Research On SQL Injection Attack Detection Based On TF-IDF And LD Algorithms

As a web application attack method,SQL injection is widely distributed,has low operating threshold and is difficult to be detected,which seriously threatens network security and leads to security risks in a large number of websites.SQL injection attacks and general web systems are implemented through the HTTP protocol.There is no significant difference between the intrusion application and the normal application.The general firewall will not intercept it.Usually,after the SQL injection attack occurs,the network traffic will not change significantly,so it has good concealment.Therefore,how to detect and filter SQL injection attacks has become the focus and difficulty in current network security work.In this thesis,the key technologies of SQL injection attack detection and filtering are studied in depth.The main work and innovations are as follows :1.In the SQL injection attack statement data set,when the number of sensitive words and non-sensitive words is similar,the SQL injection attack detection method based on the traditional TF-IDF algorithm has a high false alarm rate.This thesis will propose a detection method based on improved TF-IDF algorithm.By analyzing and comparing a large number of attack statements and normal SQL statements,summarizing the features and vectorizing the text of normal SQL statements,adding quantitative parameters related to keywords in TF-IDF algorithm,and using machine learning algorithm to train the detection model.Firstly,the improved TF-IDF algorithm is used in data preprocessing.Then,SVM,KNN and DT machine learning algorithms are used in the training model stage to test the accuracy of SQL injection attack detection.Finally,different classifiers are tested and compared.The results prove that the improved TF-IDF algorithm combined with SVM has the highest accuracy rate of 99.07%,which is 1% higher than the other two algorithms.Using keyword filtering technology combined with sequence alignment technology,this thesis provides a SQL injection attack filtering method using LD algorithm.Firstly,blacklist technology is used to filter illegal users from the perspective of IP,thus reducing the scale of traffic that needs to be filtered.Then the keyword detection is carried out on the website user entrance : if the keyword is not included,the LD algorithm based on sequence comparison is used to filter the illegal entrance;if it contains keywords,it will enter the blacklist according to the user ’s application method or use the LD algorithm to filter.This method can solve the problem of false positives of normal applications by traditional keyword-based filtering methods.The test results also show that compared with the traditional keyword filtering method and the rule-based filtering method,the method proposed in this paper can efficiently filter SQL injection attacks,and the false positive filtering is reduced by 3% compared with the other two methods.