SQL ENJEKSİYONU SALDIRILARININ MAKİNE ÖĞRENMESİ İLE TESPİTİ
Yıl 2023,
Cilt: 16 Sayı: 1, 16 - 23, 23.03.2023
Emre Polat
,
Halil İbrahim Bülbül
Öz
Makale kapsamında, SQL enjeksiyonu saldırılarının tespit edilmesinde birbirinden farklı iki veri seti kullanılmak suretiyle makine öğrenmesi uygulaması önerilmiş ve literatürde yer alan tespit ve korunma yöntemleri incelenmiştir.
Kaynakça
- Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and
Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume-
2, Issue-5,, 327-330.
- Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International
Journal of Computer Applications, 1-10.
- Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International
Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
- Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı
Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
- Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect
SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
- Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress.
Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/
adresinden alındı
- Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service
Networks. Conference For Homeland Security.
- Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri
ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
- Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st
International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
- Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson.
Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
- Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL
Injection Vulnerabilities. 1st Annual International Computer Software and Applications
Conference, (s. 1-8).
- Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC
Applications. 26th International Conference on Software Engineering, (s. 697-698).
- Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection
Attacks. IEEE and ACM International Conference on Automated Software Engineering.
- Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and
Countermeasures. Computer Science, Mathematics.
- Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning
Approach. 2019 International Conference on Electrical and Computing Technologies and
Applications (ICECTA).
- Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
- Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by
fault injection and behavior monitoring. Conference: Proceedings of the 12th international
conference on World Wide Web.
- Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention
Techniques Using Machine Learning. International Journal of Applied Engineering Research
Volume 15, Number 6, 569-580.
- Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı
Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
- Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
- Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
- Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
- OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı
Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
- Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
- Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.
Yıl 2023,
Cilt: 16 Sayı: 1, 16 - 23, 23.03.2023
Emre Polat
,
Halil İbrahim Bülbül
Kaynakça
- Alattar, M., & Medhane, S. P. (2013). R-WASP: Real Time-Web Application SQL Injection Detector and
Preventer. International Journal of Innovative Technology and Exploring Engineering, Volume-
2, Issue-5,, 327-330.
- Alazab, A., & Khresiat, A. (2016). New Strategy for Mitigating of SQL Injection Attack. International
Journal of Computer Applications, 1-10.
- Alwan, Z., & Younis, M. (2017). Detection and Prevention of SQL Injection Attack:A Survey. International
Journal of Computer Science and Mobile Computing Vol.6 Issue 8, 5-17.
- Avcı, İ., Koca, M., & Atasoy, M. (2021). Windows Tabanlı Uygulamalarda SQL Enjeksiyon Siber Saldırı
Senaryosu ve Güvenlik Önlemleri. Avrupa Bilim ve Teknoloji Dergisi Özel Sayı 28, 213-219.
- Azman, M. A., Marhusin, M. F., & Sulaiman, R. (2021). Machine Learning-Based Technique to Detect
SQL Injection Attack. Journal of Computer Science Volume 17, Number 3, 296-303.
- Clarke, J. (2009). SQL Injection Attacks and Defence. Syngress.
Crowdstrike. (2022, 11 07). Crowdstrike web sitesi: https://www.crowdstrike.com/cybersecurity-101/sqlinjection/
adresinden alındı
- Çağlayan, A., Toothaker, M., Drapeau, D., & Burke, D. (2009). Real-Time Detection of Fast Flux Service
Networks. Conference For Homeland Security.
- Daş, R., Kara, Ş., & Gündüz, M. Z. (2012). Casus Yazılımların Bilgisayar Sistemlerine Bulaşma Belirtileri
ve Çözüm Önerileri. 5. Uluslararası Bilgi Güvenliği ve Kriptoloji Konferansı. ANKARA.
- Demirol, D., Daş, R., & Baykara, M. (2013). SQL Enjeksiyon Saldırılarına Karşı Güvenlik Önlemleri. 1st
International Symposium on Dijital Forensics and Security (ISDFS'13). Elazığ.
- Elmasri, R., & Navathe, S. B. (2010). Fundamentals of Database Systems, 6th Edition. Pearson.
Forristal, J. (1998, Aralık 25). NT Web Teknolojisi Güvenlik Açıkları. Phrack, s. 54.
- Fu, X., Lu, X., Peltsverger, B., & Chen, S. (2007). A Static Analysis Framework For Detecting SQL
Injection Vulnerabilities. 1st Annual International Computer Software and Applications
Conference, (s. 1-8).
- Gould, C., Su, Z., & Devanbu, P. T. (2004). JDBC Checker: A Static Analysis Tool For SQL/JDBC
Applications. 26th International Conference on Software Engineering, (s. 697-698).
- Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection
Attacks. IEEE and ACM International Conference on Automated Software Engineering.
- Halfond, W. G., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and
Countermeasures. Computer Science, Mathematics.
- Hasan, M., Balbahaith, Z., & Tarique, M. (2019). Detection of SQL Injection Attacks: A Machine Learning
Approach. 2019 International Conference on Electrical and Computing Technologies and
Applications (ICECTA).
- Howard, M., & David, L. (2003). Writing Secure Code. Washington: Microsoft Press.
- Huang, Y.-W., Huang, S.-K., Lin, T.-P., & Tsai, C.-H. (2003). Web application security assessment by
fault injection and behavior monitoring. Conference: Proceedings of the 12th international
conference on World Wide Web.
- Jemal, I., Omar, C., Habib, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention
Techniques Using Machine Learning. International Journal of Applied Engineering Research
Volume 15, Number 6, 569-580.
- Kaggle. (2022, 07 11). Kaggle Web Sitesi: https://www.kaggle.com/ adresinden alındı
Kolukısa, A. A. (2021). WEKA ile Bulanık Mantık Uygulaması.
- Krishnan, A., Sabu, A., Sajan, P., & Sreedeep, A. (2021). SQL Injection Detection Using Machine Learning. Gestao Inovaçao e Technologias, Volume 11, Number 3.
- Laval, M., Sultan, A. B., & Shakiru, A. O. (2016). Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, , 26-35.
- Manmadhan, S., & Thankappan, M. (2012). A Method of Detecting Sql Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems 3(6), 1-8.
- OWASP. (2022, 08 15). OWASP: https://owasp.org/www-project-top-ten/ adresinden alındı
Ross, K. (2018). Master's Theses and Graduate Research. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. San Jose State University Scholar Works.
- Venturebeat. (2022, 11 07). Venturebeat web sitesi: https://venturebeat.com/security/report-35-of-educational-institutions-have-a-sqli-vulnerability/ adresinden alındı
- Vural, Y., & Sağıroğlu, Ş. (2010). Veritabanı Yönetim Sistemleri Güvenliği: Tehditler ve Korunma Yöntemleri. Politeknik Dergisi Cilt:13 Sayı:2, 71-81.