Hybrid SQL injection detection system

Abstract

The use of database driven web applications are increasing every day. Attacks on those web applications are also increasing. One of the common web application attacks is SQL Injection attack. These attacks are a code injection or insertion of SQL query via input data from the client to the application. There are many detection techniques implemented, but they have focused on the SQL structure at the application level. So those techniques failed to detect some of the attacks at the database level. The existing approaches use classification techniques and suitable kernel functions to detect the attack at the database level. As the SVM classification is the supervised learning algorithm, the unknown attacks can't be detected. In this paper, we propose a hybrid framework using the EDADT (Efficient Data Adaptive Decision Tree) algorithm which is the semi - supervised algorithm and SVM classification algorithm. It uses the internal query tree from the database log for good performance of framework. To get internal query tree, the query tree is converted to n - dimensional feature vector by using multi - dimensional sequence. The semantic features are used as the component of feature vector. And also the syntactic and semantic feature is used to generate multi - dimensional sequences. Then the extracted feature is converted into numeric value, if the feature contains any string value. Experimental results show that the proposed approach is more accurate in detecting the attacks than existing approaches.