Research On SQL Injection Attack Detection Method

Posted on:2019-08-04

Degree:Master

Type:Thesis

Country:China

Candidate:Z L Xiao

Full Text:PDF

GTID:2428330563953722

Subject:Computer system architecture

Abstract/Summary:

PDF Full Text Request

Nowadays the Internet is closely related to our daily life.We are enjoying the quality of service the provided by Internet at the same time,but also suffering from the multifarious threat of network security.Among the many threats,SQL Injection attacks are ranked in the first place.Now,the existing SQL Injection detection solutions are Static Analysis,Parameterized Query,Dynamic Analysis,Parameter Filtering,Intrusion Detection System and so on.Nevertheless,these methods have a little bit defects.In order to further improve the ability of SQL Injection attack detection.This paper studies the SQL Injection attack detection problem,briefly summarizes the current research status of this problem and analyzes the principle,types and methods of SQL Injection.From the three aspects of SQL Injection behavior and SQL sentence characteristics and running characteristics,we carry out research on SQL Injection attack detection.Finally,we propose two different methods to detect SQL Injection attacks.(1)Proposing a SQL Injection attack detection method based on user behavior analysis: Studying the behavior of normal user and SQL Injection attacker,and analysing the status of Web applications under normal conditions or under different attacks,we extract the behavioral characteristics that can identify SQL Injection attacks and transform them into feature vectors.We build a model to detect SQL Injection attacks by clustering analysis method and algorithm.(2)Proposing a SQL Injection attack detection method based on DNN: We build a URL-SQL mapping model and analyse the sentence and the response of the executed SQL statements.We obtain the ability to identify the SQL statement authigenic structure and the running result feature through reasonable feature selection and eigenvector synthesis.Finally,building a reasonable detection model to detect SQL Injection by DNN(deep neural network)Experiments show that the proposed two methods can effectively detect SQL Injection attacks,and there is further research value in the future.

Keywords/Search Tags:

SQL Injection, Behavior Analysis, Response Analysis, Machine Learning, Feature Selection

PDF Full Text Request

Related items

1	Research On SQL Injection Detection Technology Based On Machine Learning
2	Research On Human Fall Behavior Analysis Technologies Based On Machine Learning
3	Research And Application Of Hybrid Learning Behavior Analysis And Learning Early Warning Algorith
4	Research On Response Methods Of The LDoS Attack Based On Sequence Feature Analysis In The SDN
5	Multi-Label Feature Selection Method Based On Correlation Analysis
6	Research On The Static Analysis Of Android Software Malicious Behavior
7	Research On SQL Injection Load Detection Based On Machine Learning
8	A Study On Feature Selection Algorithms Using Information Entropy
9	Research On Machine-learning-Based Imaging Genetics Analysis And Their Applications
10	Practical Decision Tree Implementation Of Machine Learning Techniques For Social Media Analysis