Optimizing the detection of SQL injection attacks using a combination of random forest and genetic algorithms

Article Type:
Research/Original Article (دارای رتبه معتبر)

Despite all the efforts of security experts to detect SQL injection attacks, according to OWASP  report’s, SQL injection attack is still used as the most important cyber attack by attackers. In order to detect attacks, two methods are used: signature-based and behavior-based. Signature-based methods are used for known attacks, and behavior-based methods are suitable for detecting unknown attacks. Behavior-based intrusion detection systems are more useful because attacks are implemented in different ways. Behavior can be analyzed by methods such as classification, clustering, etc. One of the most important classification algorithms is the random forest algorithm which has high accuracy and on the other hand the implementation and interpretation of the results can be done easily using this algorithm. According to the studies, the accuracy of the random forest algorithm is highly dependent on its input parameters. These parameters include 9 items, including the number of trees, their depth, voting method, information gain, and so on. Optimal determination of these parameters is an optimization problem with large state space. In this research, a method based on genetic algorithm to determine the optimal values of these parameters is presented. Due to the optimal determination of the parameters, the obtained results show an improvement in the detection accuracy compared to the default state of the algorithm and other researches. The evaluation results indicate that the intrusion detection accuracy in the proposed method was %98, which is about %11 higher than the random forest algorithm with default parameters and %08 higher than previous studies.

Journal of Command and Control Communications Computer Intelligence, Volume:5 Issue: 1, 2022
87 to 98
دانلود و مطالعه متن این مقاله با یکی از روشهای زیر امکان پذیر است:
اشتراک شخصی
با عضویت و پرداخت آنلاین حق اشتراک یک‌ساله به مبلغ 1,390,000ريال می‌توانید 70 عنوان مطلب دانلود کنید!
اشتراک سازمانی
به کتابخانه دانشگاه یا محل کار خود پیشنهاد کنید تا اشتراک سازمانی این پایگاه را برای دسترسی نامحدود همه کاربران به متن مطالب تهیه نمایند!
  • حق عضویت دریافتی صرف حمایت از نشریات عضو و نگهداری، تکمیل و توسعه مگیران می‌شود.
  • پرداخت حق اشتراک و دانلود مقالات اجازه بازنشر آن در سایر رسانه‌های چاپی و دیجیتال را به کاربر نمی‌دهد.
In order to view content subscription is required

Personal subscription
Subscribe magiran.com for 70 € euros via PayPal and download 70 articles during a year.
Organization subscription
Please contact us to subscribe your university or library for unlimited access!