IDEAS home Printed from https://ideas.repec.org/a/spr/jtrsec/v17y2024i1d10.1007_s12198-023-00269-x.html
   My bibliography  Save this article

Securing transportation web applications: An AI-driven approach to detect and mitigate SQL injection attacks

Author

Listed:
  • Nachaat Mohamed

    (Rabdan Academy, (Homeland Security Department))

Abstract

Cybersecurity is a critical concern in the transportation sector, where web applications play a pivotal role in managing essential services and sensitive data. Among the various cyber threats, SQL injection attacks pose a significant risk, potentially leading to unauthorized access, data breaches, and disruption of transportation systems. To address this challenge, an advanced approach is proposed that combines Artificial Intelligence (AI) techniques and Natural Language Processing (NLP) to detect and mitigate SQL injection attacks in transportation web applications. In the data collection phase, a comprehensive dataset of real-world attack instances is selected from publicly available sources specializing in cybersecurity datasets. The dataset includes a diverse range of attack vectors and addresses the issue of class imbalance by incorporating both successful and unsuccessful attack attempts. The preprocessing step involves employing NLP techniques to transform the textual input data into a suitable format for AI-based detection. Tokenization, stop-word removal, and stemming are applied to ensure the model effectively analyze and recognize attack patterns. For detection, a logistic regression model is utilized to estimate the probability of a successful SQL injection attack based on the relevant features. Oversampling and undersampling techniques are employed to handle class imbalance and improve the model’s performance. Additionally, feature selection techniques are implemented to reduce noise and enhance pattern recognition. The evaluation of our proposed approach demonstrates a remarkable accuracy detection rate of 99.97%, indicating the model's high capability to identify SQL injection attacks. The precision and recall values further validate the model’s effectiveness in correctly detecting successful attacks and minimizing false positives. The success of our approach lies in its ability to integrate AI and NLP techniques effectively, offering a more robust and reliable solution for detecting and mitigating SQL injection attacks in transportation web applications. By addressing the limitations and exploring future research directions, our approach holds promise in bolstering cybersecurity measures and safeguarding critical transportation infrastructure from evolving cyber threats.

Suggested Citation

  • Nachaat Mohamed, 2024. "Securing transportation web applications: An AI-driven approach to detect and mitigate SQL injection attacks," Journal of Transportation Security, Springer, vol. 17(1), pages 1-18, December.
    • Handle: RePEc:spr:jtrsec:v:17:y:2024:i:1:d:10.1007_s12198-023-00269-x
    DOI: 10.1007/s12198-023-00269-x
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s12198-023-00269-x
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s12198-023-00269-x?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Maha Alghawazi & Daniyal Alghazzawi & Suaad Alarifi, 2023. "Deep Learning Architecture for Detecting SQL Injection Attacks Based on RNN Autoencoder Model," Mathematics, MDPI, vol. 11(15), pages 1-12, July.
    2. Sepideh Radhoush & Trevor Vannoy & Kaveen Liyanage & Bradley M. Whitaker & Hashem Nehrir, 2023. "Distribution System State Estimation and False Data Injection Attack Detection with a Multi-Output Deep Neural Network," Energies, MDPI, vol. 16(5), pages 1-22, February.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Muhammad Awais Shahid & Fiaz Ahmad & Rehan Nawaz & Saad Ullah Khan & Abdul Wadood & Hani Albalawi, 2023. "A Novel False Measurement Data Detection Mechanism for Smart Grids," Energies, MDPI, vol. 16(18), pages 1-17, September.
    2. Guoqing Zhang & Wengen Gao & Yunfei Li & Xinxin Guo & Pengfei Hu & Jiaming Zhu, 2023. "Detection of False Data Injection Attacks in a Smart Grid Based on WLS and an Adaptive Interpolation Extended Kalman Filter," Energies, MDPI, vol. 16(20), pages 1-20, October.
    3. Murilo Eduardo Casteroba Bento, 2024. "Load Margin Assessment of Power Systems Using Physics-Informed Neural Network with Optimized Parameters," Energies, MDPI, vol. 17(7), pages 1-20, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:jtrsec:v:17:y:2024:i:1:d:10.1007_s12198-023-00269-x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.