Journal of Artificial Intelligence

Volume 12 (1), 11-17, 2019


Facebook Twitter Linkedin WhatsApp E-mail
A Two-Phase Pattern Matching-parse Tree Validation Approach for Efficient SQL Injection Attacks Detection

Randa Osman Morsi and Mona Farouk Ahmed

Background and Objective: Data is one of the most valuable assets as it is the core for any organization website. SQL Injection Attack (SQLIA) is the way by which hackers gain access to data. An approach was proposed in this paper to efficiently detect SQLIA. Methodology: One of the most powerful algorithms, Parsing Tree validation (PT), depends only on accurate detection but takes much time so combining it with a fast dynamic algorithm with the purpose of learning and storing the malicious input patterns to compare with the next coming inputs will be a great achievement. An algorithm was proposed that is based on the combination of two of the existing detection algorithms: pattern matching algorithm using Aho-Corasick (AC) and PT. Results: Experiments showed that the proposed approach guarantees high accuracy of 99.9%, reasonable time which was 53.6% of PT's time and less memory usage. Conclusion: SQLIA is one of the most severe threats to the database. In general, the approaches that provide the best guard for the database against SQLIA are those that make use of a mix of primitive approaches as this leads to strengthening their merits and improving their weaknesses.

View Fulltext Back

How to cite this article:

Randa Osman Morsi and Mona Farouk Ahmed, 2019. A Two-Phase Pattern Matching-parse Tree Validation Approach for Efficient SQL Injection Attacks Detection. Journal of Artificial Intelligence, 12: 11-17.


DOI: 10.3923/jai.2019.11.17
URL: https://ansinet.com/abstract.php?doi=jai.2019.11.17

Article Statistics