基于信息携带的SQL注入攻击检测方法

doi:10.11896/jsjkx.200600010

摘要/Abstract

摘要： 目前,基于传统机器学习的SQL注入攻击检测的准确度仍有待提高,产生这一问题的主要原因是:在提取特征向量时,若选择的特征向量过多,则会导致模型过拟合,并影响算法的效率;若选择的特征向量过少,则会产生大量的误报数和漏报数。针对这一问题,文中提出了一种基于信息携带的SQL注入攻击检测方法SQLIA-IC。SQLIA-IC在机器学习的检测基础上加入了标记器和内容匹配模块,标记器用于检测样本中的敏感信息,内容匹配模块用于对样本进行特征项匹配,以达到二次判断的目的。为了提高SQL注入攻击检测的效率,利用信息值简化机器学习和标记器的检测结果,在内容匹配模块中根据样本携带的信息值进行动态匹配。仿真实验结果表明,相比传统的机器学习方法,所提方法的准确率平均高出2.62%,精确率平均高出4.35%,召回率平均高出0.96%,而时间损耗仅增加了5 ms左右,便能够快速、有效地检测出SQL注入攻击。

关键词: SQL注入攻击, 机器学习, 入侵检测, 特征项匹配, 信息携带

Abstract: At present,the accuracy of SQL injection attack detection based on traditional machine learning still needs to be improved.The main reason behind this phenomenon is that if too many features are selected when extracting feature vectors,it will cause the overfitting of the model and negatively affect the efficiency of the algorithm,whereas a large number of false and missed number will be generated if too little features are selected.To solve this problem,the paper proposes SQLIA-IC,a SQL injection attack detection method based on information carrying.The SQLIA-IC adds a marker and content matching module on the basis of machine learning detection.The marker is used to detect sensitive information in the sample,and the content matching module is used to match the feature items of the sample to achieve the purpose of secondary judgment.In order to improve the efficiency of SQL injection attack detection,the information value is used to simplify the detection results of machine learning and markers.In the content matching module,the dynamic matching is performed according to the information value carried by the sample.The simulation experiment results show that compared with the traditional machine learning methods,the accuracy rate of the method proposed in this paper is 2.62% higher on average,the precision ratio is 4.35% higher on average,the recall rate is 0.96%higheron average while the time loss has only increased by about 5 ms,which reveals that the method proposed can detect SQL injection attacks efficiently and effectively.

Key words: Feature matching, Information carrying, Intrusion detection, Machine learning, SQL injection attack

中图分类号:

TP181

程希, 曹晓梅. 基于信息携带的SQL注入攻击检测方法[J]. 计算机科学, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010

CHENG Xi, CAO Xiao-mei. SQL Injection Attack Detection Method Based on Information Carrying[J]. Computer Science, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010

参考文献

[1]JIA Z P,FANG B X,CUI X.ArkHoney:AWeb honeypot based on collaborative mechanism [J].Chinese Journal of Computers,2018,41(2):413-425.
[2]OWASP T T.Category:OWASP_TopTen_Projec[EB/OL].[2017].http://owasp.org/index.php/Top10.
[3]MITROPOULOS D,LOURIDAS P,POLYCHRONAKIS M,et al.Defending against web application attacks:approaches,challenges and implications[J].IEEE Transactions,2019,16(2):188-203.
[4]SU Z,WASSERMANN G.The essence of command injectionattacks in web applications[C]//The 33rd ACM Symposium on Principles of Programming Languages.ACM,2006:372-382.
[5]BUEHRER G,WEIDE B W,SIVILOTTI P A G.Using parsetree validation to prevent SQL injection attacks[C]//The 5th International Workshop on Software Engineering and Middleware.ACM,2005:106-113.
[6]KEMALIS K,TZOURAMANIS T.SQL-IDS:a specification-based approach for SQL-injection detection[C]//The 2008 ACM Symposium on Applied Computing.ACM,2008:2153-2158.
[7]NANDA S,LAM L C,CHIUEH T.Dynamic multiprocess information flow tracking for web application security[C]//The 2007 International Conference on Middleware Companion.ACM,2007:1-20.
[8]HEDIN D,BIRGISSON A,BELLO L,et al.JSFlow:Trackinginformation flow in javascript and its APIs[C]//The 29th Annual ACM Symposium on Applied Computing.ACM,2014:1663-1671.
[9]GIFFIN D B,LEVY A,STEFAN D,et al.Hails:protecting data privacy in untrusted web applications[C]//The 10th USENIX Conference on Operating Systems Design and Implementation.USENIX Association,2012:47-60.
[10]ZHANG L,CUI Y,LIU J.Application of machine learning in cyberspace security research[J].Chinese Journal of Computers,2018,41(9):1943-1975.
[11]LIANG L M,LIU B W,YANG H L,et al.Supervised retinal vessel extraction based on multi-feature fusion[J].Chinese Journal of Computers,2018,41(11):2566-2580.
[12]HE G C,LIU X B.Unsupervised visual representation learning based on image triples mining[J].Chinese Journal of Compu-ters,2018,41(12):2787-2803.
[13]QIN Y,DING S F.A review of semi-supervised clustering[J].Computer Science,2019,46(9):15-21.
[14]HUANG J H,DING Y Z,XIAO L,et al.A Cache Scheduling Scheme for Embedded System Resistance Against Denial of Service Attacks Based on Reinforcement Learning[J].Computer Science,2020,47(7):282-286.
[15]HABIBI G,SURANTHA N.XSS attack detection with machine learning and n-Gram methods[C]//2020 International Confe-rence on Information Management and Technology (ICIMTech).IEEE,2020:516-520.
[16]WEI M,LIU Y,CHEN X,et al.Decision tree applied in web-based intrusion detection system[C]//2010 Second Internatio-nal Conference on Future Networks.IEEE,2010:110-113.
[17]DENG X B,YE Y M,LI H B,et al.An improved random forest approach for detection of hidden web search interfaces[C]//2008 International Conference on Machine Learning and Cybernetics.Kunming,IEEE,2008:1586-1591.
[18]PATIL R C,PATIL D R.Web spam detection using SVM classifier[C]//2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO).IEEE,2015:1-4.
[19]KAMTUO K,SOOMLEK C.Machine learning for SQL injec-tion prevention on server-side scripting[C]//2016 International Computer Science and Engineering Conference (ICSEC).IEEE,2016:1-6.
[20]SUN F Z,ZHANG P,WHITE J,et al.A feasibility study of autonomically detecting in-process cyber-attacks[C]//The 3rd IEEE International Conference on Cybernetics.IEEE,2017:1-8.
[21]WU S H,CHENG S B,HU Y.Web attack detection technology based on SVM [J].Computer Science,2015,42(S1):362-364.
[22]UWAGBOLE S O,BUCHANAN W J,FAN L.Numerical encoding to tame SQL injection attacks[C]//NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium.2016:1253-1256.
[23]HU F S,LI C,WANG M,et al.SQL injection detection scheme based on machine learning[J].Computer Engineering and Design,2019,40(6):1554-1558.
[24]KOMIYA R,PAIK I,HISADA M.Classification of maliciousweb code by machine learning[C]//2011 3rd International Conference on Awareness Science and Technology(iCAST).IEEE,2012.406-411.
[25]LI Q,LI W,WANG J,et al.A SQL injection detection method based on adaptive deep forest[J].IEE EAccess,2019,7(7):145385-145394.
[26]LI Q,WANG F,WANG J F,et al.LSTM-Based SQL injection detection method for intelligent transportation system[J].IEEE Transactions on Vehicular Technology,2019,68(5):4182-4191.
[27]DAS D,SHARMA U,BHATTACHARYYA D K.DefeatingSQL injection attack in authentication security:an experimental study[J].International Journal of Information Security,2019,18(1):1-22.

