skip to main content
10.1145/3331453.3361280acmotherconferencesArticle/Chapter ViewAbstractPublication PagescsaeConference Proceedingsconference-collections
research-article

SQL Injection Detection Based on Deep Belief Network

Published: 22 October 2019 Publication History

Abstract

At present, the ways for detecting SQL injection attacks include pre-compilation of SQL statements, filtering user input at the WEB layer to prevent SQL injection, such as filtering global parameters with Filter, strictly restricting the operation authority of the database, and trying to satisfy all. The lowest permissions for the operation, etc. The detection method for the SQL injection attack is mainly to analyze the incoming parameters to determine whether an illegal parameter is passed in. However, due to the poor real-time performance of the analyzed traffic content and the accuracy, the false positive rate is not ideal. Therefore, this paper proposes a deep learning-based approach to find SQL injection aggression. It does not need to analyze and extract all the content. It only needs to find out the features needed by the model. Entering these features into the model that is trained in advance can detect SQL injection attacks traffic in real time. This paper use deep learning to identify SQL injection attacks in network traffic. We select the target features according to the attack characteristics of the SQL injection attack and get request from url or post packet as train data; use the deep belief network (DBN) model to train the selected features and the collected sample data, and finally get an identifiable SQL Injection attack model. Finally find a best model for Detecting SQL injection, and achieve online and real-time detection.

References

[1]
B. Appiah, "OWASP Top 10, 2017," 2017. [Online]. Available:
[2]
https://www.owasp.org/index.php/Top_10-2017_Top_10
[3]
Bertino, E., Kamra, A., & Early, J. P. (2007). Profiling database application to detect sql injection attacks. In Profiling database application to detect SQL injection attacks (pp. 449--458). IEEE.
[4]
http://zt.360.cn/1101061855.php?dtid=1101062368&did=490822835http://zt.360.cn/1101061855.php?dtid=1101062368&did=490822835
[5]
Anjali, S. K., & Kulkarnai, R. B. (2012). Web vulnerability detection and security mechanism. International Journal of Soft Computing and Engineering, 2(4), 2231--2307.
[6]
Ji S, Satish N, Li S, et al. Parallelizing word2vec in shared and distributed memory[J]. IEEE Transactions on Parallel and Distributed Systems, 2019.
[7]
Williams, J., & Wichers, D. (2013). OWASP Top 10-2013rcl: The ten most critical web application security risks. In The open wep application security project.
[8]
Namdev, M., Hasan, F., & Shrivastav, G. (2012). A novel approach for SQL inection prevention using hashing & encryption (SQL-EBCP). International Journal of Computer Science and Information Technologies, 3(5), 4981--4987.
[9]
Hu, Y., & Panda, B. (2004). A data mining approach for database intrusion detection. In The 2004 ACM symposium on applied computing (pp. 711--716). ACM.
[10]
Kamra, A., & Bertino, E. (2009). Survey of machine learning methods for database security. In Machine learning in cyber trust (pp. 53--71). Springer.
[11]
Low, W. L., Lee, J., & Teoh, P. (2002). DIDAFIT: Detecting intrusions in databases through fingerprinting transactions. In Databases and information systems integration 2010 (pp. 121--128). ICEIS.
[12]
Hu, Y., Campan, A., Walden, J., Vorobyeva, I., & Shelton, J. (2010). An effective log mining approach for database intrusion detection. In IEEE international conference on systems man and cybernetics 2010 (pp. 2299--2306). IEEE.
[13]
Aliero M S, Ghani I, Qureshi K N, et al. An algorithm for detecting SQL injection vulnerability using black-box testing[J]. Journal of Ambient Intelligence and Humanized Computing, 2019: 1--18.
[14]
Cilimkovic M. Neural networks and back propagation algorithm[J]. Institute of Technology Blanchardstown, Blanchardstown Road North Dublin, 2015, 15.
[15]
Gupta A, Yadav D S K. An Approach for Preventing SQL Injection Attack on Web Application[J]. International Journal of Computer Science and Mobile Computing (IJCSMC), 2016, 5(6): 01--10.
[16]
Le V G, Nguyen H T, Pham D P, et al. GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities[M]//Transactions on Computational Collective Intelligence XXXII. Springer, Berlin, Heidelberg, 2019: 184--208.
[17]
Wei, K., Muthuprasanna, M., & Kothari, S. (2006). Preventing SQL injection attacks in stored procedures. In The 2006 Australian software engineering conference. IEEE.
[18]
Hinton G E. A practical guide to training restricted Boltzmann machines[M]//Neural networks: Tricks of the trade. Springer, Berlin, Heidelberg, 2012: 599--619.
[19]
Hinton G E, Osindero S, Teh Y W. A fast learning algorithm for deep belief nets[J]. Neural computation, 2006, 18(7): 1527--1554.
[20]
Horikawa S I, Furuhashi T, Uchikawa Y. On fuzzy modeling using fuzzy neural networks with the back-propagation algorithm[J]. IEEE transactions on Neural Networks, 1992, 3(5): 801--806.
[21]
Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. Efficient Estimation of Word Representations in Vector Space. In Proceedings of Workshop at ICLR, 2013.

