Multi-source data analysis and evaluation of machine learning techniques for SQL injection detection

Proceedings of the ACMSE 2018 Conference Pub Date : 2018-03-29 DOI:10.1145/3190645.3190670

Kevin Ross, M. Moh, Teng-Sheng Moh, Jason Yao

{"title":"Multi-source data analysis and evaluation of machine learning techniques for SQL injection detection","authors":"Kevin Ross, M. Moh, Teng-Sheng Moh, Jason Yao","doi":"10.1145/3190645.3190670","DOIUrl":null,"url":null,"abstract":"SQL Injection continues to be one of the most damaging security exploits in terms of personal information exposure as well as monetary loss. Injection attacks are the number one vulnerability in the most recent OWASP Top 10 report, and the number of these attacks continues to increase. Traditional defense strategies often involve static, signature-based IDS (Intrusion Detection System) rules which are mostly effective only against previously observed attacks but not unknown, or zero-day, attacks. Much current research involves the use of machine learning techniques, which are able to detect unknown attacks, but depending on the algorithm can be costly in terms of performance. In addition, most current intrusion detection strategies involve collection of traffic coming into the web application either from a network device or from the web application host, while other strategies collect data from the database server logs. In this project, we are collecting traffic from two points: at the web application host, and at a Datiphy appliance node located between the webapp host and the associated MySQL database server. In our analysis of these two datasets, and another dataset that is correlated between the two, we have been able to demonstrate that accuracy obtained with the correlated dataset using algorithms such as rule-based and decision tree are nearly the same as those with a neural network algorithm, but with greatly improved performance.","PeriodicalId":403177,"journal":{"name":"Proceedings of the ACMSE 2018 Conference","volume":"120 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACMSE 2018 Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3190645.3190670","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

Abstract

SQL Injection continues to be one of the most damaging security exploits in terms of personal information exposure as well as monetary loss. Injection attacks are the number one vulnerability in the most recent OWASP Top 10 report, and the number of these attacks continues to increase. Traditional defense strategies often involve static, signature-based IDS (Intrusion Detection System) rules which are mostly effective only against previously observed attacks but not unknown, or zero-day, attacks. Much current research involves the use of machine learning techniques, which are able to detect unknown attacks, but depending on the algorithm can be costly in terms of performance. In addition, most current intrusion detection strategies involve collection of traffic coming into the web application either from a network device or from the web application host, while other strategies collect data from the database server logs. In this project, we are collecting traffic from two points: at the web application host, and at a Datiphy appliance node located between the webapp host and the associated MySQL database server. In our analysis of these two datasets, and another dataset that is correlated between the two, we have been able to demonstrate that accuracy obtained with the correlated dataset using algorithms such as rule-based and decision tree are nearly the same as those with a neural network algorithm, but with greatly improved performance.

查看原文本刊更多论文

多源数据分析与评价SQL注入检测的机器学习技术

就个人信息暴露和金钱损失而言，SQL注入仍然是最具破坏性的安全漏洞之一。在最新的OWASP十大漏洞报告中，注入攻击是排名第一的漏洞，而且这些攻击的数量还在不断增加。传统的防御策略通常涉及静态的、基于签名的入侵检测系统(IDS)规则，这些规则大多只对先前观察到的攻击有效，而对未知的攻击或零日攻击无效。目前的许多研究都涉及到机器学习技术的使用，这种技术能够检测到未知的攻击，但依赖于算法在性能方面可能会付出高昂的代价。此外，大多数当前的入侵检测策略涉及从网络设备或web应用程序主机收集进入web应用程序的流量，而其他策略则从数据库服务器日志收集数据。在这个项目中，我们从两点收集流量:web应用程序主机和位于web应用程序主机和相关MySQL数据库服务器之间的datatiphy设备节点。在我们对这两个数据集以及两者之间相关的另一个数据集的分析中，我们已经能够证明，使用基于规则和决策树等算法获得的相关数据集的精度与使用神经网络算法获得的精度几乎相同，但性能大大提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ACMSE 2018 Conference

自引率

0.00%

发文量