SQL Injection Behavior Mining Based Deep Learning
SQL injection is a common network attack. At present, filtering methods are mainly used to prevent SQL injection, yet risks of incomplete filtering still remains. By deep learning, we detect whether the user behaviors contain SQL injection attacks. The scheme proposed in this article extracts the characteristics of the HTTP traffic in the training sets and uses the deep neural network LSTM and the MLP training data sets, the final predictive capacity of the testing sets is over 99%. The deep neural network uses ReLU as the activation function of the hidden layer, continuously updates the weight parameters through gradient descent algorithm, and finally completes the training within 50 epoch iterations.
KeywordsSQL injection Deep learning MLP LSTM
This work was supported by the Development Program of China under Grants Complexity 2017YFB0802704 and program of Shanghai Technology Research Leader under grant 16XD1424400.
- 3.Bhardwaj, M., John, A.: An adaptive algorithm to prevent SQL Injection 4(3–1), 12–15 (2015)Google Scholar
- 4.Buja, G., Jalil, K.B.A., Ali, F.B.H.M., et al.: Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. In: IEEE Symposium on Computer Applications and Industrial Electronics, pp. 60–64. IEEE (2015)Google Scholar
- 5.Parvez, M., Zavarsky, P., Khoury, N.: Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities. In: Internet Technology and Secured Transactions, pp. 186–191. IEEE (2016)Google Scholar
- 6.Yuan, G., Li, B., Yao, Y., et al.: A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection. In: International Joint Conference on Neural Networks, pp. 3896–3903. IEEE (2017)Google Scholar
- 7.Kumar, M., Indu, L.: Detection and prevention of SQL injection attack. Int. J. Comput. Sci. Inf. Technol. 5, 374–377 (2014)Google Scholar
- 8.Shi, C.C., Zhang, T., Yu, Y., et al.: A new approach for SQL-injection detection. Comput. Sci. 127, 245–254 (2012)Google Scholar
- 10.Kaur, N., Kaur, P.: Modeling a SQL injection attack. In: International Conference on Computing for Sustainable Global Development. IEEE (2016)Google Scholar