{"title":"基于深度学习的结构化查询语言注入漏洞检测方法","authors":"","doi":"10.30534/ijatcse/2022/051152022","DOIUrl":null,"url":null,"abstract":"With the rapid development of Web 2.0 technology, network applications have gradually become an indispensable part of our lives. At the same time, Web applications are confronted with more challenges. As announced by the OWASP (open web application security project) organization, injection attack has been the first of the top 10 security vulnerabilities in 2013 and 2017, and SQL injection attack is one of the most important types among the injection attacks. Due to the rapid growth of SQL injection attacks on web application, this research developed a deep learning model in detecting SQL injection attack. The model was trained on a dataset that contains about 30,635 queries, which includes both injected and non-injected queries. The dataset was gotten from Kaggle database. The dataset was then processed by removing null and duplicate values. Further pre-processing was carried out in terms of tokenization and conversion of text to arrays. CountVectorizer () function was used for data normalization in converting the dataset to arrays in form of 0s and 1s. After the pre-processing stage, Feature selection was done on the dataset using the tfidvectoriser. The selected features were passed to the deep feed forward neural network for training. The model was trained on a step of 20 epochs, the model achieved an accuracy of 97.65%. Confusion matrix depicts the total number of correct prediction and the total number of false classifications. The confusion matrix shows that out of 590 classifications on attacks that are of normal, the model predicted correctly for 572 and predicted falsely for 16 times. Then for attacks that are of SQL injection, the model predicted correctly 251 times and predicted falsely for just 1. This shows the performance of the model is in good shape. The model was saved and deployed to web using python flask for easy testing and usage. The model was compared with other existing models and it outperformed the existing model in terms of accuracy. This research can further be extended by using combinations of deep learning algorithms. It can further be extended by deploying the model to android applications.","PeriodicalId":129636,"journal":{"name":"International Journal of Advanced Trends in Computer Science and Engineering","volume":"231 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Deep Learning Approach for The Detection of Structured Query Language Injection Vulnerability\",\"authors\":\"\",\"doi\":\"10.30534/ijatcse/2022/051152022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid development of Web 2.0 technology, network applications have gradually become an indispensable part of our lives. At the same time, Web applications are confronted with more challenges. As announced by the OWASP (open web application security project) organization, injection attack has been the first of the top 10 security vulnerabilities in 2013 and 2017, and SQL injection attack is one of the most important types among the injection attacks. Due to the rapid growth of SQL injection attacks on web application, this research developed a deep learning model in detecting SQL injection attack. The model was trained on a dataset that contains about 30,635 queries, which includes both injected and non-injected queries. The dataset was gotten from Kaggle database. The dataset was then processed by removing null and duplicate values. Further pre-processing was carried out in terms of tokenization and conversion of text to arrays. CountVectorizer () function was used for data normalization in converting the dataset to arrays in form of 0s and 1s. After the pre-processing stage, Feature selection was done on the dataset using the tfidvectoriser. The selected features were passed to the deep feed forward neural network for training. The model was trained on a step of 20 epochs, the model achieved an accuracy of 97.65%. Confusion matrix depicts the total number of correct prediction and the total number of false classifications. The confusion matrix shows that out of 590 classifications on attacks that are of normal, the model predicted correctly for 572 and predicted falsely for 16 times. Then for attacks that are of SQL injection, the model predicted correctly 251 times and predicted falsely for just 1. This shows the performance of the model is in good shape. The model was saved and deployed to web using python flask for easy testing and usage. The model was compared with other existing models and it outperformed the existing model in terms of accuracy. This research can further be extended by using combinations of deep learning algorithms. It can further be extended by deploying the model to android applications.\",\"PeriodicalId\":129636,\"journal\":{\"name\":\"International Journal of Advanced Trends in Computer Science and Engineering\",\"volume\":\"231 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Advanced Trends in Computer Science and Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30534/ijatcse/2022/051152022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Advanced Trends in Computer Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30534/ijatcse/2022/051152022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Deep Learning Approach for The Detection of Structured Query Language Injection Vulnerability
With the rapid development of Web 2.0 technology, network applications have gradually become an indispensable part of our lives. At the same time, Web applications are confronted with more challenges. As announced by the OWASP (open web application security project) organization, injection attack has been the first of the top 10 security vulnerabilities in 2013 and 2017, and SQL injection attack is one of the most important types among the injection attacks. Due to the rapid growth of SQL injection attacks on web application, this research developed a deep learning model in detecting SQL injection attack. The model was trained on a dataset that contains about 30,635 queries, which includes both injected and non-injected queries. The dataset was gotten from Kaggle database. The dataset was then processed by removing null and duplicate values. Further pre-processing was carried out in terms of tokenization and conversion of text to arrays. CountVectorizer () function was used for data normalization in converting the dataset to arrays in form of 0s and 1s. After the pre-processing stage, Feature selection was done on the dataset using the tfidvectoriser. The selected features were passed to the deep feed forward neural network for training. The model was trained on a step of 20 epochs, the model achieved an accuracy of 97.65%. Confusion matrix depicts the total number of correct prediction and the total number of false classifications. The confusion matrix shows that out of 590 classifications on attacks that are of normal, the model predicted correctly for 572 and predicted falsely for 16 times. Then for attacks that are of SQL injection, the model predicted correctly 251 times and predicted falsely for just 1. This shows the performance of the model is in good shape. The model was saved and deployed to web using python flask for easy testing and usage. The model was compared with other existing models and it outperformed the existing model in terms of accuracy. This research can further be extended by using combinations of deep learning algorithms. It can further be extended by deploying the model to android applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
