Research On SQL Injection Load Detection Based On Machine Learning

Cyber security is an important topic in today’s society,as we live more and more dependent on the Internet.In today’s information society,the Internet has become an essential tool in people’s lives and work.Among the several vulnerabilities that threaten network security,SQL injection attack has become one of the important threats to network security due to its high hazard and ease of exploitation.In this paper,based on the research of SQL injection attack,the following innovations are proposed and completed as follows:1.this paper proposes a feature extraction algorithm based on the unique load structure of SQL injection attacks,and names it FRM algorithm,this work is an innovation of this paper.the FRM algorithm is a method implemented by analyzing common load deformation and encryption methods,and six features are analyzed based on the overall form of the load,and the method is compared with the BOW algorithm in natural language processing and previous algorithms for The method is compared with the BOW algorithm for natural language processing and previous algorithms for SQL injection extraction.The experiments show that the method extracts fewer features than previous methods and performs better in a variety of machine learning models.2.Using the FRM algorithm combined with deep learning related techniques,this paper proposes a detection model based on a bidirectional long and short term memory neural network,FAB-LSTM,and introduces an attention mechanism to allow the model to show attention to certain parts and ignore unimportant parts when processing sequence data,so as to improve the detection accuracy and convergence speed of the model during training.The accuracy of FAB-LSTM can reach 99.720%,which is better than that of BiLISTM and BILSTM with self-attentive mechanism.3.In addition to the above two main innovations,the following work is also accomplished.This paper also collects traffic data from multiple perspectives such as backup files,log files and middleware located in the internal network and external network respectively,extracts information payloads from them and uses several SQL attack payload data generators to generate the latest SQL injection attack payloads.Secondly,this paper writes a decoding procedure to make the payloads more clearly characterised according to the common encoding methods of front and back-end transmission species.Finally,this paper designs a detection software that can be used for model updating as well as detection.