Research On SQL Injection Detection Model Based On G-test

The uninterrupted development of calculating machine and network technology has brought great convenience to people’s life.Meanwhile,people’s life is more dependent on them.A variety of web applications are representatives of bringing benefits to people,improving the efficiency of all walks of life in different ways.At the same time,a variety of assets and privacy appear on the network in the way of information.As a result,network attacks get more attack possibilities and benefits.Various attack means begin to appear.Network attacks gradually become "black production" and attack defense confrontation becomes increasingly fierce.SQL injection attack is a destructive attack.Without any defense measures deployed,the consequences of SQL injection vulnerability in web system are unimaginable.There are many efficient defense methods against SQL injection attacks,such as strict execution of security development process,pre compilation of SQL statements,etc.,but the premise of success of these methods is to realize the destructiveness of SQL injection in the development stage and deploy protection in time,but this is usually difficult to achieve,because the old system is difficult to modify,and the new system often needs efficient development efficiency,security cannot be the primary goal.Therefore,the model designed in this thesis is a compromise scheme,which not only does not need to modify the source code of the system,nor affect the online efficiency of the new system,but also resists the harm of SQL injection attack for the web system.This thesis proposes a SQL injection detection model based on G-test,which detects the web application request data by filtering,cyclic encoding and decoding,URL query parameter stripping,SQL statement analysis,token sequence analysis,feature selection,attack prediction and effect evaluation,and outputs the prediction results.It can be deployed in the form of an independent module before web application,working in the application layer of the network,analyzing the URL in HTTP request,generating a prediction classifier through integrated learning algorithm,so as to determine whether there is SQL injection attack in a request.The generation of model classifiers uses and compares two machine learning algorithms,namely,sequential integrated learning algorithm gbdt and parallel integrated learning algorithm random forest.This thesis selects about 100000 HTTP traffic data from ghdb and Git Hub as the empirical data set,evaluates the prediction effect of the model with the average response time,AUC value,F1 value,accuracy rate,accuracy rate and recall rate as the evaluation indexes,and compares it with other SQL injection detection models.Experiments show that this model has high response efficiency and does not affect the performance and user experience of web system when only web application request is used as data input.At the same time,the classifiers generated by gbdt and random forest machine learning algorithm have high prediction accuracy.The classifiers generated by random forest algorithm have better response time and performance evaluation index Performance.Compared with other similar SQL injection detection models,the model designed in this thesis also has better evaluation value.The innovation and contribution of this thesis are as follows: firstly,the detection model designed in this thesis is a real-time defense model,which can protect the system that has been put into use.The model uses the URL in HTTP traffic as input,does not need to add any expansion in the web system,and the average response time is very short,which will not affect the normal use of the web system.Secondly,in the detection model designed in this thesis,the cyclic encoding and decoding module and URL query parameter stripping module are added to realize the parsing of attack statements.Advanced SQL injection attacks usually use a variety of encoding or encryption to realize the confusion of attack codes,so it is very important to "decrypt" the "encrypted" payload.Finally,the detection model designed in this thesis uses SQL statement analysis to analyze the attack statement into token sequence,and carries out word segmentation and data mining for token sequence.It uses G-test statistics as one of the features of machine learning classifier training,and finds that this feature has high correlation,and the final attack prediction classifier also has high evaluation index.