Computer Science

Computer Science ›› 2019, Vol. 46 ›› Issue (7): 108-113.doi: 10.11896/j.issn.1002-137X.2019.07.017

• Information Security • Previous Articles     Next Articles

Study on SQL Injection Detection Based on N-Gram

WAN Zhuo-hao,XU Dong-dong,LIANG Sheng,HUANG Bao-hua   

  1. (School of Computer and Electronic Information,Guangxi University,Nanning 530004,China)
  • Received:2018-06-04 Online:2019-07-15 Published:2019-07-15

PDF (PC)

942

Abstract: SQL injection attack is the main security threat faced by Web.Aiming at the problem that SQL injection is hard to detect,this paper proposed an SQL injection detection method based on N-Gram.The method transforms the SQL statements into the feature vectors with fixed dimension based on N-Gram,and the distance is improved by changing the weights of different feature subsequences.The fuzzy distance obtained from the improved distance and chi-square distance through BP neural network is used as the distance criterion between vectors.Firstly,the average feature vector of the secure SQL statements is calculated.Then,the distances between every SQL sentence and average feature vector are calculated to determine the distance threshold.The distance between the unknown SQL statement and the average feature vector is compared with the distance threshold to judge the safety of the unknown SQL statement.The experimental results show that the proposed method can effectively improve the true positive rate and reduce the false positive rate in terms of detection compared with the feature vector directly composed by words.

Key words: N-Gram, Feature vector, Neural network, SQL injection

CLC Number: 

