SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

An enterprise’s data can be one of its most important assets and often critical to the firm’s development and survival. SQL injection attack is ranked first in the top ten risks to network applications by the Open Web Application Security Project (OWASP). Its harmfulness, universality, and severe situation are self-evident. This paper presents a method of SQL injection detection based on Elastic-Pooling CNN (EP-CNN) and compares it with traditional detection methods. This method can output a fixed two-dimensional matrix without truncating data and effectively detects the SQL injection of web applications. Based on the irregular matching characteristics, it can identify new attacks and is harder to bypass.

[1]  Vilas M. Thakare,et al.  Detection of SQL injection attacks by removing the parameter values of SQL query , 2018, 2018 2nd International Conference on Inventive Systems and Control (ICISC).

[2]  Lei Liu,et al.  Application of Hidden Markov Model in SQL Injection Detection , 2017, 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC).

[3]  Suresh Kumar,et al.  SQL injection: Types, methodology, attack queries and prevention , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[4]  Nalini A. Mhetre,et al.  A novel approach for detection of SQL injection and cross site scripting attacks , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[5]  Saad M. Darwish,et al.  Machine learning approach to detect intruders in database based on hexplet data structure , 2016 .

[6]  Bing Zhou,et al.  Enhanced Approach to Detection of SQL Injection Attack , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[7]  Joan Santoso,et al.  Large Scale Text Classification Using Map Reduce and Naive Bayes Algorithm for Domain Specified Ontology Building , 2015, 2015 7th International Conference on Intelligent Human-Machine Systems and Cybernetics.

[8]  Zeli Xiao,et al.  An approach for SQL injection detection based on behavior and response analysis , 2017, 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN).

[9]  Ye Zhang,et al.  A Sensitivity Analysis of (and Practitioners’ Guide to) Convolutional Neural Networks for Sentence Classification , 2015, IJCNLP.

[10]  Pino Caballero-Gil,et al.  Collaborative SQL-injections detection system with machine learning , 2017, IML.

[11]  P. Niranjan,et al.  SQL Injection Attack prevention based on decision tree classification , 2015, 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO).

[12]  Mohammad Alshraideh,et al.  Detecting and Preventing SQL Injection Attacks: A Formal Approach , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[13]  Chitsutha Soomlek,et al.  Machine Learning for SQL injection prevention on server-side scripting , 2016, 2016 International Computer Science and Engineering Conference (ICSEC).

[14]  Qi Shi,et al.  SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel , 2018, J. Inf. Secur. Appl..

[15]  Debabrata Kar,et al.  SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM , 2016, Comput. Secur..

[16]  Jian Sun,et al.  Spatial Pyramid Pooling in Deep Convolutional Networks for Visual Recognition , 2014, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[17]  Asifullah Khan,et al.  A survey of the recent architectures of deep convolutional neural networks , 2019, Artificial Intelligence Review.

[18]  Kouichi Sakurai,et al.  SQL Injection Attack Detection Method Using Expectation Criterion , 2016, 2016 Fourth International Symposium on Computing and Networking (CANDAR).

[19]  William J. Buchanan,et al.  Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[20]  Chen Ping A second-order SQL injection detection method , 2017, 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC).

[21]  Ahmad Ghafarian A hybrid method for detection and prevention of SQL injection attacks , 2017, 2017 Computing Conference.