Study On SQL Injection Detection Based On N-Gram

With the rapid development of the Internet,Web security has become more and more important.The injection class vulnerabilities rank first among the top 10 Web security vulnerabilities published by OWASP(Open Web Application Security Project).SQL injection attacks are the main security threats faced by the Web at present.SQL injection uses Web applications to transfer malicious SQL injection statements to the background database,so that they cannot execute the SQL statements according to the designer's intention.Adding a defense system to detect and intercept SQL injection attacks in Web applications is an important guarantee for Web security.Although many kinds of SQL injection detection methods have been proposed at home and abroad,most of them only consider the detection of SQL injection attacks under individual conditions,and can not detect many kinds of SQL injection attacks.Therefore,in view of the characteristics of high concealment,various types of SQL injection and difficult prevention of common network firewalls,this study will propose a detection method of SQL injection based on N-Gram.The main work is as follows:1.A feature extraction scheme based on N-Gram is proposed.Considering that the N-Gram model in natural language processing assumes that the probability of a word's occurrence is only related to the N-1 word in front of the word,the continuous N words in the SQL statement are regarded as a whole for feature extraction,so that the feature subsequence originally composed of a single word can be changed into a number of words.Then,according to the frequency of occurrence and information gain,some feature subsequences which have the greatest impact on classification are selected from all feature subsequences.According to these feature subsequences,the SQL statements are transformed into feature vectors with fixed dimensions.2.A feature extraction scheme based on abstract grammar tree is proposed.While extracting N-Gram features from SQL statements,the statement is transformed into an abstract grammar tree,and then all sub-trees with depth of 2 of the tree are used as feature subsequences.Finally,these feature subsequences are selected together with N-Gram feature subsequences to determine feature vectors.3.Based on Chi-square test and neural network,a scheme of SQL injection detection is proposed.On the basis of converting the SQL statements in corpus into eigenvectors in the first two parts,firstly,the average eigenvectors of secure SQL statements are calculated,and then the threshold of the distance between each SQL statement and the average eigenvector is calculated.Then,the security of the SQL statements to be tested is judged by comparing the distance and threshold between the SQL statements to be tested and the average eigenvector.In addition,this paper proposes a method to improve the distance by changing the weights of different feature subsequences based on the order of feature subsequences and information gain,and to change the original distance calculation formula.Finally,the above two improved distances and the original chi-square distances are taken as input by BP neural network,and the distance from the average eigenvector of the secure SQL statement is taken as output,and the three distances are combined into one.The experimental results show that the proposed method can effectively improve the true positive rate and reduce the false positive rate in terms of detection compared with the feature vector directly composed by words.