SECURE ACCESS TO INFORMATION SYSTEM SERVERS, ENABLED BY AN ML MODEL FOR BLOCKING MALICIOUS REQUESTS
DOI:
https://doi.org/10.31891/2307-5732-2024-341-5-48Keywords:
KNN, SQL Injection, SCADA systems, data protection, cyberattacks, classificationAbstract
The article presents a detailed exploration of using the k-Nearest Neighbors (KNN) algorithm to classify and identify various types of cyberattacks, particularly SQL Injection (SQLi) attacks, within SCADA (Supervisory Control and Data Acquisition) systems.
This work addresses the need to enhance server infrastructure security in SCADA systems by mitigating the risks posed by harmful requests, such as SQL injections. SCADA systems are crucial in managing industrial processes, making their servers prime cyberattack targets. Attackers often exploit vulnerabilities in server applications by injecting malicious requests through input fields or URLs, potentially gaining access to sensitive data or disrupting system operations. To address this issue, the study proposes a machine learning-based approach using the k-nearest neighbors (KNN) algorithm to detect and block harmful SQL requests. The KNN algorithm is employed to classify and identify different types of cyberattacks by comparing new attack attempts with previously observed attack patterns. By analyzing specific attributes related to each attack, the KNN method evaluates the level of threat based on proximity metrics. The proposed approach helps classify SQL injection attempts, which involve manipulating SQL code to bypass authentication or extract unauthorized data. The study demonstrates how KNN can effectively distinguish harmful SQL requests from benign ones by calculating the Euclidean distance between the new attack and historical cases.
Furthermore, the article emphasizes the importance of implementing rapid and accurate detection methods for protecting server infrastructure in industrial environments. The KNN algorithm, in this context, offers a flexible and efficient solution as it adapts to various attack scenarios, improving the overall resilience of SCADA systems to cyber threats. The study’s findings contribute to the ongoing efforts in cybersecurity, focusing on integrating machine learning models to strengthen the protection of critical assets in industrial control systems.
This work aims to develop protection tools for server-based industrial control systems used in SCADA systems against dangerous requests based on SQL injections, using an ML-trained model for blocking harmful requests through the k-nearest neighbors method.
