A SQL Injection Attack Detection Algorithm Based on Improved TF-IDF

Abstract

Abstract: Because the traditional TF-IDF algorithm does not allocate the weight of feature words well, there will be problems of insufficient feature extraction and low efficiency, resulting in the results not in line with the actual situation. In order to solve the limitations of this method in SQL injection attack detection, this paper improves TF-IDF by adding text quantity ratio factor and Chi statistics to the traditional TF-IDF algorithm, which can well improve the weight of some important words. The detection of SQL injection attacks is realized by selecting different classifiers, so as to obtain different classification results. The experimental results show that the combination of boosted decision tree and improved TF-IDF has higher accuracy, recall and F1 value than other similar methods. In addition, compared with the traditional TF-IDF algorithm, the correctness, accuracy, recall and F1 value of the proposed algorithm are improved by about 5%, which has a certain practical application value.

Key words: SQL injection, TF-IDF, chi-square statistics, text vectorization

GUAN Hui, SHENG Jing-yuan, CAO Tong-zhou. A SQL Injection Attack Detection Algorithm Based on Improved TF-IDF[J]. Computer and Modernization, 2022, 0(06): 122-126.

References ［23］

［1］	GUPTA H, MONDAL S, RAY S, et al. Impact of SQL injection in database security［C］// 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). 2019:296-299.
［2］	SAI LEKSHMI A S, DEVIPRIYA V S. An emulation of SQL injection disclosure and deterrence［C］// 2017 International Conference on Networks & Advances in Computational Technologies (NetACT). 2017:314-316.
［3］	OWASP. OWASP Top 10-2017［EB/OL］. (2017-11-28) ［2021-08-10］. http://www.owasp.org.cn/owasp-project.
［4］	王蕾,李丰,李炼,等. 污点分析技术的原理和实践应用［J］. 软件学报, 2017,28(4):860-882.
［5］	何成万,叶志鹏. 基于AOP和动态污点分析的SQL注入行为检测方法［J］. 电子学报, 2019,47(11):2413-2419.
［6］	SOEWITO B, GUNAWAN F E, HIRZI, et al. Prevention structured query language injection using regular expression and escape string［J］. Procedia Computer Science, 2018，135:678-687.
［7］	韩宸望,林晖,黄川. 基于SQL语法树的SQL注入过滤方法研究［J］. 网络与信息安全学报, 2016,2(11):70-77.
［8］	王苗苗,钱步仁,许莹莹,等. 基于通用规则的SQL注入攻击检测与防御系统的研究［J］. 电子设计工程, 2017,25(5):24-28.
［9］	KAR D, AGARWAL K, SAHOO A K, et al. Detection of SQL injection attacks using hidden Markov model［C］// 2016 IEEE International Conference on Engineering and Technology (ICETECH). 2016: 1-6.〖HJ1.6mm〗
［10］	KAR D, PANIGRAHI S, SUNDARARAJAN S. SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM［J］. Computers & Security, 2016,60:206-225.
［11］	孔德广,蒋朝惠,郭春. 基于Simhash算法的SQL注入攻击检测方法［J］. 计算机应用研究, 2020,37(7):2117-2122.
［12］	万卓昊,徐东东,梁生,等. 基于N-gram的SQL注入检测研究［J］. 计算机科学, 2019,46(7):108-113.
［13］	程希,曹晓梅. 基于信息携带的SQL注入攻击检测方法［J］. 计算机科学, 2021,48(7):70-76.
［14］	李红灵,邹建鑫. 基于SVM和文本特征向量提取的SQL注入检测研究［J］. 信息网络安全, 2017(12):40-46.
［15］	徐冬冬,谢统义,万卓昊,等. 基于TF-IDF文本向量化的SQL注入攻击检测［J］. 广西大学学报(自然科学版), 2018,43(5):1818-1826.
［16］	李应博,张斌. 基于改进TFIDF算法的SQL注入攻击检测方法［J］. 信息工程大学学报, 2020,21(1):108-114.
［17］	苏林萍,刘小倩,陈飞,等. 基于N-Gram和TFIDF的SQL注入检测方法［J］. 计算机与数字工程, 2021,49(6):1177-1181.
［18］	HUANG C M, JIANG Y J. An empirical study on the classification of Chinese news articles by machine learning and deep learning techniques［C］// 2019 International Conference on Machine Learning and Cybernetics (ICMLC). 2019: 462-467.
［19］	GU Y W, WANG Y R, HUAN J, et al. An improved TFIDF algorithm based on dual parallel adaptive computing model ［C］// 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 2018 : 657-663.
［20］	孙琛琛. 基于维基百科结构信息的语义关联度计算研究［D］. 沈阳:东北大学, 2012.
［21］	ZHAI Y J, SONG W, LIU X J, et al. A chi-square statistics based feature selection method in text classification［C］// 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). 2018:160-163.
［22］	GitHub. SQL注入攻击数据集［EB/OL］. (2018-03-12) ［2021-08-10］. https://github.com/client9/libinjection/.
［23］	KAMTUO K， SOOMLEK C. Machine learning for SQL injection prevention on server-side scripting［C］// 2016 International Computer Science and Engineering Conference (ICSEC). 2017. DOI: 10.1109/ICSEC.2016.7859950.