相关文章 15

[1]	冷典典, 杜鹏, 陈建廷, 向阳. 面向自动化集装箱码头的AGV行驶时间估计 Automated Container Terminal Oriented Travel Time Estimation of AGV 计算机科学, 2022, 49(9): 208-214. https://doi.org/10.11896/jsjkx.210700028
[2]	宁晗阳, 马苗, 杨波, 刘士昌. 密码学智能化研究进展与分析 Research Progress and Analysis on Intelligent Cryptology 计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[3]	何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇. 基于大数据的进化网络影响力分析研究综述 Survey of Influence Analysis of Evolutionary Network Based on Big Data 计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[4]	李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩. 基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究 Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network 计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[5]	王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[6]	张光华, 高天娇, 陈振国, 于乃文. 基于N-Gram静态分析技术的恶意软件分类研究 Study on Malware Classification Based on N-Gram Static Analysis Technology 计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203
[7]	陈明鑫, 张钧波, 李天瑞. 联邦学习攻防研究综述 Survey on Attacks and Defenses in Federated Learning 计算机科学, 2022, 49(7): 310-323. https://doi.org/10.11896/jsjkx.211000079
[8]	肖治鸿, 韩晔彤, 邹永攀. 基于多源数据和逻辑推理的行为识别技术研究 Study on Activity Recognition Based on Multi-source Data and Logical Reasoning 计算机科学, 2022, 49(6A): 397-406. https://doi.org/10.11896/jsjkx.210300270
[9]	姚烨, 朱怡安, 钱亮, 贾耀, 张黎翔, 刘瑞亮. 一种基于异质模型融合的 Android 终端恶意软件检测方法 Android Malware Detection Method Based on Heterogeneous Model Fusion 计算机科学, 2022, 49(6A): 508-515. https://doi.org/10.11896/jsjkx.210700103
[10]	李亚茹, 张宇来, 王佳晨. 面向超参数估计的贝叶斯优化方法综述 Survey on Bayesian Optimization Methods for Hyper-parameter Tuning 计算机科学, 2022, 49(6A): 86-92. https://doi.org/10.11896/jsjkx.210300208
[11]	赵璐, 袁立明, 郝琨. 多示例学习算法综述 Review of Multi-instance Learning Algorithms 计算机科学, 2022, 49(6A): 93-99. https://doi.org/10.11896/jsjkx.210500047
[12]	周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧. 基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法 SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm 计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106
[13]	曹扬晨, 朱国胜, 孙文和, 吴善超. 未知网络攻击识别关键技术研究 Study on Key Technologies of Unknown Network Attack Identification 计算机科学, 2022, 49(6A): 581-587. https://doi.org/10.11896/jsjkx.210400044
[14]	王飞, 黄涛, 杨晔. 基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究 Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion 计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030
[15]	许杰, 祝玉坤, 邢春晓. 机器学习在金融资产定价中的应用研究综述 Application of Machine Learning in Financial Asset Pricing:A Review 计算机科学, 2022, 49(6): 276-286. https://doi.org/10.11896/jsjkx.210900127

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed