ระบบตรวจจับและป้องกันการโจมตีด้วยการแทรกคำสั่งเอสคิวแอลจากข้อมูล ไฟล์บันทึกเหตุการณ์ สำหรับเว็บแอปพลิเคชันที่พัฒนาด้วยภาษาพีเอชพี

Chanakit Mitsongkore

doi:10.65205/jcct.2026.e3560

Authors

Chanakit Mitsongkore Program in Digital Content Design, Faculty of Humanities and Social Sciences, Kanchanaburi Rajabhat University, Kanchanaburi 71190, Thailand https://orcid.org/0009-0002-0406-1030

DOI:

https://doi.org/10.65205/jcct.2026.e3560

Keywords:

SQL Injection Detection, Logfile Analysis, Weight-based Scoring, Web Application Security

Abstract

This research aims to 1) analyze real-world SQL Injection attack patterns from system Logfile, 2) design and develop an automated SQL Injection detection and prevention system using rule-based techniques, and 3) evaluate the system's performance. Methodology The study was conducted in three phases 1) collecting and analyzing 4,649 historical log records to establish detection rules 2) validating the algorithm with a new dataset of 4,312 records and 3) evaluating performance using TP, FP, FN, and TN metrics through a real-world deployment on the Cultural Map Thailand information system over a period of 830 days. The findings demonstrate that the system achieved up to 100% Accuracy and F1-Score across all testing phases under controlled conditions. During the practical implementation, the system successfully detected a total of 25,660 attack attempts. Furthermore, the results indicate a significant decrease in the average daily attack rate post-deployment, illustrating the system's deterrent effect and its capability to effectively identify complex evasion techniques. This approach significantly enhances the long-term security posture of web-based information systems.

Downloads

Download data is not yet available.

References

Alghawazi, M., Alghazzawi, D., & Alarifi, S. (2022). Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review. Journal of Cybersecurity and Privacy, 2(4), 764–777. https://doi.org/10.3390/jcp2040039

Arnap, A., & Kusrini. (2024). Enhancing SQL Injection Attack Detection Using Naïve Bayes and SMOTE Method on Imbalanced Datasets. Journal of Artificial Intelligence and Engineering Applications, 4(1), 74–81. https://doi.org/10.59934/jaiea.v4i1.559

Das, D., Sharma, U., & Bhattacharyya, D. K. (2019). Defeating SQL Injection Attack in Authentication Security: An Experimental Study. International Journal of Information Security, 18(1), 1–22. https://doi.org/10.1007/s10207-017-0393-x

Fu, H., Guo, C., Jiang, C., Ping, Y., & Lv, X. (2023). SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic. Electronics, 12(11), 2472. https://doi.org/10.3390/electronics12112472

Hofesh, B. (2022). SQL Injection Attack: How It Works, Examples and Prevention. Bright Security. https://brightsec.com/blog/sql-injection-attack

Kaur, J., Garg, U., & Bathla, G. (2023). Detection of Cross-Site Scripting (XSS) Attacks Using Machine Learning Techniques: A Review. Artificial Intelligence Review, 56(11), 12725-12769. https://doi.org/10.1007/s10462-023-10433-3

Lu, D., Fei, J., & Liu, L. (2023). A Semantic Learning-Based SQL Injection Attack Detection Technology. Electronics, 12(6), 1344. https://doi.org/10.3390/electronics12061344

Muhammad, T., & Ghafory, H. (2022). SQL Injection Attack Detection Using Machine Learning Algorithm. Mesopotamian Journal of CyberSecurity, 2022, 5-17. https://doi.org/10.58496/MJCS/2022/002

Mutedi, A., & Tjahjono, B. (2022). Systematic Literature Review: Preventing SQL Injection Attacks Using Tools OWASP CSR Web Application Firewall. Jurnal Informatika Universitas Pamulang, 7(1), 151-156.

OWASP. (2021). Introduction: Welcome to the OWASP Top 10-2021. https://owasp.org/Top10/2021/A00_2021_Introduction

Pan, Y., Sun, F., Teng, Z., White, J., Schmidt, D. C., Staples, J., & Krause, L. (2019). Detecting Web Attacks with End-to-End Deep Learning. Journal of Internet Services and Applications, 10(1), 16. https://doi.org/10.1186/s13174-019-0115-x

Securities and Exchange Commission. (2023). Cyber Attack Trends 2023, Based on Data from the National Cyber Security Agency. https://www.sec.or.th/th/pages/cyberresilience-statistics-2566.aspx (In Thai)