Detection Of SQL Iniection Attacks Based On HTTP Traffic

Rich Web services introduce more attacks based on the HTTP protocol,while greatly facilitating our daily life.SQL injection attack as one of main threats to Web services is the defense focus of intrusion detection system.With the improvement of detection methods,the form of SQL injection attack is constantly upgrading.Attackers use encoding,deformation and other means to bypass the existing detection systems.In the context of complex HTTP requests,how to detect variant SQL injection attacks and locate attack location are urgent problems to be solved.This thesis takes the detection of more forms of SQL injection attacks and quickly locating SQL injection attacks as the research goal,carries out related research,and achieves the following results.1.A SQL injection attack detection framework with low false negative rate is proposed.The framework includes four stages:data collection,data cleaning,feature representation and model construction.The data cleaning stage improves the detection ability of SQL injection attacks in the context of complex traffic by reducing the interference of irrelevant information.The feature representation stage proposes the generation method of lexical features that retain special symbols.The design requirements of the detection model are discussed in the model construction stage.2.A model that can detect variant SQL injection attacks is proposed,namely vSQL-CNN.Based on the detection framework of this thesis,vSQL-CNN improves the expression ability of deformed SQL keywords by extracting the features of characters and words.On the 200,000 traffic data set,vSQL-CNN can effectively detect variant SQL injection attacks with a precison rate of 99.02%and a recall rate of 97.53%.At the same time,the training time of the model is reduced under the condition of variable length inputs.3.An interpretable detection model called Locate-SQL is proposed,which can automatically locate the location of SQL injection attacks in complex traffic to help security experts quickly obtain attack features.Locate-SQL visually displays the important part of the inputs for the prediction results by attention weights.In the actual traffic environment,Locate-SQL can accurately identify the location of SQL injection attacks.