2021, issue 2, p. 85-89
Received 08.06.2021; Revised 15.06.2021; Accepted 24.06.2021
Published 30.06.2021; First Online 01.07.2021
Analysis of Usage of SQL Detector Based on Artificial Intelligence in Serverless Architecture
Institute for Applied System Analysis NTUU KPI, Kyiv, Ukraine
Introduction. The widespread use of the Internet leads to a fast increase of the quantity of data that goes into it. This generates interest in intruders which try different approaches to steal this data. One of the most popular approaches is SQL injection. There are a lot of measures which help to prevent and decrease the risk of being subjected to this attack: usage of code analysis tools, usage of firewalls which can filter dangerous traffic etc.
Usage of reverse proxy is analysed in this article, which with the help of machine learning algorithms checks requests for SQL injections and based on the result passes or forbids the request to go.
It is worth mentioning that such a solution is not a replacement of human expertise but addition to it, which with the help of big data can give an accurate result in most cases.
The purpose of the paper is to analyse and show effectiveness of usage of machine learning in information system security provisioning tasks with the system working in serverless architecture.
Results. A system is designed and developed which with the help of machine learning classifies received requests. The system is deployed to the cloud hosting Google Cloud Platform and integrated into an application which is designed according to the serverless architecture principles. Multiple algorithms were used to compare effectiveness of the system and percentage of successful results were calculated for each of them. Also, an average time of request execution is calculated for each algorithm.
Conclusions. Each algorithm’s result of successful request classification is above 90% which is considered to be more than acceptable. The result can be improved using more data to train machine learning models. The system fits for work in serverless applications thanks to the simplicity of its integration but it should be considered if it fits from a hardware rent point of view.
Keywords: machine learning, Google Cloud Platform, security, SQL injection.
Cite as: Naumenko T., Chernomaz V. Analysis of Usage of SQL Detector Based on Artificial Intelligence in Serverless Architecture. Cybernetics and Computer Technologies. 2021. 2. P. 85–89. (in Ukrainian) https://doi.org/10.34229/2707-451X.21.2.9
1. Naumenko T.A. Non-server technology (Functions as a Service) to create cloud-based micro-service applications. Kompiuterno-intehrovani tekhnolohii: osvita, nauka, vyrobnytstvo. 2018. 33. P. 25–30.
2. Security Best Practices. https://docs.aws.amazon.com/whitepapers/latest/serverless-architectures-lambda/security-best-practices.html (accessed: 05.06.2021).
3. 7 Cloud Computing Security Vulnerabilities and What to Do About Them. https://towardsdatascience.com/7-cloud-computing-security-vulnerabilities-and-what-to-do-about-them-e061bbe0faee (accessed: 05.06.2021).
4. Stainer P. Alarming Cybersecurity Statistics for 2021 and the Future. https://www.retarus.com/blog/en/alarming-cybersecurity-statistics-for-2021-and-the-future/ (accessed: 05.06.2021).
5. OWASP Top Ten. https://owasp.org/www-project-top-ten/ (accessed: 28.05.2021).
6. CWE/SANS most dangerous software errors. https://www.sans.org/top25-software-errors/ (accessed: 28.05.2021).
7. Halfond W.G., Viegas J., Orso A. A classification of sql-injection attacks and countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1. IEEE, 2006. P. 13–15.
8. Roberts M. Serverless Architectures. https://martinfowler.com/articles/serverless.html (accessed: 28.05.2021).
ISSN 2707-451X (Online)
ISSN 2707-4501 (Print)