SQL Injection Detection Based on Neural Network

doi:doi: 10.3969/j.issn.1006-2475.2016.10.014

Abstract

Abstract: A novel approach to detect injection attacks was presented by identifying characteristics of injection attacks and using a neural network model to determine the likelihood that a given query is malicious. Based on the recognition of SQL character injection attack, the analysis model comes into being used to determine whether to inject SQL statements of model by using a large number of known data and the neural network algorithm. After that, based on the neural network model presented, the user input SQL statement can be directly analyzed and processed. This approach is implemented in a proxy that locates between a Web application and a database and prevents suspected malicious queries from being executed. This requires no modification of existing application code and is capable of identifying unknown attacks. Experimental results show that the model can effectively improve the accuracy and efficiency of the detection.

Key words: SQL injection, malicious query, Web application, neural network

CLC Number:

TP393.08

ZHANG Zhichao， WANG Dan， ZHAO Wenbing， FU Lihua. SQL Injection Detection Based on Neural Network[J]. Computer and Modernization, 2016, 0(10): 67-71.

References

［1］OWASP. OWASP Top102010［EB/OL］. http://wenku.baidu.com/view/353d22c75fbfc77da269b1d1.html, 2016-03-31.
［2］Su Zhendong, Wassermann G. The essence of command injection attacks in Web applications［C］// Proceedings of Conference of the 33rd ACM SIGPLANSIGACT Symposium on Principles of Programing Languages(POPL’06). 2006:372-382.
［3］Wassermann G, Su Zhendong. Sound and precise analysis of Web applications for injection vulnerabilities［C］// 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’07). 2007:32-41.
［4］Jiao Antunes, Nuno Neves, Migue Correia, et al. Vulnerability discovery with attack injection［J］. IEEE Transactions on Software Engineering, 2010,36(3):357-370.
［5］Halfond W G J, Viegas H J, Orso A. A classification of SQL injection attacks and countermeasures［C］// Proc. of International Symposium on Secure Software Engineering. IEEE Press, 2006.
［6］Buehrer G T, Weide B W, Sivilotti P A G. Using parse tree validation to prevent SQL injection attacks［C］// Proceedings of the 5th International Workshop on Software Engineering and Middleware(SEM’05). 2005:106-113.
［7］Angelo Ciampa, Corrado Aaron Visaggio, Massimiliano Di Penta. A heuristicbased approach for detecting SQLinjection vulnerabilities in Web applications［C］// Proceedings of the IEEE 2010 ICSE Workshop on Software Engineering for Secure Systems (ICSE’10). 2010:43-49.
［8］Ismail O, Etoh M, Kadobayashi Y, et al. A proposal and implementation of automatic detection/collection system for crosssite scripting vulnerability［C］// Proceedings of the International Conference on Advanced Information Networking and Applications(AINA’04). 2004:145-151.
［9］Daniel Bates, Adams Barths, Collin Jackson. Regular expression considered harmful in clientside XSS filter［C］// Proceedings of the 19th International World Wide Web Conference(WWW’10). 2010:91-100.
［10］Alkhalaf Muath, Choudhary Shauvik Roy, Fazziniy Mattia, et al. ViewPoints: Differential string analysis for discovering client and serverside input validation inconsistencies［C］// Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA’12). 2012:56-66.
［11］Criscione C, Zanero S. Masibty: An anomaly based intrusion prevention system for Web applications［C］// Black Hat Europe. 2009.
［12］Lam M S, Martin M, Livshits B, et al. Securing Web applications with static and dynamic information flow tracking［C］// Proceedings of the 2008 ACM SIGPLAN Symposium on Partial Evaluation and Semantics based Program Manipulation. 2008:3-12.
［13］Ezumalai R, Aghila G. Combinatorial approach for preventing SQL injection attacks［C］// Proceedings of the IEEE International Conference in Advance Computing. 2009:1212-1217.
［14］Simon Haykin. 神经网络与机器学习［M］. 北京:机械工业出版社, 2009.
［15］Brand R Skari. Bayesian Classiflcation for SQL Injection Detection［D］. University of Wyoming, 2011.

[1]	HE Sida, CHEN Pinghua. Intent-based Lightweight Self-Attention Network for Sequential Recommendation [J]. Computer and Modernization, 2024, 0(12): 1-9.
[2]	ZHANG Xiaodong1, BAI Guangzhi1, LI Min1, LI Haoyang2. Oil and Gas Well Production Prediction Model Based on Empirical Wavelet Transform [J]. Computer and Modernization, 2024, 0(12): 53-58.
[3]	LIU Baobao, YANG Jingjing, TAO Lu, WANG Heying . DSMSC Based on Attention Mechanism for Remote Sensing Image Scene Classification [J]. Computer and Modernization, 2024, 0(12): 72-77.
[4]	CHEN Liang, LI Cheng, YI Wei, XIONG Wei, WANG Xiaofan, TANG Haidong. Helmet Wearing Detection in Electric Power Field Based on#br# Millimeter-wave Radar and Visual Fusion [J]. Computer and Modernization, 2024, 0(12): 100-107.
[5]	MA Yu, YANG Yong, REN Ge, Palidan Tuerxun. Automated Essay Scoring Method Based on GCN and Fine Tuned BERT [J]. Computer and Modernization, 2024, 0(09): 33-37.
[6]	GAO Shuaipeng, WANG Yifan. Survey on Group-level Emotion Recognition in Images [J]. Computer and Modernization, 2024, 0(08): 98-107.
[7]	LAI Kun. Chinese Paper Invoice Text Recognition Method with Character Blurring [J]. Computer and Modernization, 2024, 0(08): 114-119.
[8]	ZHOU Xianxi, MU Li. News Long Text Classification Model Based on Improved TF-IDF and AGLCNN [J]. Computer and Modernization, 2024, 0(08): 120-126.
[9]	YANG Jiang1, SUN Xiaomei1, XU Tao2. Stock Price Prediction Based on Business Content to Construct Stock Association Relationships [J]. Computer and Modernization, 2024, 0(07): 21-25.
[10]	LIU Cunli1, LEI Zhanzhan2, ZHENG Ao2. Circular Convolutional Neural Network-based Defect Detection Method for#br# Drainage Pipe Networks [J]. Computer and Modernization, 2024, 0(07): 26-35.
[11]	WU Junkai, MAO Zhengchong. Laser Constant Current Source Controller Based on CDKF-RBFPID [J]. Computer and Modernization, 2024, 0(07): 100-105.
[12]	ZHOU Chao, CONG Xin, ZI Lingling, XIAO Guping. Recommendation Algorithm Model Based on DNN and Attention Mechanism [J]. Computer and Modernization, 2024, 0(06): 1-7.
[13]	LI Shan, WANG Linna, GAO Dingjia, XUAN Haibo. Multi-layer Bank-enterprise Converged Network Based on Graph Neural Network [J]. Computer and Modernization, 2024, 0(05): 27-32.
[14]	ZHONG Hailong1, 2, HE Yueshun1, HE Linlin1, CHEN JIE1, TIAN Ming3, ZHENG Ruiyin4. Cost-sensitive Convolutional Neural Network for Encrypted Traffic Classification#br# #br# [J]. Computer and Modernization, 2024, 0(05): 55-60.
[15]	GAO Geng1, XIAO Fengli2, YANG Fei1. Recognition of Hypopigmented Skin Diseases Based on Improved MobileNetV3-Small [J]. Computer and Modernization, 2024, 0(05): 120-126.