International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

SecuProbe: Intelligent Detection of Cross-Site Scripting, SQL Injection, & No SQL Attacks with Real-Time Alert

Abstract

SecuProbe is an advanced Web Application Firewall (WAF) designed to protect web applications from common and critical cyberattacks, including SQL Injection (SQLI), NoSQL Injection, and Cross-Site Scripting (XSS). This paper discusses the design and implementation of SecuProbe, focusing on its real-time detection capabilities and advanced security features. The system uses a hybrid detection approach, combining signature-based and anomaly detection techniques. Signature-based detection matches incoming requests against known attack patterns, while anomaly detection identifies suspicious behaviors that deviate from normal traffic. This dual-layered detection method improves accuracy and allows the identification of both known and emerging threats. SecuProbe integrates automated attack categorization, enabling the system to classify detected threats into specific categories for better analysis and response. It also features an email alerting mechanism that notifies administrators of potential security breaches, ensuring prompt action against identified vulnerabilities. It is capable of handling high volumes of concurrent requests while maintaining low latency and high throughput, ensuring minimal impact on web application performance. This makes it suitable for both small-scale applications and large, complex infrastructures. The system has been extensively tested and evaluated to ensure accuracy, reliability, and efficiency. 

Country : India

1 Y. Shyam Prasad2 B. Simhadri3 A. Karthikram

  1. UG Scholar, Department of C.S.E. (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle-517325, A.P., India
  2. UG Scholar, Department of C.S.E. (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle-517325, A.P., India
  3. Asst. Professor, Department of C.S.E. (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle-517325, A.P., India

IRJIET, Volume 9, Special Issue of INSPIRE’25 April 2025 pp. 238-244

doi.org/10.47001/IRJIET/2025.INSPIRE38

Full Paper
Download

References

  1. Mohammad Alsaffar, BadieaAbdulkarem Mohammed Al-Shaibani, Zeyad Ghaleb Al- Mekhlafi, et al. "Detection of Web Cross-Site Scripting (XSS) Attacks." Electronics, Volume 11, XSS Vulnerability in Web Applications." International Journal of Engineering and Applied Sciences (IJEAS), Volume 2, Issue 3, March 2015.
  2. Mohammed Nasereddin, Ashaar AL Khamaiseh, Malik Qasaimeh, Raad Al-Qassas. "A Systematic Review of Detection and Prevention Techniques of SQL Injection Attacks." Information Security Journal: A Global Perspective, October 2021.
  3. Sayed Mahbobi, Amjad Khan, Mattiullah Nadiry, Ahmad Shekib Ghawsi. "Detection & Prevention of SQL Injection & Cross-Site Scripting Attacks Using SPWEPTLU Technique." International Journal of Scientific & Engineering Research (IJSER), Volume 12, Issue 1, January 2021.
  4. Sayed Yousuf Mahbobi, Amjad Khan, Mattiullah Nadiry, Ahmad Shekib Ghawsi. "Detection & Prevention of SQL Injection & Cross-Site Scripting Attacks Using SPWEPTLU Technique." International Journal of Scientific & Engineering Research (IJSER), Volume 12, Issue 1, January 2021.
  5. Ujjwal Gupta, Sarthak Raina, Prabhat Verma, Priyanshu Singh, Madhup Aggarwal. "Web Penetration Testing." International Journal for Research in Applied  Science& Engineering, January 2022.
  6. Michael Martin, Monica S. Lam. "Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking." 17th USENIX Security Symposium, 2008.
  7. Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Nazmus Sakib. "A Survey on Detection and Prevention of SQL and NoSQL Injection Attacks on Server-Side Applications." International Journal of Computer Applications (IJCA), Volume 183, No. 10, June 2021.
  8. Shivani Sukhanand, Priyanka Sharma. "A Review Paper on SQL Injection and Cross-Site Scripting Vulnerabilities." International Journal of Creative Research Thoughts (IJCRT), Volume 5, Issue 4, December 2017.
  9. Swayam Charania, Vidhi Vyas. "SQL Injection Attack: Detection and Prevention." International Research Journal of Engineering and Technology (IRJET), Volume 3, Issue 4, April 2016.
  10. Adit Bhosle. "Combination Attack: XSS + SQL Injection Attack Demonstration." International Research Journal of Engineering and Technology (IRJET), Volume 8, Issue 10, October 2021.
  11. Michael Martin, Monica S. Lam. "Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking." 17th USENIX Security Symposium, 2008.
  12. Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Nazmus Sakib. "A Survey on Detection and Prevention of SQL and NoSQL Injection Attacks on Server-side Applications." International Journal of Computer Applications (IJCA), Volume 183, No.10, June 2021.
  13. Sikdar, S., & Rimal, B. (2017). Web Application Security: Detection and Prevention of SQL Injection Attacks using Machine Learning. International Journal of Computer Applications.
  14. González, M., & Pinto, F. (2019). Preventing Cross-Site Scripting (XSS) Attacks using Web Application Firewalls. Journal of Computer Security.
  15. Mohan, A., & Pooja, V. (2020). Security Mechanisms for NoSQL Databases. International Journal of Computer Science and Technology.
  16. OWASP. (2021). OWASP Top 10 - 2021. OpenWeb Application Security Project (OWASP). Retrieved from OWASP Website.
  17. Halfond, W. G., Viegas, J., & Orso, A. (2006).A  Classification of  SQL Injection Attacks and Countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering.
  18. Kruegel, C., Vigna, G., & Robertson, W. (2005). A Multi-Model Approach to the Detection of Web-Based Attacks. Computer Security Applications Conference, 2005.
  19. Modi, C., Patel, D., et al. (2012). A Survey of Intrusion Detection Techniques in Cloud Computing. Journal of Network and Computer Applications.
  20. Sharma, A., Chen, B., et al. (2020). AI-Powered Detection of Web Application Attacks. IEEE Transactions on Information Forensics and Security.
  21. Stolfo, S. J., Wei, W., et al. (2010). Real-Time Anomaly Detection for Web Security. ACM Transactions on Information and System Security.
  22. Alinin, K., & Gamayunov, D. (2018). Analysis of NoSQL Injection Attacks and Countermeasures. Proceedings of the International Conference         on Cyber Security and Resilience.
  23. Zhang, Wei, et al. "XSS-Finder: A tool for finding cross-site scripting vulnerabilities in web applications." In Proceedings of the 19th ACM Conference on Computer and Communications Security, 2012.
  24. Halfond, William G. J., and Alessandro Orso. "A classification of SQL injection attacks and countermeasures." In Proceedings of the International Workshop on Software Engineering for Secure Systems, 2005.
  25. Gupta, Vikas, and Laxmi Ahuja. "Intrusion Detection System for SQL Injection using Machine Learning." In 2017 International Conference on Computing, Communication, and Automation, 2017.

Copyright @ 2026-2017 IRJIET. All Right Reserved.

Developed by Byzero Technologies