Detecting SQL Injection and XSS Attacks Using ASCII Code and CNN

Detecting SQL Injection and XSS Attacks Using ASCII Code and CNN

연구 분야: Databases

학회: International Conference on Network Simulation and Evaluation

Nowadays, SQL injection attacks and XSS attacks are the two most popular attacks. Because of the shortcomings of traditional detection methods, this study proposes to use the ASCII code corresponding to the character as the feature vector, and then adopt the convolutional neural network (CNN) to detect SQL injection and XSS attacks. In the experiments, the evaluation indicators are accuracy, recall, and F1 score. On the SQL and XSS datasets, the accuracy of the method achieves 98.5% and 98.0%, the recall achieves 98.3% and 97.7%, and the F1 achieves 98.5% and 97.9%, respectively. Considering that the attack data in real life is difficult to obtain, we extracted small-scale samples and verified the effectiveness of our method on small-scale samples. Meanwhile, we compared our method with three machine learning methods. Experimental results show that the accuracy, recall and F1 values of our method are better than other methods. This method does not require manual extraction of data features and can detect new types of attacks.