skip to main content
10.1145/3199478.3199503acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiccspConference Proceedingsconference-collections
research-article

WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM

Published: 16 March 2018 Publication History

Abstract

The Structured Query Language Injection Attack (SQLIA) is one of the most serious and popular threats of web applications. The results of SQLIA include the data loss or complete host takeover. Detection of SQLIA is always an intractable challenge because of the heterogeneity of the attack payloads. In this paper, a novel method to detect SQLIA based on word vector of SQL tokens and LSTM neural networks is described. In the proposed method, SQL query strings were firstly syntactically analyzed into tokens, and then likelihood ratio test is used to build the word vector of SQL tokens, ultimately, an LSTM model is trained with sequences of token word vectors. We developed a tool named WOVSQLI, which implements the proposed technique, and it was evaluated with a dataset from several sources. The results of experiments demonstrate that WOVSQLI can effectively identify SQLIA.

References

[1]
OWASP, OWASP Top Ten 2017. available at: https://goo.gl/mtRV8e. {retrieved: Nov, 2017}
[2]
Nagpal, B., Chauhan, N., & Singh, N. (2017). A Survey on the Detection of SQL Injection Attacks and Their Countermeasures. JIPS (Journal of Information Processing Systems), 13(4), 689--702.
[3]
Ntagwabira, L., & Kang, S. L. (2010, July). Use of Query Tokenization to detect and prevent SQL Injection Attacks. In Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on (Vol. 2, pp. 438--440). IEEE.
[4]
Liu, W., Wang, Z., Liu, X., Zeng, N., Liu, Y., & Alsaadi, F. E. (2017). A survey of deep neural network architectures and their applications. Neurocomputing, 234, 11--26.
[5]
Brian Wylie, Mike Sconzo. Data hacking SQL injection. available at: https://goo.gl/M9kFse {retrieved: Nov, 2017}
[6]
Basta, C., Elfatatry, A., & Darwish, S. (2016). Detection of SQL Injection Using a Genetic Fuzzy Classifier System. International Journal of Advanced Computer Science and Applications, 7(6), 129--137.
[7]
Rauti, S., Teuhola, J., & Leppänen, V. (2015, August). Diversifying SQL to prevent injection attacks. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 344--351). IEEE.
[8]
Chenyu, M., & Fan, G. (2016, August). Defending SQL injection attacks based-on intention-oriented detection. In Computer Science & Education (ICCSE), 2016 11th International Conference on (pp. 939--944). IEEE.
[9]
Halfond, W. G., & Orso, A. (2005, November). AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. In Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering (pp. 174--183). ACM.
[10]
Kim, M. Y., & Lee, D. H. (2014). Data-mining based SQL injection attack detection using internal query trees. Expert Systems with Applications, 41(11), 5416--5430.
[11]
Kar, D., Panigrahi, S., & Sundararajan, S. (2016). SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM. Computers & Security, 60, 206--225.
[12]
Sheykhkanloo, N. M. (2017). A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks. International Journal of Cyber Warfare and Terrorism (IJCWT), 7(2), 16--41.
[13]
Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016, February). Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection. In Platform Technology and Service (PlatCon), 2016 International Conference on (pp. 1--5). IEEE.
[14]
Woodbridge, J., Anderson, H. S., Ahuja, A., & Grant, D. (2016). Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. arXiv preprint arXiv:1611.00791.
[15]
Andi A, sqlparse. available at: https://goo.gl/W1FkQ9 {retrieved: Nov, 2017}
[16]
Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural computation, 9(8), 1735--1780.
[17]
F. Chollet, Keras, available at: https://goo.gl/ozjmFk, 2017. {retrieved: Nov, 2017}

Cited By

View all
  • (2024)Survey on Bio-Inspired Algorithm for SQL Injection AttacksBasrah Researches Sciences10.56714/bjrs.50.1.2750:1(340)Online publication date: 30-Jun-2024
  • (2024)SQL Injection Detection Using Optimized Recurrent Neural Network Integrated with N-Gram: A Comparison2024 International Conference on Signal Processing, Computation, Electronics, Power and Telecommunication (IConSCEPT)10.1109/IConSCEPT61884.2024.10627822(1-6)Online publication date: 4-Jul-2024
  • (2024)uitSQLid: SQL Injection Detection Using Multi Deep Learning Models Approach2024 International Conference on Information Management and Technology (ICIMTech)10.1109/ICIMTech63123.2024.10780813(765-770)Online publication date: 28-Aug-2024
  • Show More Cited By

Index Terms

  1. WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICCSP 2018: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy
    March 2018
    187 pages
    ISBN:9781450363617
    DOI:10.1145/3199478
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    In-Cooperation

    • Wuhan Univ.: Wuhan University, China
    • University of Electronic Science and Technology of China: University of Electronic Science and Technology of China

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 16 March 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. LSTM networks
    2. SQL injection detection
    3. SQL token word vector

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    ICCSP 2018

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)33
    • Downloads (Last 6 weeks)5
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Survey on Bio-Inspired Algorithm for SQL Injection AttacksBasrah Researches Sciences10.56714/bjrs.50.1.2750:1(340)Online publication date: 30-Jun-2024
    • (2024)SQL Injection Detection Using Optimized Recurrent Neural Network Integrated with N-Gram: A Comparison2024 International Conference on Signal Processing, Computation, Electronics, Power and Telecommunication (IConSCEPT)10.1109/IConSCEPT61884.2024.10627822(1-6)Online publication date: 4-Jul-2024
    • (2024)uitSQLid: SQL Injection Detection Using Multi Deep Learning Models Approach2024 International Conference on Information Management and Technology (ICIMTech)10.1109/ICIMTech63123.2024.10780813(765-770)Online publication date: 28-Aug-2024
    • (2024)A deep learning approach based on multi-view consensus for SQL injection detectionInternational Journal of Information Security10.1007/s10207-023-00791-y23:2(1541-1556)Online publication date: 9-Jan-2024
    • (2023)SSQLi: A Black-Box Adversarial Attack Method for SQL Injection Based on Reinforcement LearningFuture Internet10.3390/fi1504013315:4(133)Online publication date: 30-Mar-2023
    • (2023)A Semantic Learning-Based SQL Injection Attack Detection TechnologyElectronics10.3390/electronics1206134412:6(1344)Online publication date: 12-Mar-2023
    • (2023)Deep learning approaches to SQL injection detection: evaluating ANNs, CNNs, and RNNsInternational Conference on Mathematical and Statistical Physics, Computational Science, Education and Communication (ICMSCE 2023)10.1117/12.3012620(71)Online publication date: 20-Dec-2023
    • (2023)Research on SQL Injection Detection Based on Deep Learning2023 IEEE 7th Information Technology and Mechatronics Engineering Conference (ITOEC)10.1109/ITOEC57671.2023.10291490(746-749)Online publication date: 15-Sep-2023
    • (2023)SQL Injection Attacks and Prevention2023 6th International Conference on Information Systems and Computer Networks (ISCON)10.1109/ISCON57294.2023.10112156(1-4)Online publication date: 3-Mar-2023
    • (2023)SQLIML: A Comprehensive Analysis for SQL Injection Detection Using Multiple Supervised and Unsupervised Learning SchemesSN Computer Science10.1007/s42979-022-01626-84:3Online publication date: 24-Mar-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media