Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Wang, Yaohui; Wang, Dan; Zhao, Wenbing; Liu, Yuan

doi:10.1109/compsac.2015.277

Cited by 13 publications

(5 citation statements)

References 2 publications

(2 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Static detection. Static detection methodologies, such as white-box testing, involve the evaluation of potential SQL injection vulnerabilities via static source code analysis [7] without necessitating program execution. Gould et al developed a code analysis tool, the JDBC Checker [8].…”

Section: Related Studiesmentioning

confidence: 99%

“…In the domain of SQL injection attack detection, the prevalence of imbalanced positive and negative samples renders the use of accuracy as an evaluation metric unreasonable. Therefore, in addition to the detection accuracy (Accuracy), recall (Recall), and precision (Precision), the evaluation indicators used for the detection of SQL injection attack statements also use F1-Score as a comprehensive evaluation standard; its calculation formula is shown in ( 4)- (7). Meanwhile, this paper presents a comparative analysis of the model proposed herein with other existing models.…”

Section: Testing Indexmentioning

confidence: 99%

See 1 more Smart Citation

Deep Learning-Based Detection Technology for SQL Injection Research and Implementation

Sun,

Du,

2023

Applied Sciences

View full text Add to dashboard Cite

Amid the incessant evolution of the Internet, an array of cybersecurity threats has surged at an unprecedented rate. A notable antagonist within this plethora of attacks is the SQL injection assault, a prevalent form of Internet attack that poses a significant threat to web applications. These attacks are characterized by their extensive variety, rapid mutation, covert nature, and the substantial damage they can inflict. Existing SQL injection detection methods, such as static and dynamic detection and command randomization, are principally rule-based and suffer from low accuracy, high false positive (FP) rates, and false negative (FN) rates. Contemporary machine learning research on SQL injection attack (SQLIA) detection primarily focuses on feature extraction. The effectiveness of detection is heavily reliant on the precision of feature extraction, leading to a deficiency in tackling more intricate SQLIA. To address these challenges, we propose a novel SQLIA detection approach harnessing the power of an enhanced TextCNN and LSTM. This method begins by vectorizing the samples in the corpus and then leverages an improved TextCNN to extract local features. It then employs a Bidirectional LSTM (Bi-LSTM) network to decipher the sequence information inherent in the samples. Given LSTM’s modest effectiveness for relatively long sequences, we further integrate an attention mechanism, reducing the distance between any two words in the sequence to one, thereby enhancing the model’s effectiveness. Moreover, pre-trained word vector features acquired via BERT for transfer learning are incorporated into the feature section. Comparative experimental results affirm the superiority of our deep learning-based SQLIA detection approach, as it effectively elevates the SQLIA recognition rate while reducing both FP and FN rates.

show abstract

Section: Related Studiesmentioning

confidence: 99%

Section: Testing Indexmentioning

confidence: 99%

Deep Learning-Based Detection Technology for SQL Injection Research and Implementation

Sun,

Du,

2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Yaohui Wang et.al [16] proposes SQL vulnerability detection which is dependent on injection analysis. This method gives a detailed analysis of a one-time injection in the parts of data flow and program behavior, based on the combination of static and dynamic examination methods.…”

Section: Literature Surveymentioning

confidence: 99%

Web Security Aware by using Naive Baye’s ML Technique

K M*,

Kempanna

2020

IJITEE

View full text Add to dashboard Cite

Web applications support many of our daily activities, but they often have security issues, and their accessibility makes them easy to use. This paper presents an analysis for finding vulnerabilities that directly address weak or absent of input validation. We present the techniques for finding security vulnerabilities in Web applications. We implement our proposed system with a machine learning technique (ML technique) to measure the accuracy and provide an extensive evaluation that finds all vulnerabilities in web applications. SQL injection, Cross-Site Scripting (XSS), HTTP and command inj1ection vulnerabilities are addressed in the proposed system and also Naive Bayes ML technique is used to calculate the accurateness. The experimental result shows the technique is more efficient and accurate.

show abstract

“…Traditional SQL injection detection methods can be divided into static analysis, dynamic analysis and parameter filtering [9]. Static analysis method detects the type error and grammatical error by analyzing the input statements [10]. Santhosh Kumar et al detected SQL injection through the program interface instead of considering the internal characteristics [11].…”

Section: Related Workmentioning

confidence: 99%

A SQL Injection Detection Method Based on Adaptive Deep Forest

Wang

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Injection attack is the first of the top 10 security threats announced by the OWASP. Meanwhile, SQL injection is one of the most important types among the injection attacks. Because of its various types and fast variations, SQL injection can cause great harm to the network, resulting in data leakage and website paralysis. Due to the heterogeneity of attack load, the diversity of attack methods and the variety of attack modes, SQL injection detection is still a challenging problem. How to defense SQL injection attack effectively becomes the focus and frontier of web security nowadays. Therefore, this paper proposes an adaptive deep forest-based method to detect the complex SQL injection attacks. Firstly, the structure of deep forest is optimized in our paper, the input of each layer is concatenated by the raw feature vector and average of previous outputs. Experiments show that our proposed method effectively solves the problem that the original features of deep forests are degraded with the increasing number of layers. Then, we introduce an AdaBoost algorithm based deep forest model which utilizes error rate to update the weights of features on each layer. That is, in the process of training, different features are assigned with different weights based on their influence on the result. Our model can automatically adjust the structure of the tree model and deal with multi-dimensional fine-grained features to avoid over-fitting problem effectively. The experimental results show that the proposed method has a better performance than classical machine learning methods and deep learning methods.INDEX TERMS SQL injection detection, adaptive deep forest, Web security, AdaBoost.

show abstract

Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Cited by 13 publications

References 2 publications

Deep Learning-Based Detection Technology for SQL Injection Research and Implementation

Deep Learning-Based Detection Technology for SQL Injection Research and Implementation

Web Security Aware by using Naive Baye’s ML Technique

A SQL Injection Detection Method Based on Adaptive Deep Forest

Contact Info

Product

Resources

About