Prevention SQL Injection Attack to website

using Web Application Firewall

Abstract

With the increasing development of information technology in recent years which has been quite rapid,
it has made activities and work easier, such as accessing news and information. one of the media that is
often used to find various information at this time is to search through the website. A website or site can
be interpreted as a collection of pages that display information on text data, still image data or moving
image data, animation data, sound, video and a combination of all of them, both static and dynamic,
which form a series of interrelated buildings where each connected to the network pages. Website is an
application that is stored on a Web Server, and executed by a web server. The Web Server function
receives requests in the form of web pages via HTTP or HTTPS from users known as web browsers and
sends back (response) the results in the form of web pages which are generally in the form of HTML
documents.
Along with the development of website technology, it also develops and becomes popular among the
general public, the many websites that exist today make it often the target of various types of web
attacks by users who have malicious intent. because the website stores important website user data,
such as personal data which can be fatal if misused. There are many types of attacks aimed at websites
or commonly known as Cyber Attacks, some of which are data theft, defacing, malware attacks, cyber
terrorism, illegal content, etc. of the many attacks mentioned earlier, the most detrimental attacks are
attacks that aim to steal data or data theft.
Of the many data theft methods used by attackers to penetrate security systems on websites, one of
the most popular is SQL Injection attacks. Even according to Akamai on www.cbronline.com in 2017 SQL
injection attacks are the most common cyber-attacks, reaching almost 44% of cases. According to
references from the book written by J. Clarke on in 2012 with the title "SQL Injection Attacks and
Defense", SQL injection attacks is a type of injection attack into a web application, which the attacker
can execute dangerous SQL statement. Meanwhile, according to open web application security (OWASP)
SQL injection is a technique that is often used by attackers to break into an illegal website. SQL injection
is used by attackers to send commands SQL commands via URL which will be executed by the web
server. From this information injection is included in the 10 most critical web security risks. As for real
examples of cases SQL injection attacks that occurred recently, as reported by the site
www.liputan6.com that there has been a case of hacking by a number of hackers from Surabaya
managed to break into hundreds of overseas web sites in 44 countries by using techniques SQL injection.
Additionally, according to a report from Imperva in 2018, the vulnerability the highest attack on the
website is dominated by SQL injection attacks, namely 19% or as many as 3,294 cases of the total
number of attacks that occurred SQL injection attacks have increased quite rapidly compared to the
previous year only 896 cases were recorded. From the various information above, it is known that SQL
injection attacks are still a problem that cannot be resolved optimally, so, it still requires special handling
of this problem.
Keywords— Web Application Firewall, Security, Website, Cyber-Attack, SQL Injection
 Introduction

The development of the times and the sophistication of technology allow the younger
generation to provide something that can support the world to be more advanced, either by
developing existing innovations or creating new innovations that are beneficial to all those in
need. This is of course equipped with curiosity and willingness to learn in each of them so that it
will minimize the occurrence of errors in decision making. The development of information
technology has led to the presence of a new habit in life known as e-life where everything that
humans need has been influenced electronically (JM Budiman, C. Yantson, et al, 2020). The
rapid technological revolution has brought many new opportunities to the doorstep of innovators
and entrepreneurs (RR Chowdhury, 2022).

Artificial intelligence (AI), which is manifested by machines that exhibit aspects of human
intelligence, is increasingly being used in services and is currently a major source of innovation.
For example, robots for homes, healthcare, hotels, and restaurants have automated many parts of
our lives, virtual bots are turning customer service into self-service, AI and Bigdata applications
are being used to replace portfolio managers, and social robots like Pepper are being used to
replace human greeters for greetings. customers in customer-facing services (J. Shaw, F.
Rudzicz, et al, 2019). Automatic identification system (AIS) is a ship's radio navigation
equipment that has been determined by the international maritime organization (IMO) (LMO
Widyantara, LP Hartawan, et al, 2022).

Artificial Intelligence or AI is a technology that is currently popular. Various industrial sectors

have taken advantage of this technology, including health, finance, and others. Not only that,
Artificial Intelligence has also been widely applied in everyday life. Artificial Intelligence helps
a lot in communicating, finding locations. Artificial Intelligence or artificial intelligence is a
computer system capable of performing tasks that normally require human intelligence. This
technology can make decisions by analyzing and using the data available in the system.
Processes that occur in Artificial Intelligence include learning, reasoning, and self-correction.
This process is similar to humans doing analysis before making a decision. According to John
McCarthy, 1956, Artificial Intelligence is to know and model human thought processes and
design machines to imitate human behavior. Smart, means having knowledge and experience,
reasoning (how to make decisions and take action), good morals (M Sobron and Lubis, 2021).

