WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM
| Title | WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Fang, Yong, Peng, Jiayi, Liu, Liang, Huang, Cheng |
| Conference Name | Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6361-7 |
| Keywords | Human Behavior, LSTM networks, Metrics, policy-based-governance, privacy, pubcrawl, Resiliency, SQL Injection, SQL injection detection, SQL token word vector, threat vectors |
| Abstract | The Structured Query Language Injection Attack (SQLIA) is one of the most serious and popular threats of web applications. The results of SQLIA include the data loss or complete host takeover. Detection of SQLIA is always an intractable challenge because of the heterogeneity of the attack payloads. In this paper, a novel method to detect SQLIA based on word vector of SQL tokens and LSTM neural networks is described. In the proposed method, SQL query strings were firstly syntactically analyzed into tokens, and then likelihood ratio test is used to build the word vector of SQL tokens, ultimately, an LSTM model is trained with sequences of token word vectors. We developed a tool named WOVSQLI, which implements the proposed technique, and it was evaluated with a dataset from several sources. The results of experiments demonstrate that WOVSQLI can effectively identify SQLIA. |
| URL | http://doi.acm.org/10.1145/3199478.3199503 |
| DOI | 10.1145/3199478.3199503 |
| Citation Key | fang_wovsqli:_2018 |