Skip to main content
SpringerLink
Log in

Automatic Detection of Injection Attacks by Machine Learning in NoSQL Databases

  • Conference paper
  • First Online:
Pattern Recognition (MCPR 2021)

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 12725))

Included in the following conference series:

Abstract

NoSQL databases were created for the purpose of manipulating large amounts of data in real time. However, at the beginning, security was not important for their developers. The popularity of SQL generated the false belief that NoSQL databases were immune to injection attacks. As a consequence, NoSQL databases were not protected and are vulnerable to injection attacks. In addition, databases with NoSQL queries are not available for experimentation. Therefore, this paper presents a new method for the construction of a NoSQL query database, based on JSON structure. Six classification algorithms were evaluated to identify the injection attacks: SVM, Decision Tree, Random Forest, K-NN, Neural Network and Multilayer Perceptron, obtaining an accuracy with the last two algorithms of 97.6%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Eassa, A., El-Bakry, H., Al-Tarawneh, O., Salama, A.: NoSQL racket: a testing tool for detecting NoSQL injection attacks in web applications. Int. J. Adv. Comput. Sci. Appl. 8, 614–622 (2017). ResearchGate, Fuzhou, China

    Google Scholar 

  2. Ma, H., Wu, T., Chen, M., Yan, R., Pan, J.: A parse tree-based NoSQL injection attacks detection mechanism. J. Inf. Hiding Multimed. Signal Process. 8, 916–928 (2017). ResearchGate, Fuzhou, China

    Google Scholar 

  3. APISecurity. https://apisecurity.io/issue-15-fortnite-hack-tls-mitm-attacks-sql-injections-for-nosql/. Accessed 24 Jan 2019

  4. Islam, R., Islam, S., Ahmed, Z., lqbal, A., Shahriyar, R.: Automatic detection of NoSQL injection using supervised learning. In: 43rd Annual Computer Software and Applications Conference (COMPSAC), pp. 760 – 769. IEEE, Milwaukee, USA (2019)

    Google Scholar 

  5. Eassa, A., Elhoseny, M., El-Bakry, H., et al.: NoSQL injection attack detection in web applications using RESTful service. Programm. Comput. Softw. 44, 435–444 (2018). Springer, Cairo, Egypt

    Article  Google Scholar 

  6. Hasan, M., Balbahaith, Z., Tarique, M.: Detection of SQL injection attacks: a machine learning approach. In: International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6. IEEE, Ras Al Khaimah, United Arab Emirates (2019)

    Google Scholar 

  7. Ron, A., Bronshtein, E., Shulman-Peleg, A.: No SQL, no injection? Exam. NoSQL Secur. J. 1, 1–4 (2015). ResearchGate

    Google Scholar 

  8. Websecurify. https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html. Accessed 14 Aug 2020

  9. InfoQ. https://www.infoq.com/articles/nosql-injections-analysis/. Accessed 18 June 2017

  10. Researchgate. https://www.researchgate.net/publication/350671150_NoSQL_dataset

  11. Regexper. https://regexper.com/. Accessed 08 Oct 2020

  12. WEKA. https://www.cs.waikato.ac.nz/ml/weka/. Accessed 25 Nov 2020

  13. Zhang, K.: A machine learning based approach to identify SQL injection vulnerabilities. In: 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1286–1288. IEEE, San Diego, CA, USA (2019)

    Google Scholar 

  14. Ross, K., Moh, M., & Moh, T.: Multi-Source Data Analysis and Evaluation of Machine Learning Techniques for SQL Injection Detection. In: Proceedings of the ACMSE 2018 Conference (ACMSE ‘18), pp. 1–8. ACM, New York, NY, USA (2018)

    Google Scholar 

  15. Singh, G., Kant, D., Gangwar, U., Singh, U., Pratap, A.: SQL Injection detection and correction using machine learning techniques. In: Satapathy, S., Govardhan, A., Raju, K., Mandal, J. (eds.) Emerging ICT for Bridging the Future - Proceedings of the 49th Annual Convention of the Computer Society of India (CSI). Advances in Intelligent Systems and Computing, vol. 337, pp. 435–442. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-13728-5_49

    Chapter  Google Scholar 

  16. Tripathy, D., Gohil, R., Halabi, T.: Detecting SQL injection attacks in cloud SaaS using machine learning. In: 2020 IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) & IEEE Intl Conference on Intelligent Data and Security (IDS), pp. 145–150. IEEE, Baltimore, MD, EE. UU (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LABSIS, Grupo TIAP, Universidad Señor de Sipán, Pimentel, Peru

    Heber I. Mejia-Cabrera, Daniel Paico-Chileno & Victor A. Tuesta-Monteza

  2. Semillero Lún, Facultad de Ingeniería, Grupo D+Tec, Universidad de Ibagué, Ibagué, Colombia

    Jhon H. Valdera-Contreras & Manuel G. Forero

Authors
  1. Heber I. Mejia-Cabrera
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Paico-Chileno
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jhon H. Valdera-Contreras
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Victor A. Tuesta-Monteza
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manuel G. Forero
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Heber I. Mejia-Cabrera , Daniel Paico-Chileno , Jhon H. Valdera-Contreras , Victor A. Tuesta-Monteza or Manuel G. Forero .

Editor information

Editors and Affiliations

  1. Instituto Tecnológico Autónomo de México, Mexico City, Mexico

    Edgar Roman-Rangel

  2. Instituto Tecnológico Autónomo de México, Mexico City, Mexico

    Ángel Fernando Kuri-Morales

  3. Instituto Nacional de Astrofísica, Óptica y Electrónica, Puebla, Mexico

    José Francisco Martínez-Trinidad

  4. Instituto Nacional de Astrofísica, Óptica y Electrónica, Puebla, Mexico

    Jesús Ariel Carrasco-Ochoa

  5. Autonomous University of Puebla, Puebla, Mexico

    José Arturo Olvera-López

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mejia-Cabrera, H.I., Paico-Chileno, D., Valdera-Contreras, J.H., Tuesta-Monteza, V.A., Forero, M.G. (2021). Automatic Detection of Injection Attacks by Machine Learning in NoSQL Databases. In: Roman-Rangel, E., Kuri-Morales, Á.F., Martínez-Trinidad, J.F., Carrasco-Ochoa, J.A., Olvera-López, J.A. (eds) Pattern Recognition. MCPR 2021. Lecture Notes in Computer Science(), vol 12725. Springer, Cham. https://doi.org/10.1007/978-3-030-77004-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77004-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77003-7

  • Online ISBN: 978-3-030-77004-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation