2021, issue 2, p. 85-89

Received 08.06.2021; Revised 15.06.2021; Accepted 24.06.2021

Published 30.06.2021; First Online 01.07.2021

https://doi.org/10.34229/2707-451X.21.2.9

Previous  |  Full text (in Ukrainian)  |  Next

 

UDC 004.981

Analysis of Usage of SQL Detector Based on Artificial Intelligence in Serverless Architecture

Tetiana Naumenko ORCID ID favicon Big,   Vadym Chernomaz * ORCID ID favicon Big

Institute for Applied System Analysis NTUU KPI, Kyiv, Ukraine

* Correspondence: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Introduction. The widespread use of the Internet leads to a fast increase of the quantity of data that goes into it. This generates interest in intruders which try different approaches to steal this data. One of the most popular approaches is SQL injection. There are a lot of measures which help to prevent and decrease the risk of being subjected to this attack: usage of code analysis tools, usage of firewalls which can filter dangerous traffic etc.

Usage of reverse proxy is analysed in this article, which with the help of machine learning algorithms checks requests for SQL injections and based on the result passes or forbids the request to go.

It is worth mentioning that such a solution is not a replacement of human expertise but addition to it, which with the help of big data can give an accurate result in most cases.

The purpose of the paper is to analyse and show effectiveness of usage of machine learning in information system security provisioning tasks with the system working in serverless architecture.

Results. A system is designed and developed which with the help of machine learning classifies received requests. The system is deployed to the cloud hosting Google Cloud Platform and integrated into an application which is designed according to the serverless architecture principles. Multiple algorithms were used to compare effectiveness of the system and percentage of successful results were calculated for each of them. Also, an average time of request execution is calculated for each algorithm.

Conclusions. Each algorithm’s result of successful request classification is above 90% which is considered to be more than acceptable. The result can be improved using more data to train machine learning models. The system fits for work in serverless applications thanks to the simplicity of its integration but it should be considered if it fits from a hardware rent point of view.

 

Keywords: machine learning, Google Cloud Platform, security, SQL injection.

 

Cite as: Naumenko T., Chernomaz V. Analysis of Usage of SQL Detector Based on Artificial Intelligence in Serverless Architecture. Cybernetics and Computer Technologies. 2021. 2. P. 85–89. (in Ukrainian) https://doi.org/10.34229/2707-451X.21.2.9

 

References

           1.     Naumenko T.A. Non-server technology (Functions as a Service) to create cloud-based micro-service applications. Kompiuterno-intehrovani tekhnolohii: osvita, nauka, vyrobnytstvo. 2018. 33. P. 25–30.

           2.     Security Best Practices. https://docs.aws.amazon.com/whitepapers/latest/serverless-architectures-lambda/security-best-practices.html (accessed: 05.06.2021).

           3.     7 Cloud Computing Security Vulnerabilities and What to Do About Them. https://towardsdatascience.com/7-cloud-computing-security-vulnerabilities-and-what-to-do-about-them-e061bbe0faee (accessed: 05.06.2021).

           4.     Stainer P. Alarming Cybersecurity Statistics for 2021 and the Future. https://www.retarus.com/blog/en/alarming-cybersecurity-statistics-for-2021-and-the-future/ (accessed: 05.06.2021).

           5.     OWASP Top Ten. https://owasp.org/www-project-top-ten/ (accessed: 28.05.2021).

           6.     CWE/SANS most dangerous software errors. https://www.sans.org/top25-software-errors/ (accessed: 28.05.2021).

           7.     Halfond W.G., Viegas J., Orso A. A classification of sql-injection attacks and countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1. IEEE, 2006. P. 13–15.

           8.     Roberts M. Serverless Architectures. https://martinfowler.com/articles/serverless.html (accessed: 28.05.2021).

 

 

ISSN 2707-451X (Online)

ISSN 2707-4501 (Print)

Previous  |  Full text (in Ukrainian)  |  Next

 

 

 

© Website and Design. 2019-2021,

V.M. Glushkov Institute of Cybernetics of the NAS of Ukraine,

National Academy of Sciences of Ukraine.