计算机科学 ›› 2021, Vol. 48 ›› Issue (7): 70-76.doi: 10.11896/jsjkx.200600010

所属专题: 人工智能安全

• 人工智能安全* • 上一篇    下一篇

基于信息携带的SQL注入攻击检测方法

程希, 曹晓梅   

  1. 南京邮电大学计算机学院 南京210023
  • 收稿日期:2020-05-31 修回日期:2020-09-19 出版日期:2021-07-15 发布日期:2021-07-02
  • 通讯作者: 曹晓梅(caoxm@njupt.edu.cn)

SQL Injection Attack Detection Method Based on Information Carrying

CHENG Xi, CAO Xiao-mei   

  1. School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
  • Received:2020-05-31 Revised:2020-09-19 Online:2021-07-15 Published:2021-07-02
  • About author:CHENG Xi,born in 1996,postgraduate.Her main research interests include Web security,machine learning.(2531183128@qq.com)
    CAO Xiao-mei,born in 1974,Ph.D.Her main research interests include wireless network security,mobile computing technology and security.

摘要: 目前,基于传统机器学习的SQL注入攻击检测的准确度仍有待提高,产生这一问题的主要原因是:在提取特征向量时,若选择的特征向量过多,则会导致模型过拟合,并影响算法的效率;若选择的特征向量过少,则会产生大量的误报数和漏报数。针对这一问题,文中提出了一种基于信息携带的SQL注入攻击检测方法SQLIA-IC。SQLIA-IC在机器学习的检测基础上加入了标记器和内容匹配模块,标记器用于检测样本中的敏感信息,内容匹配模块用于对样本进行特征项匹配,以达到二次判断的目的。为了提高SQL注入攻击检测的效率,利用信息值简化机器学习和标记器的检测结果,在内容匹配模块中根据样本携带的信息值进行动态匹配。仿真实验结果表明,相比传统的机器学习方法,所提方法的准确率平均高出2.62%,精确率平均高出4.35%,召回率平均高出0.96%,而时间损耗仅增加了5 ms左右,便能够快速、有效地检测出SQL注入攻击。

关键词: SQL注入攻击, 机器学习, 入侵检测, 特征项匹配, 信息携带

Abstract: At present,the accuracy of SQL injection attack detection based on traditional machine learning still needs to be improved.The main reason behind this phenomenon is that if too many features are selected when extracting feature vectors,it will cause the overfitting of the model and negatively affect the efficiency of the algorithm,whereas a large number of false and missed number will be generated if too little features are selected.To solve this problem,the paper proposes SQLIA-IC,a SQL injection attack detection method based on information carrying.The SQLIA-IC adds a marker and content matching module on the basis of machine learning detection.The marker is used to detect sensitive information in the sample,and the content matching module is used to match the feature items of the sample to achieve the purpose of secondary judgment.In order to improve the efficiency of SQL injection attack detection,the information value is used to simplify the detection results of machine learning and markers.In the content matching module,the dynamic matching is performed according to the information value carried by the sample.The simulation experiment results show that compared with the traditional machine learning methods,the accuracy rate of the method proposed in this paper is 2.62% higher on average,the precision ratio is 4.35% higher on average,the recall rate is 0.96%higheron average while the time loss has only increased by about 5 ms,which reveals that the method proposed can detect SQL injection attacks efficiently and effectively.

Key words: Feature matching, Information carrying, Intrusion detection, Machine learning, SQL injection attack

中图分类号: 

