Abstract:
SQL injection is one of the most threatening web application attacks used
against SQL database servers and web applications such as online learning, online
banking, and online shopping, etc. Due to the pandemic of COVID-19, a variety of web
application activities such as learning, banking, and shopping are available. Online
learning is also an important role in universities, colleges, institutions and schools for
continuous learning from anywhere and anytime. Attackers mainly target online
learning web application with these opportunities by using SQL injections to get
unauthorized access and perform unauthorized data modification. SQL Injection is also
a type of web application security vulnerability in which an attacker is able to submit a
database SQL command which is executed by a web application, exposing the back end database. To overcome this problem from attacking with SQL injection in web
applications, there are many methods to detect SQLIAs. Among them, the pattern
matching approach is one of the most popular approaches in SQL injection detection.
Pattern matching is a technique that can be used to identify or detect any anomaly
pattern in SQL query sequence. The proposed system uses Rabin-Karp Pattern
Matching Algorithm that matches the hash value of the pattern with the hash value of
the substring text. The individual characters matching will start if the hash values equal.
The hash values calculation step is required as the first step. The proposed system will
use SQL injection dataset from Kaggle. The total number of SQL injection patterns is
1224 inject patterns in this dataset. The experimented results show that the detection of
SQL injection attack types and attackers’ information (such as MAC address, IP
address, etc.) and the evaluate the performance in SQL injection detection in terms of
Accuracy (ACC). Therefore, this thesis proposes how to detect SQL injection attacks
in online learning system web application. The proposed system uses Rabin-Karp
Pattern Matching Algorithm to detect the SQL injection attacks and will be
implemented with PHP and MySQL database.