An artificial neural network or often also called an Artificial Neural Network which is one of the
fields of Science in Artificial Intelligence is able to detect a problem and an expert system is able
to analyze a problem with the existing knowledge in the system. Human limitations in terms of
the ability to detect something with a high number of objects greatly affect the condition of the
human body's endurance, so that the expected detection accuracy results are far below the
expected standard (HH, 2013).

In general, an expert system (expert system) is a system that seeks to adopt human knowledge to
computers, so that computers can solve problems as is usually done by experts. A well-designed
expert system is able to solve a particular problem by imitating the work of experts. With this
expert system, even ordinary people can solve quite complex problems that can only be solved
with the help of experts. For experts, this expert system will also assist their activities as
experienced assistants who are very helpful.

In current conditions, this technology is the right target for those who need health service
assistance so that they can still communicate without having to meet face-to-face with a doctor.
The application of AI to this technology will affect the mental health condition of the patients
who will be consulted. If the AI display is attractive, of course it will eliminate fear and boredom
and has the potential to speed up the patient's healing process. With the application of interesting
AI, it will certainly provide positive feedback so that this is a distinct advantage for customer
engagement in the development of this technology. Artificial Intelligence used in the medical
world is guaranteed to provide a combined overview, panoramic view of individual medical data
(A. Jaya, et al, 2022), for important decision making to avoid errors such as misdiagnoses and
unnecessary procedures, to assist in ordering and interpreting tests. appropriate treatment, and to
recommend appropriate treatment.

In this study, we will discuss about one of the implementations of AI science and how expert
systems work on AI to provide accuracy in predicting disease in patients and the influence of AI
in the health sector.

Problem

Based on the above background, due to current technological developments, there is the
application of AI science in the accuracy of patient disease diagnosis. In health science, this
accuracy is needed because if it is only a diagnosis that is in doubt, its accuracy will be doubtful
and have a bad impact on patients if they feel that the diagnosis given cannot be confirmed. In
general, this proposal focuses on:

How are the services provided by AI?

How to use AI to reshape the provision of services and the job skills needed?
 Literature Review

A. Diseases in Health

Some understanding of the disease according to experts:

According to Kathleen Meehan Arias: disease is pain that usually has at least two of these
characteristics: a known etiologic agent, an identifiable group of signs and symptoms, or
consistent anatomical changes (W. Dwi Septiningsih and M. a. Sodik, 2021) .

According to DR. Eko Dudiarto: Disease is the failure of an organism's adaptation

mechanism to react appropriately to stimuli or pressures so as to cause disturbances in the
function or structure of an organ or body system.

According to Thomas Timmreck: Pain is a condition where there is a disturbance in the

form and function of the body so that it is in an abnormal state.

According to Azizah Haji Baharuddin: disease is a condition caused by the breakdown of

the balance of body functions and body parts.

B. Artificial intelligence

Artificial Intelligence or artificial intelligence is a computer system capable of

performing tasks that normally require human intelligence. This technology can make decisions
by analyzing and using the data available in the system (SS Shekhar, 2019). Processes that occur
in Artificial Intelligence include learning, reasoning, and self-correction (SM Mohammad, 2020).
This process is similar to humans doing analysis before making a decision. According to John
McCarthy, 1956, Artificial Intelligence is to know and model human thought processes and
design machines to imitate human behavior. Smart, means having knowledge plus experience,
reasoning (how to make decisions and take action), good morals (D. Anggraini, 2020).

Likewise, for machines to be intelligent (act like and as good as humans) they must be
equipped with knowledge, so they have the ability to reason. To create an artificial intelligence
application there are 2 main parts that are needed:

The knowledge base is the facts, theories, thoughts and relationships between one another.

Motor inference (inference engine), the ability to draw conclusions based on knowledge and
experience.

The advantages of Artificial Intelligence are:

 a. More permanent

Natural intelligence can change because of human nature that forgets. Artificial
intelligence does not change as long as computer systems and programs do not change it.

b. Easier to duplicate and spread

Transferring human knowledge from one person to another is a very long process
and expertise is never fully duplicated. So if knowledge resides in a computer system,
knowledge can be copied from that computer and can be transferred easily to other
computers.

c. Cheaper

Providing computer services is easier and cheaper than getting someone to do a

number of jobs over a very long period of time. Consistent because artificial intelligence
is part of computer technology while natural intelligence is constantly changing.

d. Can be documented

Decisions made by computers can be easily documented by tracking every

activity of the system. Natural intelligence is very difficult to reproduce.

e. How to work faster.

f. Better results.

