Research On SQL Attack Detection Technology Based On Machine Learning

SQL injection is a kind of attack method that is widely used on the internet,which is very difficult to defend.In the field of information security,SQL injection is regarded as a kind of attack mode which threatens the network security greatly because of its wide application range,low operation threshold and great loss.There are many defense methods against SQL injection attacks,but with the development of SQL injection attacks and the gradual growth of network scale,the existing SQL injection detection technology has been unable to meet the defense requirements.With the gradual maturity of machine learning related algorithms,machine learning methods have been applied to many fields,and some people have applied machine learning methods to SQL injection detection,but it has not become the mainstream detection methods.Nowadays,most of the detection methods of commercial SQL injection attacks are based on rule firewall technology to detect SQL injection.In this paper,we propose an SQL injection attack detection method based on machine learning,The purpose is to detect the SQL injection attack more accurately and extensively.In the preparation stage of sample data,three methods are used to collect sample data sets.Firstly,we use the SQLMAP interface,a scanning module,scanned some specific websites and captured data,which obtained about 7000 samples.Secondly,through researching and analyzing the attacking characteristics and classification basis of SQL injection,the attack model of SQL injection is established.Firstly,using the interface of SQLMAP,the scanning module is compiled to scan specific websites and capture data to obtain about 7000 samples.Secondly,by researching and analyzing the attacking characteristics and classification basis of SQL injection,we established a model of SQL injection attack.Based on this model,SQL injection attack is formally described,and then SQL attack statements are instantiated.By scanning target specific websites legitimately,using software to capture the attacking data of SQL injection,we collected about 8000 samples.Finally,the existing sample datasets of SQL injection attacks are collected manually on the Internet.In addition,5000 non-SQL injection samples were prepared and added to the sample set.After data preparation,we chose four different machine learning models to build classifiers: support vector machine,long-term and short-term memory network,convolutional neural network and K-nearest neighbor algorithm.By training four classifiers of machine learning algorithms,we tested four classifiers of SQL injection attack detection.By the test,we found that convolutional neural network algorithm has great advantages both in training efficiency and classification accuracy,and it is the most suitable algorithm for detecting and classifying SQL injection attacks.Among all kinds of SQL injection attacks,the time-based injection attack detection accuracy is the highest,while the error-type SQL attack detection accuracy is the lowest.This shows that time-based blind injection is the easiest to distinguish,and error injection is the most difficult to distinguish a class of SQL injection attacks.