skip to main content
10.1145/3472634.3474068acmotherconferencesArticle/Chapter ViewAbstractPublication Pagesacm-turcConference Proceedingsconference-collections
research-article

SQL Injection Attack Detection Framework Based on HTTP Traffic

Published: 02 October 2021 Publication History

Abstract

In view of the characteristics of SQL injection attack under the background of complex HTTP traffic, this paper systematically proposes a framework of SQL injection attack detection based on HTTP traffic, including four modules: data collection, data cleaning, feature representation and model building. The data collection module introduces a variety of channels to obtain data, and the flow cleaning module improves the detection ability of SQL injection attack under the complex traffic environment by reducing the interference of irrelevant information. The feature representation module describes an efficient and easy to obtain feature generation method, that is, lexical features that retain special symbols. The model building module proposed a model building method for detecting arbitrary length Payload and a variable length sequence training method to guarantee efficiency. The detection location covers HTTP request headers, URLs, and POST, providing multi-dimensional protection against SQL injection attacks. In the real network environment, the framework detects SQL injection attacks with low alarm omission rate and low false positive rate.

References

[1]
OWASP. 2017. Top 10 Web Application Security Risks. Retrieved from https://owasp.org/www-project-top-ten/.
[2]
Howard G M, Gutierrez C N, Arshad F A, pSigene: Webcrawling to Generalize SQL Injection Signatures[C]. // IEEE/IFIP International Conference on Dependable Systems & Networks. Atlanta: IEEE Computer Society, 2014: 45-46.
[3]
Kar D, Panigrahi S, Sundararajan S. SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM[J]. Computers & Security, 2016, 60(jul.):206-225.
[4]
Makiou A, Begriche Y, Serhrouchni A. Improving Web Application Firewalls to detect advanced SQL injection attacks[C]. // 2014 10th International Conference on Information Assurance and Security, Okinawa: IEEE, 2014: 35-40.
[5]
Tang P, Qiu W, Huang Z, Detection of SQL injection based on artificial neural network[J]. Knowledge-Based Systems, 2020, 190:105528.
[6]
Xie X, Ren C, Fu Y, SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN[J]. IEEE Access, 2019, 7:151475-151481.
[7]
Fang Y, Peng J, Liu L, WOVSQLI: Detection of SQL injection behaviors using word vector and LSTM[C]. // Proceedings of the 2nd International Conference on Cryptography, Security and Privacy. 2018: 170-174.
[8]
Abaimov S, Bianchi G. CODDLE: Code-injection detection with deep learning[J]. IEEE Access, 2019, 7: 128617-128627.
[9]
Maaten L, Hinton G. Visualizing data using t-SNE[J]. Journal of machine learning research, 2008, 9(Nov): 2579-2605.

Cited By

View all
  • (2024)SQL injection attack: Detection, prioritization & preventionJournal of Information Security and Applications10.1016/j.jisa.2024.10387185(103871)Online publication date: Sep-2024
  • (2023)SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound TrafficElectronics10.3390/electronics1211247212:11(2472)Online publication date: 30-May-2023
  • (2023)A Semantic Learning-Based SQL Injection Attack Detection TechnologyElectronics10.3390/electronics1206134412:6(1344)Online publication date: 12-Mar-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ACM TURC '21: Proceedings of the ACM Turing Award Celebration Conference - China
July 2021
284 pages
ISBN:9781450385671
DOI:10.1145/3472634
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 October 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. HTTP traffic
  2. Lexical feature
  3. SQL Injection

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ACM TURC 2021

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)38
  • Downloads (Last 6 weeks)4
Reflects downloads up to 25 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)SQL injection attack: Detection, prioritization & preventionJournal of Information Security and Applications10.1016/j.jisa.2024.10387185(103871)Online publication date: Sep-2024
  • (2023)SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound TrafficElectronics10.3390/electronics1211247212:11(2472)Online publication date: 30-May-2023
  • (2023)A Semantic Learning-Based SQL Injection Attack Detection TechnologyElectronics10.3390/electronics1206134412:6(1344)Online publication date: 12-Mar-2023
  • (2023)Request-Response Network Traffic Packets: Enhancing SQL Injection Attack Detection with a Transformer-Based Model2023 9th International Conference on Computer and Communications (ICCC)10.1109/ICCC59590.2023.10507479(1272-1278)Online publication date: 8-Dec-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media