| With the development of information technology,people are becoming more and more dependent on network technology,and the security of the network itself is becoming more and more important.For websites,SQL injection attacks have become one of the most serious security threats facing them.This paper mainly studies the detection problem of SQL injection,is designed and implemented a SQL injection detection system based on machine learning,design of the system is mainly for the convenience of introducing different machine learning algorithms to SQL injection detection research.The main research of this article is as follows:(1)Through the study of the characteristics of the SQL injection statements,determine the feature extraction method of system,which based on keyword matching,in order to convert the SQL statement to characteristic vector and feature vector of each represents a keyword match,and select the 16 keywords used to extract features.(2)on the premise of considering the user a variety of needs,designed and implemented based on machine learning to test the SQL injection system,the function of the system are: import SQL data set,add keywords,switching of different machine learning algorithms,using machine learning algorithm to study and modeling of data set,and the use of the established model to determine input SQL statements.In the use of a variety of ways to collect data set,after complete test,the function of the system test results show that the system can be convenient to different machine learning algorithm is introduced into the research of SQL injection,and can increase the keywords,to satisfy the various needs of users.Using the system for different algorithms used in detection of SQL injection attacks were tested,the test results show that the algorithm can use this system provided in the detection of SQL injection has a good effect. |
PDF Full Text Request