The Research On SQL Injection Detection Technology Based On Naive Bayes And LSTM Recurrent Neural Network

In the era of Web2.0,Web applications have infiltrated every netizen's life,but its accompanying security problems are also increasing.If Web applications create security holes,they will directly threaten the user's privacy data,property security,etc.Important aspects.Among the many Web security vulnerabilities,SQL Injection(Structured Query Language Injection)vulnerabilities are one of the most popular attack methods for attackers,and they are also one of the most threatening vulnerabilities.Therefore,how to detect SQL injection attacks in real time and accurately has very important significance for the research and development of Web security.To address this issue,this paper is based on the Naive Bayes classification model in machine learning and the Long Short-Term Memory-Recurrent Neural Network(LSTM-RNN)model.SQL injection is detected and classified.The classification results are classified into SQL injection and Non-SQL injection categories.The main work of this article is as follows:The basic method of machine learning is studied,the process of preprocessing and lexical analysis of input samples is improved,and a denoising method based on feature vector length is proposed.For character sequences that the user may input,the special character separation method is combined with the space separation method to extract features,and the extracted features are atomized in the tokenization process so that the smallest character unit also has a specific meaning.Token.After feature extraction and lexical analysis,feature vectors of specific Tokens are generated,and the samples whose feature vector length is smaller than the denoising threshold are filtered out.Then Naive Bayes model is used for machine learning training to evaluate and classify them.The experimental results show that the improved detection scheme has good classification effect when the data set is pre-specified with sample classes,and can effectively detect SQL injection.Based on the Kerras framework and TensorFlow,a SQL injection detection scheme based on LSTM-RNN model is proposed.In the preprocessing phase,a word vector model is generated for a given data set sample through Word2vec.In the training phase,the LSTM-RNN classifier is trained by using the generated word vector model and LSTM-RNN as input;during the test phase,the The word vector model and the LSTM-RNN classifier are used as input,and the classification result of the test sample is obtained through the Softmax classifier.Finally,the stability and high accuracy of the model detection are proved by experiments.