Reasarch On SQL Injection Attack Detection Based On TF-IDF And BiGRU Neural Network

With the rapid development of Internet technology,Web applications have gradually become a very important part of the daily life of Internet users.Because web applications are attacked by attackers,users are exposed to web application services,while also facing the risk of personal privacy information leaking and property damage.Among them,the Structured Query Language Injection Attack is the most common in Web security,and it is also one of the most harmful attacks on users.Therefore,how to accurately and effectively detect SQL injection attacks is an important prerequisite for the development of Web applications,and an important topic in the field of Web security research.At present,the main detection schemes for SQL injection attacks include user input filtering,parse tree analysis,instruction set randomization,and parameter query.However,these solutions have problems such as large changes to the source code of the Web application,long development cycle,and high deployment difficulty.In view of the above problems,this thesis conducts an in-depth study on SQL injection attacks,and proposes a SQL injection detection method that works in the HTTP application layer without modifying the background application.The method detection the input SQL statements into two categories:normal SQL statements and SQL injection attack statements.In this way,it is judged whether the user input has a SQL injection attack.The main research work and results are as follows:First,aiming at the insufficiency of the relationship between the position and importance of feature words in SQL statements for the Term Frequency-Inverse Document Frequency(TF-IDF)algorithm,a SQL injection attack detection method based on improved TF-IDF algorithm is proposed..The improvement scheme modifies the TF-IDF by increasing the position weight of the feature words.The positional relationship of the feature words is embodied by the abstract syntax tree of the SQL statement.And after using the improved TF-IDF algorithm to calculate the weight of the feature words in the SQL statement,the descending order is sorted,and the first K feature words satisfying the task requirements are extracted to achieve the purpose of dimension reduction of the feature space to avoid the occurrence of dimensional disaster.Among them,in the word segmentation processing of SQL statements,the sensitive symbols that are easy to appear in SQL injection attacks are retained,which further ensures the completeness of SQL injection attack detection feature word selection.Compared with other methods,the results show that the accuracy,recall rate and F1 score of the SQL injection attack detection method based on the improved TF-IDF algorithm are improved by more than 10%.Second,a SQL injection attack detection method based on AT-BiGRU-AdaBoost model is proposed.The method uses a Bidirectional Gated Recurrent Unit(BiGRU)neural network model to extract features.In addition,while BiGRU extracts the features of SQL statements,it adds Attention mechanism to enhance the understanding of SQL statements,enhances the weight of important parts,reduces the weight of non-important parts,and solves the noise interference problem.And for Softmax as a problem of insufficient generalization ability of BiGRU neural network classifier,AdaBoost is used for training prediction after BiGRU neural network extracts features.AdaBoost's base classifier has the advantages of low variance and high deviation,which makes the integrated model more stable,and to some extent compensates for the lack of generalization ability of Softmax as a BiGRU neural network classifier.Finally,experiments show that in the SQL injection attack detection,the AT-BiGRU-AdaBoost model has increased by more than 1.2%in the accuracy and F1 scores of the dataset compared to the BiGRU model.