Research On SQL Injection Attack Detection Method Based On Attention Mechanism

SQL injection attacks are one of the common methods used by hackers to attack databases and pose a major threat to the security of current Web applications.Although there are many solutions to SQL injection attacks including traditional static and dynamic analysis,most of them are difficult to effectively detect SQL injection attacks with complex and changeable sentences.Feature extraction based on complete requests or manual feature extraction methods are difficult to achieve high detection accuracy.In addition,keywords or features extracted from SQL injection attack statements are the key to the effectiveness of many SQL injection attack detection methods.Therefore,from the perspective of SQL injection attack statements,this article analyzes the difference between attack sentences and normal HTTP requests at each stage of the SQL injection attack process.Based on this,the SQL injection attack detection method is studied.The main contents are summarized as follows:First of all,based on the analysis of the difference between the attack sentence and the normal HTTP request sentence at each stage of the SQL injection attack,this paper proposes a key load interception method based on characteristic word pairs,which can be intercepted from the SQL injection attack sentence Different from the key payload of the normal HTTP request statement,combined with natural language processing technology,intercepted key payload,word2 vec and classification algorithm,a SQL injection attacks detection method based on the key payload interception(SQL injection attacks Detection Method based on the Truncated Key Payloads,SDMTKP),and explored the detection effect of this method on SQL injection attacks initiated by four SQL injection attack tools.The experimental results show that SDMTKP can detect SQL initiated by known and unknown SQL injection attack tools with high accuracy.Inject attack sentences;secondly,in order to further improve the detection efficiency of the detection method,a SQL injection attacks detection method based on selfattention mechanism(SQL injection attacks Detection Method based on Self-Attention Mechanism,SDM-SAM)is proposed.Contains three major modules: request preprocessing,key load interception method,and model training and detection.The self-attention mechanism is used to construct a model based on the self-attention mechanism for training and detection,which injects attack statements for important or difficult to identify SQL.Segments give different network weights,allowing the model to focus on the more important parts of SQL injection attack detection,which can improve the accuracy of SQL injection attack detection.In addition,SDM-SAM has fewer parameters and structures,which is beneficial to improve detection performance.It shows that SDM-SAM can obtain a detection accuracy rate of up to99.89%,and it has better performance on public data sets.