[1]	DAI Ji-peng, SHAO Feng-jing, SUN Ren-cheng. Short Text Classification Based on Improved CHI and TF-IDF [J]. Computer and Modernization, 2021, 0(06): 6-11.
[2]	NIU Feng-gao, YAN Tao. Feature Weighted CLSVSM [J]. Computer and Modernization, 2021, 0(05): 59-65.
[3]	LI Wen, WEN Yong-jun, TANG Li-jun, . A Multi-feature Fusion Algorithm for Label Generation of Educational Resources [J]. Computer and Modernization, 2020, 0(09): 19-24.
[4]	ZHOU Ling, ZHANG Ying-jun, PAN Li-hu. A Short Text Classification Method Based on Emotional Features [J]. Computer and Modernization, 2020, 0(07): 80-84.
[5]	CHEN Ping-ping, GENG Xiao-ran, ZOU Min, TAN Ding-ying. Analysis of Text Sentiment Orientation Based on Machine Learning [J]. Computer and Modernization, 2020, 0(03): 77-.
[6]	XIE Hao-ran1, WEI Wei2, YANG Zhi-hui3, DENG Ju-zhi1, GE Kun-peng1. New Radio and Television Program Collaborative Recommendation Process Based on TF-IDF [J]. Computer and Modernization, 2019, 0(09): 65-.
[7]	LI Peng-peng， FAN Hui-min. Research on Improvement of Feature Weights in Text Classification [J]. Computer and Modernization, 2018, 0(02): 66-.
[8]	ZHU Jing-jing, HAN Li-xin. Chatterbots Based on RNN Sentence Auto-encoder [J]. Computer and Modernization, 2018, 0(01): 32-35.
[9]	LU Jin-quan, XU Kai-yong,Dai Le-yu. Improvement of Bayes Classification Algorithm Based on Text Filtering [J]. Computer and Modernization, 2016, 0(9): 100-103+108.
[10]	ZHANG Zhichao， WANG Dan， ZHAO Wenbing， FU Lihua. SQL Injection Detection Based on Neural Network [J]. Computer and Modernization, 2016, 0(10): 67-71.
[11]	GAN Hong, PAN Dan. Analysis and Research of Malicious URL Recognition Based on SVM and TF-IDF [J]. Computer and Modernization, 2016, 251(07): 95-97,102.
[12]	GU Kunpeng;SONG Shunlin. Safe SQL Queries Generated by Relational Algebra Based on C++  Language [J]. Computer and Modernization, 2011, 194(10): 177-180.