A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, truepositive rate as well as false-positive rate. Keywords— Intrusion Detection, SQL injection attacks, machine learning, Artificial Intelligence, Neural Networks, Web Attacks, Databases

[1]  Naghmeh Moradpoor Sheykhkanloo SQL-IDS: evaluation of SQLi attack detection and classification based on machine learning techniques , 2015, SIN.

[2]  Ram Srivatsa Kannan,et al.  Random4: An Application Specific Randomized Encryption Algorithm to Prevent SQL Injection , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[3]  R.A. McClure,et al.  SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[4]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[5]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[6]  Naghmeh Moradpoor Sheykhkanloo Employing Neural Networks for the Detection of SQL Injection Attack , 2014, SIN.

[7]  Lambert Ntagwabira,et al.  Use of Query tokenization to detect and prevent SQL injection attacks , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[8]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[9]  Zhendong Su,et al.  The essence of command injection attacks in web applications , 2006, POPL '06.

[10]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[11]  Naghmeh Moradpoor Sheykhkanloo A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks , 2015 .

[12]  Premkumar T. Devanbu,et al.  JDBC checker: a static analysis tool for SQL/JDBC applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[13]  Shih-Jen Chen,et al.  TransSQL: A Translation and Validation-Based Solution for SQL-injection Attacks , 2011, 2011 First International Conference on Robot, Vision and Signal Processing.

[14]  S. Swamynathan,et al.  SBSQLID: Securing Web Applications with Service Based SQL Injection Detection , 2009, 2009 International Conference on Advances in Computing, Control, and Telecommunication Technologies.

[15]  Romil Rawat,et al.  SQL injection attack Detection using SVM , 2012 .