SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

SQL injection (SQLi), a well-known exploitation technique, is a serious risk factor for database-driven web applications that are used to manage the core business functions of organizations. SQLi enables an unauthorized user to get access to sensitive information of the database, and subsequently, to the application’s administrative privileges. Therefore, the detection of SQLi is crucial for businesses to prevent financial losses. There are different rules and learning-based solutions to help with detection, and pattern recognition through support vector machines (SVMs) and random forest (RF) have recently become popular in detecting SQLi. However, these classifiers ensure 97.33% accuracy with our dataset. In this paper, we propose a deep learning-based solution for detecting SQLi in web applications. The solution employs both correlation and chi-squared methods to rank the features from the dataset. Feed-forward network approach has been applied not only in feature selection but also in the detection process. Our solution provides 98.04% accuracy over 1,850+ recorded datasets, where it proves its superior efficiency among other existing machine learning solutions

Quantitative assessment on remote code execution vulnerability in web apps

With the exponential increasing use of online tools, applications that are being made for day to day purpose by small and large industries, the threat of exploitation is also increasing. Remote Code Execution (RCE) is one of the top most critical and serious web applications vulnerability of this era and one of the major concerns among cyber threats ,which can exploit web servers through their functionalities and using their scripts/files. RCE is an application layer vulnerability caused by careless coding practice which leads to a huge security breach that may bring unwanted resource loss or damages. Attacker may execute malicious code and take complete control of the targeted system with the privileges of an authentic user with this vulnerability. Attackers can attempt to advance their privileges after gaining access to the system. Remote Code Execution can lead to a full compromise of the vulnerable web application as well as the web server. This chapter highlights the concern and risk needed to put under consideration caused by RCE vulnerability of a system. Moreover, this study and its findings will help application developers and its stakeholders to understand the risk of data compromise and unauthorized access of the system. Around 1011 web applications were taken under consideration and experiment was done by following manual double blinded penetration testing strategy. The experiments shows that more than 12% web application were found vulnerable with RCE. This study also explicitly listed down the critical factors of Remote Code Execution vulnerability and improper input handling. The experimental results are promising to motivate developers to focus on security enhancement through proper and safe input handling

Important Factors to Remember when Constructing a Cross-site Scripting Prevention Mechanism

Web application has become an essential part of daily activities to provide easy accessibility that ensures better performance. It is a platform where sensitive information such as username, password, credit card details, operating system and software version etc. is stored that attracts intruders to generate most of their attacks. Intruders can steal valuable data by compromising web application security flaws; Cross Site Scripting (XSS) vulnerability is one of these. Several studies have been conducted in order to prevent the XSS vulnerability. In this research, we searched Scopus Indexed articles published in the last 11 years (between 2008 and 2020) using two keywords (“XSS Attack Prevention” and “XSS Prevention”). The purpose of this study was to conduct a literature review on XSS prevention techniques e.g. strengths and weaknesses, including structural issues and real-time deployment location in order to extract valuable information. This review identified 14 articles among the 25 selected articles that provided various suitable prevention techniques for XSS attacks. Seven articles are based on tools that have been implemented and take into account design, coding, testing, and integrating validation processes, six articles are about server site solutions, and one is about automatic mitigation solutions. As a result, this research will be invaluable in guiding the advancement of XSS prevention techniques

A voting approach to identify a small number of highly predictive genes using multiple classifiers

<p>Abstract</p> <p>Background</p> <p>Microarray gene expression profiling has provided extensive datasets that can describe characteristics of cancer patients. An important challenge for this type of data is the discovery of gene sets which can be used as the basis of developing a clinical predictor for cancer. It is desirable that such gene sets be compact, give accurate predictions across many classifiers, be biologically relevant and have good biological process coverage.</p> <p>Results</p> <p>By using a new type of multiple classifier voting approach, we have identified gene sets that can predict breast cancer prognosis accurately, for a range of classification algorithms. Unlike a wrapper approach, our method is not specialised towards a single classification technique. Experimental analysis demonstrates higher prediction accuracies for our sets of genes compared to previous work in the area. Moreover, our sets of genes are generally more compact than those previously proposed. Taking a biological viewpoint, from the literature, most of the genes in our sets are known to be strongly related to cancer.</p> <p>Conclusion</p> <p>We show that it is possible to obtain superior classification accuracy with our approach and obtain a compact gene set that is also biologically relevant and has good coverage of different biological processes.</p

