Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

(1) Herman Herman Mail (Department of Informatics, Universitas Ahmad Dahlan, Yogyakarta, Indonesia)
(2) Imam Riadi Mail (Department of Information System, Universitas Ahmad Dahlan, Yogyakarta, Indonesia)
(3) * Yudi Kurniawan Mail (Department of Informatics, Universitas Ahmad Dahlan, Yogyakarta, Indonesia)
*corresponding author

Abstract


In this day and age, the use of the Internet has increased. SQL injection is a serious security threat on the Internet for various dynamic websites. As the use of the Internet for various online services increases, so make the security threats that exist on the Web. SQL injection attacks are one of the most serious security vulnerabilities on the Web. Most of these vulnerabilities are caused by a lack of input validation and the use of SQL parameters. SQLMap is an application from the Kali Linux operating system that is useful for injecting data on a website by using the features available in this application. In this paper, author conducts a security assessment to detect attacks on a website, more precisely to detect SQL Injection attacks, using the K-Nearest Neighbor method and naïve bayes. The results obtained are that the website being tested has SQL Injection vulnerabilities, and the K-Nearest Neighbor method is the best method for this case because it has an accuracy of 94.2%. In comparison, the Naïve Bayes method has an accuracy of 80%.


Keywords


Security Website SQL Injection Naïve Bayes K-Nearest Neighbor

   

DOI

https://doi.org/10.29099/ijair.v7i1.795
      

Article metrics

10.29099/ijair.v7i1.795 Abstract views : 1474 | PDF views : 729

   

Cite

   

Full Text

Download

References


B Kusnandar, “Pengguna Internet Indonesia Peringkat ke-3 Terbanyak di Asia,†https://databoks.katadata.co.id/datapublish/2021/10/14/pengguna-internet-indonesia peringkat-ke-3-terbanyak-di-asia, 2021.

S. Mirdula and D Manivannan, “Security Vulnerabilities in Web Application - An attack prepective,†2013.

Worang and E. Sutanta, Sistem Basis Data. Yogyakarta: Graha Ilmu, 2004.

W. G. J. Halfond and A. Orso, “Detection and Prevention of SQL Injection Attacks,†2013.

Abdul Djalil Djayali, “Analisa Serangan SQL Injection pada server pengisian Kartu Rencana Studi(KRS) Online,†2020.

Andria and Pamungkas Ridho, “Penetration Testing Database Menggunakan Metode SQL Injection Termux,†2020.

A Raharja, “Analisis Kerentanan pada Aplikasi E-Voting Menggunakan OWASP Framework,†2019.

S. Mohammad, S. Sajjadi, and B. T. Pour, “Study of SQL Injection Attacks and Countermeasures,†vol. 2, 2013.

K Pertiwi, “Analisa Keamanan Website Dari Serangan Cross Site - Scripting (XXS) Menggunakan Framework OWASP,†2019.

Hermawan Rudi, “Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLMap di Kali Linux,†vol. 6, 2021.

Ramansyah, Prayudi Yudi, and Riadi Imam, “Deteksi Bukti Digital Game Online Pada Platform Skyegrid Menggunakan Framework FRED,†JATISI, vol. 8.

Yunanri, Riadi Imam, and Yudhana Anton, “Analisis Keamanan Webserver Menggunakan Metode Penetrasi Testing (PENTEST),†vol. 2.

Ula Muhammad, “Evaluasi Kinerja Software Web Penetration Testing,†vol. 11, 2019.

Sunyoto A and Pramono Edi, “Deteksi Serangan SQL Injection Menggunakan Hidden Markov Model,†vol. 5, 2021.

P Sitorus and A Habibi, “Teknik Pencegahan Penetrasi SQL Injeksi Dengan Pengaturan Input Type Number dan Batasan Input Pada Form Login Website,†vol. 4, 2020.

“Cyber Security Assessment,†www.itgid.org, Apr. 19, 2022.

“Web Application Security Consortium.â€

v. Syamsudha, A. R. Syed, and E. Gayatri, “The Solution of SQL Injection Vulnerability in Web Application Security,†2019.

al Azhar Muhammad, “Digital Forensic Panduan Praktis Investigasi Komputer, Jakarta: Salemba Infotek,†2012.

C Palmer, “Ethical Hacking,†vol. 40, 2001.

G Mahendra, “PENETRATION TESTING MENGGUNAKAN FRAMEWORK ISSAF DAN OWASP PADA APLIKASI DESA DIGITAL DISKOMINFO KABUPATEN GIANYAR,†vol. 4, 2021.

S. S. Ardiansyah, S. Raharjo, and J. Triyono, “Analisis Keamanan Serangan Sql InjectionBerdasarkan Metode Koneksi Database,†vol. 4, 2016.

Warman, Indra, and Ramdaniansyah Rizki, “Analisis Perbandingan Kinerja Query Database Management System (DMS) antara Mysql 6.7.16 dan MariaDB 10.1,†vol. 6, 2018.

Halib, bin Badaruddin, Edy Budirman, and Hario Jati Setyadi, “Teknik Hacking Web Server Dengan SQLMap di Kali Linux,†Jurti, vol. 1, 2017.

Lika Sudirhayanto, Halim Putra Dwi Roy, and Verdian Ihsan, “Analisa Serangan SQL Injeksi Menggunakan SqlMap,†2018.

A. Rico Agarta, “Analisa Keamanan Website Pada Universitas Gunadarma Terhadap Serangan SQL Injection,†2021.

P. Singh, K. Thevar, and B. Shaikh, “Detection of SQL Injection and XSS Vulnerability in Web Application,†2015.

Riadi Imam, “Log Analysis Techniques using Clustering in Network Forensic,†vol. 10, 2012.

Ariyus Doni, Computer Security. Yogyakarta: Andi, 2006.

Z.S. Alwan and M. F. Younis, “Detection and Prevention of SQL Injection Attack : A Survey,†vol. 6, 2017.




Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

________________________________________________________

The International Journal of Artificial Intelligence Research

Organized by: Prodi Teknik Informatika Fakultas Teknologi Bisnis dan Sains
Published by: Universitas Dharma Wacana
Jl. Kenanga No. 03 Mulyojati 16C Metro Barat Kota Metro Lampung

Email: jurnal.ijair@gmail.com

View IJAIR Statcounter

Creative Commons License
This work is licensed under  Creative Commons Attribution-ShareAlike 4.0 International License.