research-article

SQL Injection Attack Detection Framework Based on HTTP Traffic

Authors:

Hui GuoAuthors Info & Claims

ACM TURC '21: Proceedings of the ACM Turing Award Celebration Conference - China

Pages 179 - 185

https://doi.org/10.1145/3472634.3474068

Published: 02 October 2021 Publication History

Get Access

Abstract

In view of the characteristics of SQL injection attack under the background of complex HTTP traffic, this paper systematically proposes a framework of SQL injection attack detection based on HTTP traffic, including four modules: data collection, data cleaning, feature representation and model building. The data collection module introduces a variety of channels to obtain data, and the flow cleaning module improves the detection ability of SQL injection attack under the complex traffic environment by reducing the interference of irrelevant information. The feature representation module describes an efficient and easy to obtain feature generation method, that is, lexical features that retain special symbols. The model building module proposed a model building method for detecting arbitrary length Payload and a variable length sequence training method to guarantee efficiency. The detection location covers HTTP request headers, URLs, and POST, providing multi-dimensional protection against SQL injection attacks. In the real network environment, the framework detects SQL injection attacks with low alarm omission rate and low false positive rate.

References

[1]

OWASP. 2017. Top 10 Web Application Security Risks. Retrieved from https://owasp.org/www-project-top-ten/.

Google Scholar

[2]

Howard G M, Gutierrez C N, Arshad F A, pSigene: Webcrawling to Generalize SQL Injection Signatures[C]. // IEEE/IFIP International Conference on Dependable Systems & Networks. Atlanta: IEEE Computer Society, 2014: 45-46.

Google Scholar

[3]

Kar D, Panigrahi S, Sundararajan S. SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM[J]. Computers & Security, 2016, 60(jul.):206-225.

Digital Library

Google Scholar

[4]

Makiou A, Begriche Y, Serhrouchni A. Improving Web Application Firewalls to detect advanced SQL injection attacks[C]. // 2014 10th International Conference on Information Assurance and Security, Okinawa: IEEE, 2014: 35-40.

Google Scholar

[5]

Tang P, Qiu W, Huang Z, Detection of SQL injection based on artificial neural network[J]. Knowledge-Based Systems, 2020, 190:105528.

Digital Library

Google Scholar

[6]

Xie X, Ren C, Fu Y, SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN[J]. IEEE Access, 2019, 7:151475-151481.

Crossref

Google Scholar

[7]

Fang Y, Peng J, Liu L, WOVSQLI: Detection of SQL injection behaviors using word vector and LSTM[C]. // Proceedings of the 2nd International Conference on Cryptography, Security and Privacy. 2018: 170-174.

Google Scholar

[8]

Abaimov S, Bianchi G. CODDLE: Code-injection detection with deep learning[J]. IEEE Access, 2019, 7: 128617-128627.

Crossref

Google Scholar

[9]

Maaten L, Hinton G. Visualizing data using t-SNE[J]. Journal of machine learning research, 2008, 9(Nov): 2579-2605.

Google Scholar

Cited By

View all

Paul ASharma VOlukoya O(2024)SQL injection attack: Detection, prioritization & preventionJournal of Information Security and Applications10.1016/j.jisa.2024.10387185(103871)Online publication date: Sep-2024
https://doi.org/10.1016/j.jisa.2024.103871
Fu HGuo CJiang CPing YLv X(2023)SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound TrafficElectronics10.3390/electronics1211247212:11(2472)Online publication date: 30-May-2023
https://doi.org/10.3390/electronics12112472
Lu DFei JLiu L(2023)A Semantic Learning-Based SQL Injection Attack Detection TechnologyElectronics10.3390/electronics1206134412:6(1344)Online publication date: 12-Mar-2023
https://doi.org/10.3390/electronics12061344
Show More Cited By

Recommendations

A Survey on SQL Injection Attacks, Detection and Prevention
ICMLC '20: Proceedings of the 2020 12th International Conference on Machine Learning and Computing

Since the uses of Web in daily life is increasing in past 20 years and becoming trend now, almost every Web application has its own database to store important data. An attacker can get or even modify the data from database through SQL injection ...
Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study
ISSRE '10: Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering

System administrators frequently rely on intrusion detection tools to protect their systems against SQL Injection, one of the most dangerous security threats in database-centric web applications. However, the real effectiveness of those tools is usually ...
SQL injection attack: Detection, prioritization & prevention
Abstract
Web applications have become central in the digital landscape, providing users instant access to information and allowing businesses to expand their reach. Injection attacks, such as SQL injection (SQLi), are prominent attacks on web applications,...

Comments

Information & Contributors

Information

Published In

ACM TURC '21: Proceedings of the ACM Turing Award Celebration Conference - China

July 2021

284 pages

ISBN:9781450385671

DOI:10.1145/3472634

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 October 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACM TURC 2021

ACM TURC 2021: ACM Turing Award Celebration Conference - China ( ACM TURC 2021)

July 30 - August 1, 2021

Hefei, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
212
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)4

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Paul ASharma VOlukoya O(2024)SQL injection attack: Detection, prioritization & preventionJournal of Information Security and Applications10.1016/j.jisa.2024.10387185(103871)Online publication date: Sep-2024
https://doi.org/10.1016/j.jisa.2024.103871
Fu HGuo CJiang CPing YLv X(2023)SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound TrafficElectronics10.3390/electronics1211247212:11(2472)Online publication date: 30-May-2023
https://doi.org/10.3390/electronics12112472
Lu DFei JLiu L(2023)A Semantic Learning-Based SQL Injection Attack Detection TechnologyElectronics10.3390/electronics1206134412:6(1344)Online publication date: 12-Mar-2023
https://doi.org/10.3390/electronics12061344
Chen YLi HWang BYang AFan PWan G(2023)Request-Response Network Traffic Packets: Enhancing SQL Injection Attack Detection with a Transformer-Based Model2023 9th International Conference on Computer and Communications (ICCC)10.1109/ICCC59590.2023.10507479(1272-1278)Online publication date: 8-Dec-2023
https://doi.org/10.1109/ICCC59590.2023.10507479

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Recommendations

A Survey on SQL Injection Attacks, Detection and Prevention

Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study

SQL injection attack: Detection, prioritization & prevention

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Share

Share this Publication link

Share on social media

Affiliations