Collaborative Detection of SQL Injection Attacks using SIEM, Wazuh Agents, and Next Generation Firewall

Sake, Jagadish Babu

Collaborative Detection of SQL Injection Attacks using SIEM, Wazuh Agents, and Next Generation Firewall

Tools

Sake, Jagadish Babu (2025) Collaborative Detection of SQL Injection Attacks using SIEM, Wazuh Agents, and Next Generation Firewall. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (1MB) \| Preview
Preview	PDF (Configuration Manual) Download (2MB) \| Preview

Abstract

In 2021 OWASP Top Ten report, SQL injection (SQLi) is identified as the third most common threat and these techniques used by hacker to exploit a security vulnerability in web application effecting both public and private sector. This study addresses the limitations of conventional web application firewalls (WAFs) in identifying and blocking SQLi attacks and presents an improved approach through the integration of SIEM with Wazuh agent and next-generation firewall technology combining OPNsense and Zenarmor. By deploying a hierarchical network that includes web servers, each protected by Zenarmor (NGFW) and centrally monitored by a Wazuh SIEM instance to determine whether using deep packet inspection (DPI) with Zenarmor and real-time correlation with Wazuh improves detection and response rates for SQLi techniques. The experiment involves executing three different types of SQL injection Time-Based, Error-Based, and Union-Based using SQLMap. This methodology aligns with the NIST Cybersecurity Framework (SP 800-53), which emphasizes continuous monitoring and threat response. The tests show that the system issues HTTP error codes 403 and 404 in response to malicious requests, which serves as strong evidence of successful blocking. This work pushes beyond application-layer WAFs in previous studies (like ModSecurity and NAXSI) towards network-layer firewalls that facilitate DPI at Layer 7 and provide deeper insight into attack vectors. The results from the experiment are positive under controlled network setup.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Sahni, Vikas UNSPECIFIED
Uncontrolled Keywords:	SQL Injection; Wazuh; Zenarmor; OPNsense; SQLmap
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cyber Security
Depositing User:	Ciara O'Brien
Date Deposited:	16 Jun 2026 14:36
Last Modified:	16 Jun 2026 14:36
URI:	https://norma.ncirl.ie/id/eprint/9373

Actions (login required)

View Item