  • TP309
[1]LI H L,ZOU J X.Research of SQL Injection Detection Based on SVM and Text Feature Extraction[J].Netinfo Security,2017,17(12):40-46.(in Chinese)
李红灵,邹建鑫.基于SVM和文本特征向量提取的SQL注入检测研究[J].信息网络安全,2017,17(12):40-46.
[2]KAMTUO K,SOOMLEK C.Machine Learning for SQL injection prevention on server-side scripting[C]∥Computer Science and Engineering Conference.IEEE,2017:1-6.
[3]WU S H,CHENG S B,HU Y.Web Attack Detection Method Based on Support Vector Machines[J].Computer Science,2015,42(S1):362-364.(in Chinese)
吴少华,程书宝,胡勇.基于SVM的Web攻击检测技术[J].计算机科学,2015,42(S1):362-364.
[4]SHEYKHKANLOO N M.A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks[C]∥International Conference on Information Systems Security(ICISS 2014).2015:16-41.
[5]CHOI J H,CHOI C,KO B K,et al.Detection of cross site scripting attack in wireless networks using n-Gram and SVM[J].Mobile Information Systems,2012,8(3):275-286.
[6]CHEN Z,GUO M.Research on SQL injection detection techno- logy based on SVM[C]∥MATEC Web of Conferences.EDP Scie-nces,2018:01004.
[7]KAR D,SAHOO A K,AGARWAL K,et al.Learning to detect SQLIA using node centrality with feature selection[C]∥International Conference on Computing,Analytics and Security Trends.IEEE,2017:18-23.
[8]KAR D,PANIGRAHI S,SUNDARARAJAN S.SQLiGoT:Detecting SQL injection attacks using graph of tokens and SVM[J].Computers & Security,2016,60:206-225.
[9]PRIYAA B D,DEVI M I.Hybrid SQL injection detection system[C]∥International Conference on Advanced Computing and Communication Systems.IEEE,2016:1-5.
[10]KIM M Y,DONG H L.Data-mining based SQL injection attack detection using internal query trees[J].Expert Systems with Applications,2014,41(11):5416-5430.
[11]CHOI J,KIM H,CHANG C,et al.Efficient Malicious Code Detection Using N-Gram Analysis and SVM[C]∥International Conference on Network-Based Information Systems.IEEE Computer Society,2011:618-621.
[12]YANG Y,JIANG G P.Improved Method of Computer Virus Signature Automatic Extraction Based on N-Gram[J].Compu-ter Science,2017,44(S2):338-341.(in Chinese)
杨燕,蒋国平.基于N-Gram的计算机病毒特征码自动提取的改进方法[J].计算机科学,2017,44(S2):338-341.
[13]SHI C C,ZHANG T,YU Y,et al.New Approach for SQL-injection Detection[J].Computer Science,2012,39(S1):60-64.(in Chinese)
石聪聪,张涛,余勇,等.一种新的SQL注入防护方法的研究与实现[J].计算机科学,2012,39(S1):60-64.
[14]APPIAH B,OPOKU-MENSAH E,QIN Z.SQL injection attack detection using fingerprints and pattern matching technique[C]∥2017 8th IEEE International Conference on Software Enginee-ring and Service Science (ICSESS).IEEE,2017:583-587.
[15]TIAN Y J,ZHAO Z M,WANG L J,et al.Research on Double Layer Defense Model for SQL Injection Attack Based on Classification[J].Netinfo Security,2015(6):1-6.(in Chinese)
田玉杰,赵泽茂,王丽君,等.基于分类的SQL注入攻击双层防御模型研究[J].信息网络安全,2015(6):1-6.
[16]DOGBE E,MILLHAM R,SINGH P.A combined approach to prevent SQL Injection Attacks[C]∥Science and Information Conference.IEEE,2013:406-410.
[17]RAIKAR D D,KULKARNI S,DANDANNAVAR P.Preven- ting SQL Injection Attacks Using Combinatorial Approach[J].International Journal of Advanced Research in Computer Engineering & Technology,2012,1(8):46-52.
[18]ZHOU J L,WANG X F,YU S S,et al.A New Policy to Defend against SQL Injection Attacks[J].Computer Science,2006,33(11):64-68.(in Chinese)
周敬利,王晓锋,余胜生,等.一种新的反SQL注入策略的研究与实现[J].计算机科学,2006,33(11):64-68.
[19]闻新.应用MATLAB实现神经网络[M].北京:国防工业出版社,2015.
[1] ZHOU Fang-quan, CHENG Wei-qing. Sequence Recommendation Based on Global Enhanced Graph Neural Network [J]. Computer Science, 2022, 49(9): 55-63.
[2] ZHOU Le-yuan, ZHANG Jian-hua, YUAN Tian-tian, CHEN Sheng-yong. Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion [J]. Computer Science, 2022, 49(9): 155-161.
[3] NING Han-yang, MA Miao, YANG Bo, LIU Shi-chang. Research Progress and Analysis on Intelligent Cryptology [J]. Computer Science, 2022, 49(9): 288-296.
[4] WANG Run-an, ZOU Zhao-nian. Query Performance Prediction Based on Physical Operation-level Models [J]. Computer Science, 2022, 49(8): 49-55.
[5] CHEN Yong-quan, JIANG Ying. Analysis Method of APP User Behavior Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(8): 78-85.
[6] ZHU Cheng-zhang, HUANG Jia-er, XIAO Ya-long, WANG Han, ZOU Bei-ji. Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism [J]. Computer Science, 2022, 49(8): 113-119.
[7] YAN Jia-dan, JIA Cai-yan. Text Classification Method Based on Information Fusion of Dual-graph Neural Network [J]. Computer Science, 2022, 49(8): 230-236.
[8] HAO Zhi-rong, CHEN Long, HUANG Jia-cheng. Class Discriminative Universal Adversarial Attack for Text Classification [J]. Computer Science, 2022, 49(8): 323-329.
[9] PENG Shuang, WU Jiang-jiang, CHEN Hao, DU Chun, LI Jun. Satellite Onboard Observation Task Planning Based on Attention Neural Network [J]. Computer Science, 2022, 49(7): 242-247.
[10] ZHAO Dong-mei, WU Ya-xing, ZHANG Hong-bin. Network Security Situation Prediction Based on IPSO-BiLSTM [J]. Computer Science, 2022, 49(7): 357-362.
[11] QI Xiu-xiu, WANG Jia-hao, LI Wen-xiong, ZHOU Fan. Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning [J]. Computer Science, 2022, 49(7): 18-24.
[12] YANG Bing-xin, GUO Yan-rong, HAO Shi-jie, Hong Ri-chang. Application of Graph Neural Network Based on Data Augmentation and Model Ensemble in Depression Recognition [J]. Computer Science, 2022, 49(7): 57-63.
[13] ZHANG Ying-tao, ZHANG Jie, ZHANG Rui, ZHANG Wen-qiang. Photorealistic Style Transfer Guided by Global Information [J]. Computer Science, 2022, 49(7): 100-105.
[14] DAI Zhao-xia, LI Jin-xin, ZHANG Xiang-dong, XU Xu, MEI Lin, ZHANG Liang. Super-resolution Reconstruction of MRI Based on DNGAN [J]. Computer Science, 2022, 49(7): 113-119.
[15] LIU Yue-hong, NIU Shao-hua, SHEN Xian-hao. Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(7): 127-131.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.