Diagnosis

Diagnosis is the process of understanding how the organization is functioning today and
providing the information needed to design change interventions. This diagnostic activity is
usually carried out after the entry and contracting process is carried out by the organization to
plan changes, where in both processes the organization has determined steps to follow up on the
results of a successful diagnosis. This process helps the organization's development practitioners
and client members (who use change consultants) jointly determine the focus of the
organization's problems, how to collect and analyze data to understand the organization's
position, and how to work together in developing action steps from diagnosis. Diagnosis in
organizational development, however much collaboration, as implies medical excellence (HH,
2013).
 Methodology

In discussing research methodology, it is specific and identifies the studies that are most critical
but with a large amount of irrelevant information. these are sensitive search phrases that are
selected after the first search. In this section, the term artificial intelligence was originally used
during the search period of this article. It covers the issue of telemedicine in a comprehensive
and rigorous review of evidence-based reasoning. As this is a rapidly growing field, new articles
are considered more relevant. In the previous five years, more than half of them were published.
The research methodology in this paper is an analysis of several related references regarding a
universal health care system that utilizes artificial intelligence

Timetable

week 1 Writing a proposal

week 2 Describe the research to be carried out
week 3 Conduct qualitative research methods
week 4 Study
week 5 Analyze data sources
week 5 Adjust the data that can be used and not
week 6 Compilation of data and research results
Sunday 7-8 Presentation
week 9 Final exam
 Reference

JM Budiman, C. Yantson, N. Chris, N. Donglas, and E. Sun, “The Concept of Technology

Development in Health Assistants by Creating Holo Buddy for the Community,” J. Inf.
syst. Technol., vol. 1, no. 2, pp. 176–185, 2020.
RR Chowdhury, “Device Identification using Digital Footprints,” vol. 12, no. 1, pp. 232–240,
2023, doi:10.11591/ijai.v12.i1.pp232-240.
J. Shaw, F. Rudzicz, T. Jamieson, and A. Goldfarb, “Artificial Intelligence and the
Implementation Challenge,” J. Med. Internet Res., vol. 21, no. 7, 2019, doi:10.2196/13659.
IMO Widyantara, IPN Hartawan, A. Agung, I. Ngurah, and E. Karyawati, “Automatic
identification system-based trajectory clustering framework to identify vessel movement
pattern,” vol. 12, no. 1, pp. 1–11, 2023, doi:10.11591/ijai.v12.i1.pp1-11.
M. Sobron and Lubis, "Implementation of Artificial Intelligence in Integrated Manufacturing
Systems," Semin. Nas. Tech. UISU, vol. 4, no. 1, pp. 1–7, 2021, [Online]. Available:
https://jurnal.uisu.ac.id/index.php/semnastek/article/view/4134.
HH H, “Comparative Neural Network Methods in Medical Applications,” vol. 2, pp. 9–13, 2013.
A. Jaya et al., “Fuzzy C-means clustering on rainfall flow optimization technique for medical
data,” vol. 12, no. 1, pp. 180–188, 2023, doi:10.11591/ijai.v12.i1.pp180-188.
W. dwi Septiningsih and MA Sodik, “Control and Prevention of Infectious Diseases in the
Community,” pp. 1–10, 2021, [Online]. Available: http://dx.doi.org/10.31219/osf.io/9sezj.
SS Shekhar, “Artificial Intelligence in Automation,” Arti. Intell., vol. 3085, no. 06, pp. 14–17,
2019.
SM Mohammad, “AI automation and application in diverse sectors,” Int. J. Comput. Trends
Technol., vol. 68, no. 1, pp. 75–81, 2020, [Online]. Available: http://www.ijcttjournal.org.
D. Anggraini, “Artificial Intelligence (Ai) and the Value of Co-Creation in B2B (Business-To-
Business) Sales,” J. Sist. Information, Technol. Information, and Education System. Inf.,
vol. 1, no. 2, pp. 63–69, 2020, doi:10.25126/justsi.v1i2.7.
S. Subudhiray, HK Palo, and N. Das, “K-nearest neighbor based facial emotion recognition using
effective features,” vol. 12, no. 1, pp. 57–65, 2023, doi:10.11591/ijai.v23.i1.pp57-65.
J. Kupparu, “A deep learning based stereo matching model for autonomous vehicles,” vol. 12,
no. 1, pp. 87–95, 2023, doi:10.11591/ijai.v12.i1.pp87-95.
M. Rahman, R. Abbas, A. Alharazi, M. Khairul, and Z. Badri, “Intelligent system for Islamic
prayer ( salat ) posture monitoring,” vol. 12, no. 1, pp. 220–231, 2023,
doi:10.11591/ijai.v12.i1.pp220-231.