Peng Li, Lei Liu, Jing Xu, Hongji Yang, Liying Yuan, Chenkai Guo, Xiujuan Ji
{"title":"隐马尔可夫模型在SQL注入检测中的应用","authors":"Peng Li, Lei Liu, Jing Xu, Hongji Yang, Liying Yuan, Chenkai Guo, Xiujuan Ji","doi":"10.1109/COMPSAC.2017.64","DOIUrl":null,"url":null,"abstract":"Due to the increasing complexity of web and client application's structure, security problem has become more and more critical. Among all the threats reported, SQL Injection Attacks (SQLIAs) have always been top-ranked in recent years, and network logs, which are very important for the detection of SQLIA, are often utilized to analyze the user's attacking behaviors. However, the collection of network logs is often compromised due to the growing complexity of network structure, leading to a great challenge to the log-based SQLIA detection. In view of this, this paper proposes a novel approach to the detection of SQLIA based on log analyzing with Hidden Markov Model (HMM), combined with statistical characteristic and feature matching. At first, we build browsing behavior models of attackers and legal users. Furthermore, we use HMM to restore user's browsing procedure from the customised user logs. Finally, the method detects SQLIAs by analyzing the behavior of users in reality, without requiring sensitive information submitted by users. Our experiments show that the proposed method can detect possible SQLIAs and identify malicious users effectively, and has higher accuracy in comparison with the Kmeans method.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"24 1","pages":"578-583"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Application of Hidden Markov Model in SQL Injection Detection\",\"authors\":\"Peng Li, Lei Liu, Jing Xu, Hongji Yang, Liying Yuan, Chenkai Guo, Xiujuan Ji\",\"doi\":\"10.1109/COMPSAC.2017.64\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the increasing complexity of web and client application's structure, security problem has become more and more critical. Among all the threats reported, SQL Injection Attacks (SQLIAs) have always been top-ranked in recent years, and network logs, which are very important for the detection of SQLIA, are often utilized to analyze the user's attacking behaviors. However, the collection of network logs is often compromised due to the growing complexity of network structure, leading to a great challenge to the log-based SQLIA detection. In view of this, this paper proposes a novel approach to the detection of SQLIA based on log analyzing with Hidden Markov Model (HMM), combined with statistical characteristic and feature matching. At first, we build browsing behavior models of attackers and legal users. Furthermore, we use HMM to restore user's browsing procedure from the customised user logs. Finally, the method detects SQLIAs by analyzing the behavior of users in reality, without requiring sensitive information submitted by users. Our experiments show that the proposed method can detect possible SQLIAs and identify malicious users effectively, and has higher accuracy in comparison with the Kmeans method.\",\"PeriodicalId\":6556,\"journal\":{\"name\":\"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)\",\"volume\":\"24 1\",\"pages\":\"578-583\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/COMPSAC.2017.64\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC.2017.64","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Application of Hidden Markov Model in SQL Injection Detection
Due to the increasing complexity of web and client application's structure, security problem has become more and more critical. Among all the threats reported, SQL Injection Attacks (SQLIAs) have always been top-ranked in recent years, and network logs, which are very important for the detection of SQLIA, are often utilized to analyze the user's attacking behaviors. However, the collection of network logs is often compromised due to the growing complexity of network structure, leading to a great challenge to the log-based SQLIA detection. In view of this, this paper proposes a novel approach to the detection of SQLIA based on log analyzing with Hidden Markov Model (HMM), combined with statistical characteristic and feature matching. At first, we build browsing behavior models of attackers and legal users. Furthermore, we use HMM to restore user's browsing procedure from the customised user logs. Finally, the method detects SQLIAs by analyzing the behavior of users in reality, without requiring sensitive information submitted by users. Our experiments show that the proposed method can detect possible SQLIAs and identify malicious users effectively, and has higher accuracy in comparison with the Kmeans method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