Cited By

View all
  • (2024)SQLStateGuard: Statement-Level SQL Injection Defense Based on Learning-Driven MiddlewareProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698569(69-82)Online publication date: 20-Nov-2024
  • (2023)Semantic-Based SQL Injection Detection Method2023 5th International Conference on Artificial Intelligence and Computer Applications (ICAICA)10.1109/ICAICA58456.2023.10405528(519-524)Online publication date: 28-Nov-2023
  • (2023)Research on Web Intrusion Technology Based on DBN2023 2nd Asia-Pacific Computer Technologies Conference (APCT)10.1109/APCT58752.2023.00009(8-12)Online publication date: Jan-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
CSAE '19: Proceedings of the 3rd International Conference on Computer Science and Application Engineering
October 2019
942 pages
ISBN:9781450362948
DOI:10.1145/3331453
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 October 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Cyber Security
  2. Deep Belief Network (DBN)
  3. Deep Learning
  4. SQL Injection

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

CSAE 2019

Acceptance Rates

Overall Acceptance Rate 368 of 770 submissions, 48%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)34
  • Downloads (Last 6 weeks)0
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)SQLStateGuard: Statement-Level SQL Injection Defense Based on Learning-Driven MiddlewareProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698569(69-82)Online publication date: 20-Nov-2024
  • (2023)Semantic-Based SQL Injection Detection Method2023 5th International Conference on Artificial Intelligence and Computer Applications (ICAICA)10.1109/ICAICA58456.2023.10405528(519-524)Online publication date: 28-Nov-2023
  • (2023)Research on Web Intrusion Technology Based on DBN2023 2nd Asia-Pacific Computer Technologies Conference (APCT)10.1109/APCT58752.2023.00009(8-12)Online publication date: Jan-2023
  • (2023)Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-ArtIEEE Access10.1109/ACCESS.2023.326638511(40128-40161)Online publication date: 2023
  • (2022)Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20400392:4(764-777)Online publication date: 20-Sep-2022
  • (2022)Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature ReviewFuture Internet10.3390/fi1404011814:4(118)Online publication date: 13-Apr-2022
  • (2022)Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniquesJournal of Big Data10.1186/s40537-022-00678-09:1Online publication date: 30-Dec-2022
  • (2022)Detecting SQL Injection Attack using Natural Language Processing2022 IEEE 9th Uttar Pradesh Section International Conference on Electrical, Electronics and Computer Engineering (UPCON)10.1109/UPCON56432.2022.9986458(1-5)Online publication date: 2-Dec-2022
  • (2022)Database Meets Artificial Intelligence: A SurveyIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2020.299464134:3(1096-1116)Online publication date: 1-Mar-2022
  • (2022)SQL Injection Detection Using 2D-Convolutional Neural Networks (2D-CNN)2022 International Conference on Data Science and Intelligent Computing (ICDSIC)10.1109/ICDSIC56987.2022.10075777(212-217)Online publication date: 1-Nov-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media