Title | Detecting SQL Injection Attacks Using Grammar Pattern Recognition and Access Behavior Mining |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Gao, Hongcan, Zhu, Jingwen, Liu, Lei, Xu, Jing, Wu, Yanfeng, Liu, Ao |
Conference Name | 2019 IEEE International Conference on Energy Internet (ICEI) |
Keywords | access behavior mining, ATTAR, Clustering algorithms, Collaboration, data mining, Databases, feature extraction, Grammar, grammar pattern recognition, grammars, Human Behavior, Internet, learning (artificial intelligence), machine learning, machine learning algorithm, machine learning algorithms, Metrics, Pattern recognition, policy-based governance, privacy, pubcrawl, resilience, Resiliency, security, security of data, security risks, SQL, SQL detection, SQL Injection, SQL injection attack, SQL Injection attacks, Support vector machines, Web access log, Web access logs, Web applications |
Abstract | SQL injection attacks are a kind of the greatest security risks on Web applications. Much research has been done to detect SQL injection attacks by rule matching and syntax tree. However, due to the complexity and variety of SQL injection vulnerabilities, these approaches fail to detect unknown and variable SQL injection attacks. In this paper, we propose a model, ATTAR, to detect SQL injection attacks using grammar pattern recognition and access behavior mining. The most important idea of our model is to extract and analyze features of SQL injection attacks in Web access logs. To achieve this goal, we first extract and customize Web access log fields from Web applications. Then we design a grammar pattern recognizer and an access behavior miner to obtain the grammatical and behavioral features of SQL injection attacks, respectively. Finally, based on two feature sets, machine learning algorithms, e.g., Naive Bayesian, SVM, ID3, Random Forest, and K-means, are used to train and detect our model. We evaluated our model on these two feature sets, and the results show that the proposed model can effectively detect SQL injection attacks with lower false negative rate and false positive rate. In addition, comparing the accuracy of our model based on different algorithms, ID3 and Random Forest have a better ability to detect various kinds of SQL injection attacks. |
DOI | 10.1109/ICEI.2019.00093 |
Citation Key | gao_detecting_2019 |