| Title | A CNN-Based Approach to the Detection of SQL Injection Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Luo, Ao, Huang, Wei, Fan, Wenqing |
| Conference Name | 2019 IEEE/ACIS 18th International Conference on Computer and Information Science (ICIS) |
| Date Published | jun |
| Keywords | CNN, Collaboration, Human Behavior, Metrics, ModSecurity, policy-based governance, privacy, pubcrawl, resilience, Resiliency, SQL detection, SQL Injection |
| Abstract | SQL injection has always been a major threat in the field of web application security. Traditional methods such as the rule-matching-based SQL injection detection solutions, which are inefficient to cope with the ever-changing SQL injection techniques and there is always a risk of bypassing variants. In this paper, we extract SQL injection attack related payloads from network flow and propose a SQL injection detection model based on Convolutional Neural Network (CNN), which can take the advantages of high-dimensional features of SQL injection behavior to deal with this issue. The proposed approach was tested in a real-traffic case study along with ModSecurity, which is the representative rule-matching-based method. The experimental results show that the CNN based model has higher accuracy, precision and recall rate, which validate its detection effectiveness and robustness against obfuscation of attacks. |
| DOI | 10.1109/ICIS46139.2019.8940196 |
| Citation Key | luo_cnn-based_2019 |
A CNN-Based Approach to the Detection of SQL Injection Attacks