Data-Mining and Hashing to Prevent Application-Layer DDoS and SQL Injection AttacksAhmed Abadulla Ashlam; Atta Badii; Frederic Theodor Stahl
In: Proceedings of the 2023 IEEE International Conferece on Advanced Systems and Emergent Technologies. International Conference on Advanced Systems and Emergent Technologies (IC_ASET-2023), April 29 - May 1, Hammamet, Tunisia, Pages 1-6, IEEE Xplore, USA, 6/2023.
Applications built specifically for the web are rapidly growing in significance. Internet access is crucial to the smooth operation of many critical services, including medical care, banking, retail, information sharing, and transportation. Since most applications are hosted in the cloud, it makes sense for data owners to be very concerned about data integrity. Malicious actors attempting to access the cloud environment must be stopped using strong security measures. Several types of attackers target the network at the same time, using different methods. The purpose of this project is to protect the database against attacks that originate from the client side. Examples of such attacks include application-layer distributed denial-of-service attacks and SQL injection attacks. Distributed denial-of-service attacks, often known as DDoS attacks, occur at the application layer when an attacker sends a flood of requests to a target service. SQL injection attacks, on the other hand, are a kind of attack that bypasses normal safeguards by launching malicious scripts directly into the database. In order to prevent application-layer DDoS attacks and SQL injection attacks, a new method has been proposed. This strategy involves ensuring that the login data (a legitimate username and password) matches both the usernames and passwords stored in the database on the client side. Additionally, it involves being able to handle this data in the form of hashing, making use of datamining, and employing the Python programming language for the implementation of cryptographic algorithms using the SHA-256 hash function. Both of these types of attacks can be prevented by implementing this strategy. Since only a few changes to the source code of the programming language are needed, this strategy can be quickly added to any web application that has already been built. This is true no matter what programming language or database was used to build the application.