Detection of SQL injection based on artificial neural network

Abstract The SQL injection, a common web attack, has been a challenging network security issue which causes annually millions of dollars of financial loss worldwide as well as a large amount of users’ privacy data leakage. This work presents a high accuracy SQL injection detection method based on neural network. We first acquire authentic user URL access log data from the Internet Service Provider(ISP), ensuring that our approach is real, effective and practical. We then conduct statistical research on normal data and SQL injection data. Based on the statistical results, we design eight types of features and train an MLP model. The accuracy of the model maintains over 99%. Meanwhile, we compare and evaluate the training effect of other machine learning algorithms(LSTM, for example), the results reveal that the accuracy of our method is superior to the relevant machine learning algorithms.

[1]  Romil Rawat,et al.  SQL injection attack Detection using SVM , 2012 .

[2]  Pineda,et al.  Generalization of back-propagation to recurrent neural networks. , 1987, Physical review letters.

[3]  Yao Wang,et al.  A deep learning approach for detecting malicious JavaScript code , 2016, Secur. Commun. Networks.

[4]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[5]  David Morgan SQL Injection: Web application security - SQL injection attacks , 2006 .

[6]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[7]  Wes Masri,et al.  SQLPIL: SQL injection prevention by input labeling , 2015, Secur. Commun. Networks.

[8]  Zheng Huang,et al.  SQL Injection Behavior Mining Based Deep Learning , 2018, ADMA.

[9]  Mohsen Imani,et al.  Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning , 2018, CCS.

[10]  Shiuh-Pyng Shieh,et al.  Web Application Security: Threats, Countermeasures, and Pitfalls , 2017, Computer.

[11]  Shymalagowri Selvaganapathy,et al.  Deep belief network based detection and categorization of malicious URLs , 2018, Inf. Secur. J. A Glob. Perspect..

[12]  Ian Dennis Longstaff,et al.  A pattern recognition approach to understanding the multi-layer perception , 1987, Pattern Recognit. Lett..

[13]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[14]  Pavol Zavarsky,et al.  Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[15]  Justin Clarke Platform-Level Defenses , 2009 .

[16]  Justin Clarke,et al.  SQL Injection Attacks and Defense , 2009 .