Visible to the public Biblio

Filters: Author is Peng, Jiayi  [Clear All Filters]
2019-02-25
Fang, Yong, Peng, Jiayi, Liu, Liang, Huang, Cheng.  2018.  WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :170–174.

The Structured Query Language Injection Attack (SQLIA) is one of the most serious and popular threats of web applications. The results of SQLIA include the data loss or complete host takeover. Detection of SQLIA is always an intractable challenge because of the heterogeneity of the attack payloads. In this paper, a novel method to detect SQLIA based on word vector of SQL tokens and LSTM neural networks is described. In the proposed method, SQL query strings were firstly syntactically analyzed into tokens, and then likelihood ratio test is used to build the word vector of SQL tokens, ultimately, an LSTM model is trained with sequences of token word vectors. We developed a tool named WOVSQLI, which implements the proposed technique, and it was evaluated with a dataset from several sources. The results of experiments demonstrate that WOVSQLI can effectively identify SQLIA.