Idioma:
- eng
- OAI Identifier:
- oai:bibliotecadigital.udea.edu.co:10495/40601
- Acceso en línea:
- https://hdl.handle.net/10495/40601
- Palabra clave:
- Bosques aleatorios
Random Forest
Seguridad computacional
Computer Security
Procesamiento de datos
http://vocabularies.unesco.org/thesaurus/concept522
Aprendizaje automático (inteligencia artificial)
Machine learning
Análisis de regresión logística
Logistic regression analysis
Integración numérica - procesamiento de datos
Numerical integration - data processing
Inteligencia artificial
Artificial intelligence
Data processing
Inyección SQL (SQLi)
Firewall de Aplicaciones Web
SVM de Una Clase
AizoOn Technology Consulting
https://id.nlm.nih.gov/mesh/D000093743
https://id.nlm.nih.gov/mesh/D016494
- Rights
- openAccess
- License
- http://creativecommons.org/licenses/by-nc-nd/2.5/co/
| Summary: | ABSTRACT : This work evaluates strategies for detecting SQL injection attacks based on artificial intelligence to generate a recommendation that allows the improvement of the web application firewall of AizoOn Technology Consulting (Mithril). To achieve this, detection techniques known as Naïve Bayes, logistic regression, random forests, and one-class support vector machines were selected based on their relevance and effectiveness demonstrated in the scientific literature and the company's expressed interests. These techniques were implemented by structuring a hybrid database integrating public data from the "SQL Injection Dataset" available on Kaggle with data processed by Mithril. This process involved data analysis, preprocessing, and conditioning. Data integration proved useful for implementing the machine learning models. Subsequently, hyperparameter tuning was performed to improve the models' performance, identifying the best configurations for each of them, thus increasing detection capabilities and minimizing false positives. The evaluation and benchmarking of the models were conducted using performance metrics such as accuracy, precision, recall, and F1-Score. Finally, the results led to the recommendation of implementing the logistic regression model in Mithril, as it achieved the best performance with accuracy and F1-Score of 99.45%. |
|---|