Abstract
SQL injection is a common network attack. At present, filtering methods are mainly used to prevent SQL injection, yet risks of incomplete filtering still remains. By deep learning, we detect whether the user behaviors contain SQL injection attacks. The scheme proposed in this article extracts the characteristics of the HTTP traffic in the training sets and uses the deep neural network LSTM and the MLP training data sets, the final predictive capacity of the testing sets is over 99%. The deep neural network uses ReLU as the activation function of the hidden layer, continuously updates the weight parameters through gradient descent algorithm, and finally completes the training within 50 epoch iterations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Huang, H.C., Zhang, Z.K., Cheng, H.W., et al.: web application security: threats, countermeasures, and pitfalls. Computer 50(6), 81–85 (2017)
Masri, W., Sleiman, S.: SQLPIL: SQL injection prevention by input labeling. Secur. Commun. Netw. 8(15), 2545–2560 (2015)
Bhardwaj, M., John, A.: An adaptive algorithm to prevent SQL Injection 4(3–1), 12–15 (2015)
Buja, G., Jalil, K.B.A., Ali, F.B.H.M., et al.: Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. In: IEEE Symposium on Computer Applications and Industrial Electronics, pp. 60–64. IEEE (2015)
Parvez, M., Zavarsky, P., Khoury, N.: Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities. In: Internet Technology and Secured Transactions, pp. 186–191. IEEE (2016)
Yuan, G., Li, B., Yao, Y., et al.: A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection. In: International Joint Conference on Neural Networks, pp. 3896–3903. IEEE (2017)
Kumar, M., Indu, L.: Detection and prevention of SQL injection attack. Int. J. Comput. Sci. Inf. Technol. 5, 374–377 (2014)
Shi, C.C., Zhang, T., Yu, Y., et al.: A new approach for SQL-injection detection. Comput. Sci. 127, 245–254 (2012)
Lecun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)
Kaur, N., Kaur, P.: Modeling a SQL injection attack. In: International Conference on Computing for Sustainable Global Development. IEEE (2016)
Acknowledgments
This work was supported by the Development Program of China under Grants Complexity 2017YFB0802704 and program of Shanghai Technology Research Leader under grant 16XD1424400.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Tang, P., Qiu, W., Huang, Z., Lian, H., Liu, G. (2018). SQL Injection Behavior Mining Based Deep Learning. In: Gan, G., Li, B., Li, X., Wang, S. (eds) Advanced Data Mining and Applications. ADMA 2018. Lecture Notes in Computer Science(), vol 11323. Springer, Cham. https://doi.org/10.1007/978-3-030-05090-0_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-05090-0_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05089-4
Online ISBN: 978-3-030-05090-0
eBook Packages: Computer ScienceComputer Science (R0)