Research And Implementation Of Intelligent Generation Technology For SQL Injection Samples

As the Internet plays an increasingly important role in people's life and Web applications become more and more complex and diverse,Web system vulnerabilities emerge one after another and Web security issues become increasingly prominent.After a statistical classification of the types of Web application attacks,it is found that SQL injection attack is one of the most commonly used Web attacks by hackers.With the maturity of machine learning technology,it has become a new IDS solution to detect and prevent SQL injection attacks by using machine learning.This thesis studies the SQL injection sample sets generation problems,puts forward the generated sample sets of related algorithms,aims to solve the problem of SQL injection sample sets collection difficulty,the paper's main work is as follows:(1)A solution to generate SQL injection sample set based on algorithm is proposed.First,according to the different types of SQL injection attacks,four corresponding SQL injection attack statements are constructed,and then the SQL injection attack sample sets(negative sample sets)is generated.Then,the design algorithm generates a normal sample sets(positive sample sets)without aggression.Finally,the positive and negative sample sets were scrambled and mixed to form the SQL injection sample sets.(2)An experimental platform was set up and experiments were designed to verify the effectiveness of SQL injection samples.Firstly,several core samples are selected from positive and negative sample sets as verification samples.Then,the verified samples were injected into the experimental platform to verify that negative samples could effectively inject into the platform while positive samples could not.Finally,the sample generation algorithm is improved and the sample quality is improved according to the injection effect of verified samples.(3)The detection model based on the sample sets of SQL injection of wavelet neural network is designed.First,the sample was labeled good or bad based on whether it was aggressive.Secondly,18 sample extraction keywords are designed to characterize the SQL injection sample sets according to the keywords and convert the samples into binary vectors that can be recognized by the machine.Then,5000 sample vectors were extracted for model training and learning,and another 126 sample vectors were extracted for model testing.Finally,samples are tested after model training and learning,and the availability of the sample sets is analyzed according to the prediction results of the model.