Proceedings of the 3rd International Conference on Computer Engineering, Information Science & Application Technology (ICCIA 2019)

Detecting SQL Injection Attacks based on Text Analysis

Authors
Lu Yu, Senlin Luo, Limin Pan
Corresponding Author
Lu Yu
Available Online July 2019.
DOI
10.2991/iccia-19.2019.14How to use a DOI?
Keywords
SQL; Skip-gram model; SQL injection; Word2vec.
Abstract

SQL injection attacks have been a major security threat to web applications for many years. Detection of SQL injection attacks has been a great challenge to researchers due to its diversity and complexity. In this paper, we present a novel approach to detect SQL injection attacks based on text analysis. We utilize query tokenization to express information of each SQL query, then we use Skip-gram model in Word2vec to generate word embedding expressing eigenvectors for each query, and finally we train an SVM classifier with eigenvectors to identify malicious queries. Experimental results confirm the effectiveness of our approach to all types of SQL injection attacks, especially tautological attacks, with good accuracy and negligible performance overhead. The approach does not require access to the source code, moreover, it can be easily implemented on other platforms with minimal changes.

Copyright
© 2019, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 3rd International Conference on Computer Engineering, Information Science & Application Technology (ICCIA 2019)
Series
Advances in Computer Science Research
Publication Date
July 2019
ISBN
10.2991/iccia-19.2019.14
ISSN
2352-538X
DOI
10.2991/iccia-19.2019.14How to use a DOI?
Copyright
© 2019, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Lu Yu
AU  - Senlin Luo
AU  - Limin Pan
PY  - 2019/07
DA  - 2019/07
TI  - Detecting SQL Injection Attacks based on Text Analysis
BT  - Proceedings of the 3rd International Conference on Computer Engineering, Information Science & Application Technology (ICCIA 2019)
PB  - Atlantis Press
SP  - 95
EP  - 101
SN  - 2352-538X
UR  - https://doi.org/10.2991/iccia-19.2019.14
DO  - 10.2991/iccia-19.2019.14
ID  - Yu2019/07
ER  -