Deep Learning Based SQL Injection Attack Detection

Deep Learning Based SQL Injection Attack Detection

연구 분야: Databases

학회: International Artificial Intelligence Conference

The malicious behavior of SQL injection attack is one of the major threats to database-containing web applications, which has been widely concerned by Internet users and developers. SQL injection attack is an attacker implanting malicious SQL statements into legitimate user inputs, which leaks or tampers with the information of the database system, thus leading to serious security problems. To solve the above security problems, this paper carries out research on SQL injection attack detection technology based on deep learning, and designs and implements an attack detection tool, which provides an efficient means of security protection and helps to improve the security of database management systems. In this paper, URL text is transformed into computer-recognizable vectors by decoding the URL samples, feature vectorization and other operations. Based on this, the vectors are trained using four neural networks, MLP, LSTM, CNN and TextCNN. The experimental results show that the models using BertMLP and BertCNNs algorithms achieve 98.92% and 99.38% accuracy on the test set, respectively. The analysis of the experimental results shows that the accuracy rate obtained by training the classifiers using deep learning is 5% higher than that obtained using traditional machine learning, where the model using the BertMLP algorithm has fewer false positives and the model using the BertCNN algorithm has a higher overall performance.