Patients&rsquo; Intention to Adopt Fintech Services: A Study on Bangladesh Healthcare Sector

Advancement in technology has facilitated the shift toward new financial services. Numerous industries have undergone a digital transformation because of the expansion of cashless payment systems and other cutting-edge technologies. This study aimed to identify the factors that stimulate the patient&rsquo;s intention to adopt fintech services in the Bangladesh healthcare sector. To facilitate the study, data were collected through survey questionnaires from different hospitals and diagnostic centers patients. A total of 279 patients responded to the survey. The study employed structural equation modelling to analyze the data using SMART PLS 3.2.9. The results revealed that a significant relationship exists between perceived ease of use, social influence, facilitating conditions, personal innovativeness, and perceived trust in fintech services, and the adoption intention of the patients. The results of the study are beneficial to the healthcare sector and fintech companies who wish to make necessary arrangements to advance the growth of cashless fintech-based transactions

A distanced machinery controlling and monitoring guardian

This conference paper was presented in the 12th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2015; Zhangjiajie; China; 15 August 2015 through 17 August 2015 [© 2015 IEEE] The conference paper's definite version is available at: http://dx.doi.org/10.1109/FSKD.2015.7382310Every machine has a safe range of operation which includes heat emission, produced sound and vibration which an expert technician can troubleshoot most of the problems just by observing the behavior (sound, vibration, smoke, heat emission etc.) of a machine. But the complex machine operation has a hazardous environment which eventually may cause permanent health damage. Depending upon the machine's purpose burns, electric shocks and limb amputations are also possible. In case of a machine has not been maintained properly, it may malfunction and cause injury to either the operator or other personnel on the ground or in the vicinity. To reduce these problems we are developing a special type of monitoring system which will allow us to supervise the condition of machine in real time from a safe distance thoroughly with a full control over it.Publishe

A HMM-based adaptive fuzzy inference system for stock market forecasting

In this paper, we propose a new type of adaptive fuzzy inference system with a view to achieve improved performance for forecasting nonlinear time series data by dynamically adapting the fuzzy rules with arrival of new data. The structure of the fuzzy model utilized in the proposed system is developed based on the log-likelihood value of each data vector generated by a trained Hidden Markov Model. As part of its adaptation process, our system checks and computes the parameter values and generates new fuzzy rules as required, in response to new observations for obtaining better performance. In addition, it can also identify the most appropriate fuzzy rule in the system that covers the new data; and thus requires to adapt the parameters of the corresponding rule only, while keeping the rest of the model unchanged. This intelligent adaptive behavior enables our adaptive fuzzy inference system (FIS) to outperform standard FISs. We evaluate the performance of the proposed approach for forecasting stock price indices. The experimental results demonstrate that our approach can predict a number of stock indices, e.g., Dow Jones Industrial (DJI) index, NASDAQ index, Standard and Poor500 (S&P500) index and few other indices from UK (FTSE100), Germany (DAX) , Australia (AORD) and Japan (NIKKEI) stock markets, accurately compared with other existing computational and statistical methods

A comparative study on productive, reproductive and ovarian features of repeat breeder and normal cyclic cows in the selected areas of Bangladesh

Objective: The research was accomplished to appraise the productive and reproductive physiology of repeat breeder (RB) cows and compare to normal cyclic (NC) cows. Methodology: A total of 366 RB cows were surveyed from 1859 crossbred and indigenous cows using a questionnaire upon positive sampling of RB syndrome in dairy farms throughout the selected areas of Bangladesh. Out of 366 RB cows, 170 were randomly selected, which were at day 0 of estrous cycle. To compare the physiological characteristics, 170 NC cows at day 0 of estrous cycle were also selected randomly. Results: Results showed that age, BCS, and parity were higher in RB cows than NC cows. Survey on productive characteristics illustrated that milk production (P [J Adv Vet Anim Res 2018; 5(3.000): 324-331