  • TP181
[1]JIA Z P,FANG B X,CUI X.ArkHoney:AWeb honeypot based on collaborative mechanism [J].Chinese Journal of Computers,2018,41(2):413-425.
[2]OWASP T T.Category:OWASP_TopTen_Projec[EB/OL].[2017].http://owasp.org/index.php/Top10.
[3]MITROPOULOS D,LOURIDAS P,POLYCHRONAKIS M,et al.Defending against web application attacks:approaches,challenges and implications[J].IEEE Transactions,2019,16(2):188-203.
[4]SU Z,WASSERMANN G.The essence of command injectionattacks in web applications[C]//The 33rd ACM Symposium on Principles of Programming Languages.ACM,2006:372-382.
[5]BUEHRER G,WEIDE B W,SIVILOTTI P A G.Using parsetree validation to prevent SQL injection attacks[C]//The 5th International Workshop on Software Engineering and Middleware.ACM,2005:106-113.
[6]KEMALIS K,TZOURAMANIS T.SQL-IDS:a specification-based approach for SQL-injection detection[C]//The 2008 ACM Symposium on Applied Computing.ACM,2008:2153-2158.
[7]NANDA S,LAM L C,CHIUEH T.Dynamic multiprocess information flow tracking for web application security[C]//The 2007 International Conference on Middleware Companion.ACM,2007:1-20.
[8]HEDIN D,BIRGISSON A,BELLO L,et al.JSFlow:Trackinginformation flow in javascript and its APIs[C]//The 29th Annual ACM Symposium on Applied Computing.ACM,2014:1663-1671.
[9]GIFFIN D B,LEVY A,STEFAN D,et al.Hails:protecting data privacy in untrusted web applications[C]//The 10th USENIX Conference on Operating Systems Design and Implementation.USENIX Association,2012:47-60.
[10]ZHANG L,CUI Y,LIU J.Application of machine learning in cyberspace security research[J].Chinese Journal of Computers,2018,41(9):1943-1975.
[11]LIANG L M,LIU B W,YANG H L,et al.Supervised retinal vessel extraction based on multi-feature fusion[J].Chinese Journal of Computers,2018,41(11):2566-2580.
[12]HE G C,LIU X B.Unsupervised visual representation learning based on image triples mining[J].Chinese Journal of Compu-ters,2018,41(12):2787-2803.
[13]QIN Y,DING S F.A review of semi-supervised clustering[J].Computer Science,2019,46(9):15-21.
[14]HUANG J H,DING Y Z,XIAO L,et al.A Cache Scheduling Scheme for Embedded System Resistance Against Denial of Service Attacks Based on Reinforcement Learning[J].Computer Science,2020,47(7):282-286.
[15]HABIBI G,SURANTHA N.XSS attack detection with machine learning and n-Gram methods[C]//2020 International Confe-rence on Information Management and Technology (ICIMTech).IEEE,2020:516-520.
[16]WEI M,LIU Y,CHEN X,et al.Decision tree applied in web-based intrusion detection system[C]//2010 Second Internatio-nal Conference on Future Networks.IEEE,2010:110-113.
[17]DENG X B,YE Y M,LI H B,et al.An improved random forest approach for detection of hidden web search interfaces[C]//2008 International Conference on Machine Learning and Cybernetics.Kunming,IEEE,2008:1586-1591.
[18]PATIL R C,PATIL D R.Web spam detection using SVM classifier[C]//2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO).IEEE,2015:1-4.
[19]KAMTUO K,SOOMLEK C.Machine learning for SQL injec-tion prevention on server-side scripting[C]//2016 International Computer Science and Engineering Conference (ICSEC).IEEE,2016:1-6.
[20]SUN F Z,ZHANG P,WHITE J,et al.A feasibility study of autonomically detecting in-process cyber-attacks[C]//The 3rd IEEE International Conference on Cybernetics.IEEE,2017:1-8.
[21]WU S H,CHENG S B,HU Y.Web attack detection technology based on SVM [J].Computer Science,2015,42(S1):362-364.
[22]UWAGBOLE S O,BUCHANAN W J,FAN L.Numerical encoding to tame SQL injection attacks[C]//NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium.2016:1253-1256.
[23]HU F S,LI C,WANG M,et al.SQL injection detection scheme based on machine learning[J].Computer Engineering and Design,2019,40(6):1554-1558.
[24]KOMIYA R,PAIK I,HISADA M.Classification of maliciousweb code by machine learning[C]//2011 3rd International Conference on Awareness Science and Technology(iCAST).IEEE,2012.406-411.
[25]LI Q,LI W,WANG J,et al.A SQL injection detection method based on adaptive deep forest[J].IEE EAccess,2019,7(7):145385-145394.
[26]LI Q,WANG F,WANG J F,et al.LSTM-Based SQL injection detection method for intelligent transportation system[J].IEEE Transactions on Vehicular Technology,2019,68(5):4182-4191.
[27]DAS D,SHARMA U,BHATTACHARYYA D K.DefeatingSQL injection attack in authentication security:an experimental study[J].International Journal of Information Security,2019,18(1):1-22.
[1] 冷典典, 杜鹏, 陈建廷, 向阳.
面向自动化集装箱码头的AGV行驶时间估计
Automated Container Terminal Oriented Travel Time Estimation of AGV
计算机科学, 2022, 49(9): 208-214. https://doi.org/10.11896/jsjkx.210700028
[2] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[3] 何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇.
基于大数据的进化网络影响力分析研究综述
Survey of Influence Analysis of Evolutionary Network Based on Big Data
计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[4] 李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩.
基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究
Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network
计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[5] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[6] 张光华, 高天娇, 陈振国, 于乃文.
基于N-Gram静态分析技术的恶意软件分类研究
Study on Malware Classification Based on N-Gram Static Analysis Technology
计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203
[7] 陈明鑫, 张钧波, 李天瑞.
联邦学习攻防研究综述
Survey on Attacks and Defenses in Federated Learning
计算机科学, 2022, 49(7): 310-323. https://doi.org/10.11896/jsjkx.211000079
[8] 肖治鸿, 韩晔彤, 邹永攀.
基于多源数据和逻辑推理的行为识别技术研究
Study on Activity Recognition Based on Multi-source Data and Logical Reasoning
计算机科学, 2022, 49(6A): 397-406. https://doi.org/10.11896/jsjkx.210300270
[9] 姚烨, 朱怡安, 钱亮, 贾耀, 张黎翔, 刘瑞亮.
一种基于异质模型融合的 Android 终端恶意软件检测方法
Android Malware Detection Method Based on Heterogeneous Model Fusion
计算机科学, 2022, 49(6A): 508-515. https://doi.org/10.11896/jsjkx.210700103
[10] 李亚茹, 张宇来, 王佳晨.
面向超参数估计的贝叶斯优化方法综述
Survey on Bayesian Optimization Methods for Hyper-parameter Tuning
计算机科学, 2022, 49(6A): 86-92. https://doi.org/10.11896/jsjkx.210300208
[11] 赵璐, 袁立明, 郝琨.
多示例学习算法综述
Review of Multi-instance Learning Algorithms
计算机科学, 2022, 49(6A): 93-99. https://doi.org/10.11896/jsjkx.210500047
[12] 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧.
基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法
SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm
计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106
[13] 曹扬晨, 朱国胜, 孙文和, 吴善超.
未知网络攻击识别关键技术研究
Study on Key Technologies of Unknown Network Attack Identification
计算机科学, 2022, 49(6A): 581-587. https://doi.org/10.11896/jsjkx.210400044
[14] 王飞, 黄涛, 杨晔.
基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究
Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion
计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030
[15] 许杰, 祝玉坤, 邢春晓.
机器学习在金融资产定价中的应用研究综述
Application of Machine Learning in Financial Asset Pricing:A Review
计算机科学, 2022, 49(6): 276-286. https://doi.org/10.11896/jsjkx.210900127
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!