Article Per Year (5 Year)
p-Index From 2021 - 2026
0.408
P-Index
This Author published in this journals
All Journal Bulletin of Electrical Engineering and Informatics
Alkhazaleh, Mohammad
Unknown Affiliation
Electrical & Electronics Engineering

Published : 2 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 2 Documents
Search

 1 
Evaluating the effectiveness of Havij for structured query language injection exploitation in web applications Baklizi, Mahmoud; Alkhazaleh, Mohammad; Alzghoul, Musab Bassam Yousef; Maaita, Adi; Zraqou, Jamal; AlShaikh-Hasan, Mohammad
Bulletin of Electrical Engineering and Informatics Vol 14, No 6: December 2025
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/eei.v14i6.10751

Abstract

Structured query language injection (SQLi) is still one of the most critical risks to web application security, as it allows attackers to interfere with sensitive data and even a complete database infrastructure. Although many automated tools are available, previous studies usually achieve only descriptive briefs, which do not offer empirical assessments that measure the performance and the usability. This research fills this void by a systematic five-stage experimental analysis of the Havij automated SQLi tool under a controlled and ethical test setup. Confirmation of vulnerability, automated exploitation, data extraction and benchmarking of performance were performed as the methodology, and the results were compared against the industry standard SQLmap tool. It was found that in less than a minute Havij was able to locate the target database, scan its structure, and steal authentication credentials, which is quite efficient and user-friendly. In contrast to the literature, our work presents not only quantitative measures (time-to-exploit, request volume, and success rate) but also a qualitative evaluation (user accessibility and limitations), which gives a comprehensive evaluation. The results highlight trade-offs between the depth and accessibility, the continued dangers of SQLi in practice, and provide recommendations that developers and security experts can implement.
A powerful machine learning method for detecting phishing threats Baklizi, Mahmoud; Zraqou, Jamal; Alkhazaleh, Mohammad; Atoum, Issa; Alzyoud, Faisal; B. Alzghoul, Musab
Bulletin of Electrical Engineering and Informatics Vol 14, No 6: December 2025
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/eei.v14i6.9579

Abstract

Phishing threats exploit social engineering and deceptive web infrastructure to steal sensitive personal information, often by mimicking legitimate websites. With the proliferation of online services and the increasing prevalence of cybercrime, detecting phishing websites has become a critical challenge. This study presents a comprehensive machine learning (ML)-based approach for detecting phishing websites. A total of 48 discriminative features were extracted from 10,000 web pages—comprising 5,000 phishing and 5,000 legitimate sites. Nine ML classifiers were initially evaluated, including random forest (RF), support vector machine (SVM), and XGBoost. Ensemble models based on soft voting and stacking were then constructed to improve detection performance. Among the models, the soft voting classifier (VC) achieved the best performance with an accuracy and F1-score of 98.82%. The results indicate that ensemble learning offers a robust solution for the automated detection of phishing websites.
Co-Authors AlShaikh-Hasan, Mohammad Alzghoul, Musab Bassam Yousef Alzyoud, Faisal Atoum, Issa B. Alzghoul, Musab Baklizi, Mahmoud Maaita, Adi Zraqou, Jamal