Detecting SQL Injection Attacks based on Text Analysis
- DOI
- 10.2991/iccia-19.2019.14How to use a DOI?
- Keywords
- SQL; Skip-gram model; SQL injection; Word2vec.
- Abstract
SQL injection attacks have been a major security threat to web applications for many years. Detection of SQL injection attacks has been a great challenge to researchers due to its diversity and complexity. In this paper, we present a novel approach to detect SQL injection attacks based on text analysis. We utilize query tokenization to express information of each SQL query, then we use Skip-gram model in Word2vec to generate word embedding expressing eigenvectors for each query, and finally we train an SVM classifier with eigenvectors to identify malicious queries. Experimental results confirm the effectiveness of our approach to all types of SQL injection attacks, especially tautological attacks, with good accuracy and negligible performance overhead. The approach does not require access to the source code, moreover, it can be easily implemented on other platforms with minimal changes.
- Copyright
- © 2019, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Lu Yu AU - Senlin Luo AU - Limin Pan PY - 2019/07 DA - 2019/07 TI - Detecting SQL Injection Attacks based on Text Analysis BT - Proceedings of the 3rd International Conference on Computer Engineering, Information Science & Application Technology (ICCIA 2019) PB - Atlantis Press SP - 95 EP - 101 SN - 2352-538X UR - https://doi.org/10.2991/iccia-19.2019.14 DO - 10.2991/iccia-19.2019.14 ID - Yu2019/07 ER -