SQL injection attacks toward web application increasingly prevalent. Testing to the web that will published is the one of preventive measures. However, this method sometimes ineffective because constrained by various things. Instrusion detection system (IDS) is able to help protect the website from various attacks. This study proposed an IDS for web applications from SQL injection-based attacks. The IDS is based on hybrid architecture with a signature-based detection method, type of data to analyzed is network packet and error log. The fuzzy logic inference engine used to be drawn the conclusion based on analyzed data.Proposed hybrid IDS has good result on detecting the various type of SQL injection attack and significantly reduce or even remove the false positive and false negative.Keywords: hybrid intrusion detection sistem, signature-based IDS, sql injection, fuzzy logic.
Copyrights © 2017