Skip to main content

SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based on Log Data

Page 1

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 09 Issue: 05 | May 2022

p-ISSN: 2395-0072

www.irjet.net

SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based on Log Data Kapil Patel1, Prof. Rajni Ranjan Singh Makwana2 1B.

Tech. Student, Dept. of Computer Science and Engineering, Madhav Institute of Technology and Science, Madhya Pradesh, India 2Assistant Professor, Dept. of Computer Science and Engineering, Madhav Institute of Technology and Science, Madhya Pradesh, India ---------------------------------------------------------------------***---------------------------------------------------------------------

Abstract - Due to continuous growth in Tech. Industry

and also due to COVID - 19 there is a huge increase in web servers and web-applications, almost every office work and educational applications are online, due to this there is huge increase in cyber attacks. So it is important to detect them as early as possible to stop it before it causes much damage to a web-application and data loss. Since web application generates huge number of logs data it is boring and difficult task to do analysis of log data manually by person. But log data is important to monitor as it contains computer generated records, which contain data about every activity and operations, so analyzing these can help in early detection of some types of attacks like SQL injection, DDOS attack, brute force attack, and cross-site scripting (XSS), etc. To improve old method of manually inspection of log analysis in this paper, an anomaly detection and classification model has been proposed, which can also be used for early attack detection by analyzing log data. To build the model machine learning decision tree algorithm has been used to classify the data into three categories like normal logs, SQL injected logs and DDOS attack logs. After comparing logs data with trained model it successfully classifies the logs into different categories and also detects attacks.

filter different logs data into different categories and also demand many hours to inspect the data. In this paper a SQL injection and HTTP flood DDOS attack log anomaly detection and classification model have been proposed based on machine learning to classify the logs data into categories based on anomalous data present in logs and which further can be used to detect attacks. For building classification model a simple rule-based decision tree classifier has been used which is enough to meet demands and successfully classify the logs data. Decision tree algorithm comes under supervised machine learning algorithm, in which labeled training data of both cases normal and unusual situations is used for training model. To build the model logs data files is selected in the first step and then the parsing of logs components is done using parsing techniques, then labeling and encoding of components according to presence of some patterns or data presence in components is done and after that the labeled components of log is passed to the decision tree classifier to predict the type of log based on anomalous data present in log into three categories: Normal logs data, SQL injected logs data, HTTP Flood DDOS Attack logs data.

Key Words: Log data, Machine Learning, Decision Tree, SQL Injection, HTTP Flood DDOS Attack

Experiments with 45897 logs data from real webapplication hosted on local XAMPP server, building and testing model shows overall accuracy of 98.88% of classification and detection.

1. INTRODUCTION

2. BACKGROUND

Now a days due to improvement in cyber world and easily available tools web applications faces many suspicious activities and attacks because of script kiddies, they generally performs scanning and attacks a website using an automated vulnerability scanner tools or trying to fuzz script (code) into a parameter for SQL injection, cross-site scripting (XSS) etc. and often performs DDOS attacks to down the server working etc. In many such cases, logs on the web-server have to be monitored and analyzed to figure out what is going on. If it is a serious case and suspicious matter then requires a cyber expert for forensic investigation. Since running server generates huge amount and different types of logs data it is very difficult to monitor manually, even though it is not efficient enough to

In this part of the paper brief introduction of HTTP flood DDOS attack , followed by SQL injection, and then followed by the introduction to the web logs is presented.

© 2022, IRJET

|

Impact Factor value: 7.529

|

2.1 HTTP Flood DDOS Attack DDOS-simply stands for Distributed Denial Of Service. It could be of any kind like hijacking a server, port overloading, denying internet based services etc. HTTP flood DDOS attack is an application layer volumetric attack, mainly focus on crashing the web servers and online web applications. These attacks are comparatively sophisticated, here a huge number of legitimate looking HTTP GET, or POST requests are used to flood the server in ISO 9001:2008 Certified Journal

|

Page 1219

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: and more. Sign up and create your flipbook.
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based on Log Data by IRJET Journal - Issuu