A Semantic Learning-Based SQL Injection Attack Detection Technology-Reference-Cited by-同舟云学术

A Semantic Learning-Based SQL Injection Attack Detection Technology

Published:2023-03-12 Issue:6 Volume:12 Page:1344
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Lu Dongzhe¹,Fei Jinlong¹,Liu Long¹

Affiliation:

1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

Abstract

Over the years, injection vulnerabilities have been at the top of the Open Web Application Security Project Top 10 and are one of the most damaging and widely exploited types of vulnerabilities against web applications. Structured Query Language (SQL) injection attack detection remains a challenging problem due to the heterogeneity of attack loads, the diversity of attack methods, and the variety of attack patterns. It has been demonstrated that no single model can guarantee adequate security to protect web applications, and it is crucial to develop an efficient and accurate model for SQL injection attack detection. In this paper, we propose synBERT, a semantic learning-based detection model that explicitly embeds the sentence-level semantic information from SQL statements into an embedding vector. The model learns representations that can be mapped to SQL syntax tree structures, as evidenced by visualization work. We gathered a wide range of datasets to assess the classification performance of the synBERT, and the results show that our approach outperforms previously proposed models. Even on brand-new, untrained models, accuracy can reach 90% or higher, indicating that the model has good generalization performance.

Funder

National Key Research and Development Project of China

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/6/1344/pdf

Reference37 articles.

1. SQL Injection Attack Detection and Prevention Techniques Using Deep Learning;Chen;J. Phys. Conf. Ser.,2021

2. Protection Web Applications Using Real-Time Technique to Detect Structured Query Language Injection Attacks;Salih;IJCA,2016

3. A Study of Moving from Cloud Computing to Fog Computing;Abdulqadir;QAJ,2021

4. Zhu, Z., Jia, S., Li, J., Qin, S., and Guo, H. (2021, January 30). SQL Injection Attack Detection Framework Based on HTTP Traffic. Proceedings of the ACM Turing Award Celebration Conference—China (ACM TURC 2021), Hefei China.

5. Jothi, K.R., Pandey, N., Beriwal, P., and Amarajan, A. (2021, January 17). An Efficient SQL Injection Detection System Using Deep Learning. Proceedings of the 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Dubai, United Arab Emirates.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Analysis of SQL injection attacks in the cloud and in WEB applications;SECURITY AND PRIVACY;2024-01-18

2. Securing transportation web applications: An AI-driven approach to detect and mitigate SQL injection attacks;Journal of Transportation Security;2024-01-08

3. AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection;IEEE Access;2023

4. ONTOLOGY FOR BLIND SQL INJECTION;COMPUT INFORM;2023

5. Machine Learning for Healthcare-IoT Security: A Review and Risk Mitigation;IEEE Access;2023