Automatic Detection of Injection Attacks by Machine Learning in NoSQL Databases

Heber I. Mejia-Cabrera, Daniel Paico-Chileno, Jhon H. Valdera-Contreras, Victor A. Tuesta-Monteza, Manuel G. Forero

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

NoSQL databases were created for the purpose of manipulating large amounts of data in real time. However, at the beginning, security was not important for their developers. The popularity of SQL generated the false belief that NoSQL databases were immune to injection attacks. As a consequence, NoSQL databases were not protected and are vulnerable to injection attacks. In addition, databases with NoSQL queries are not available for experimentation. Therefore, this paper presents a new method for the construction of a NoSQL query database, based on JSON structure. Six classification algorithms were evaluated to identify the injection attacks: SVM, Decision Tree, Random Forest, K-NN, Neural Network and Multilayer Perceptron, obtaining an accuracy with the last two algorithms of 97.6%.

Original languageEnglish
Title of host publicationPattern Recognition - 13th Mexican Conference, MCPR 2021, Proceedings
EditorsEdgar Roman-Rangel, Ángel Fernando Kuri-Morales, José Francisco Martínez-Trinidad, Jesús Ariel Carrasco-Ochoa, José Arturo Olvera-López
PublisherSpringer Science and Business Media Deutschland GmbH
Pages23-32
Number of pages10
ISBN (Print)9783030770037
DOIs
StatePublished - 2021
Externally publishedYes
Event13th Mexican Conference on Pattern Recognition, MCPR 2021 - Virtual, Online
Duration: 23 Jun 202126 Jun 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12725 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th Mexican Conference on Pattern Recognition, MCPR 2021
CityVirtual, Online
Period23/06/2126/06/21

Bibliographical note

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.

Keywords

  • Classification
  • Data security
  • Data set construction
  • Injection attack
  • JSON
  • Machine learning
  • NoSQL

Fingerprint

Dive into the research topics of 'Automatic Detection of Injection Attacks by Machine Learning in NoSQL Databases'. Together they form a unique fingerprint.

Cite this