SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic-Reference-Cited by-同舟云学术

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Published:2023-05-30 Issue:11 Volume:12 Page:2472
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Fu Houlong¹^ORCID,Guo Chun¹,Jiang Chaohui¹,Ping Yuan²^ORCID,Lv Xiaodan¹^ORCID

Affiliation:

1. State Key Laboratory of Public Big Data, College of Computer Science and Technology, Guizhou University, Guiyang 550025, China

2. School of Information Engineering, Xuchang University, Xuchang 461000, China

Abstract

An SQL Injection Attack (SQLIA) is a major cyber security threat to Web services, and its different stages can cause different levels of damage to an information system. Attackers can construct complex and diverse SQLIA statements, which often cause most existing inbound-based detection methods to have a high false-negative rate when facing deformed or unknown SQLIA statements. Although some existing works have analyzed different features for the stages of SQLIA from the perspectives of attackers, they primarily focus on stage analysis rather than different stages’ identification. To detect SQLIA and identify its stages, we analyze the outbound traffic from the Web server and find that it can differentiate between SQLIA traffic and normal traffic, and the outbound traffic generated during the two stages of SQLIA exhibits distinct characteristics. By employing 13 features extracted from outbound traffic, we propose an SQLIA detection and stage identification method based on outbound traffic (SDSIOT), which is a two-phase method that detects SQLIAs in Phase I and identifies their stages in Phase II. Importantly, it does not need to analyze the complex and diverse malicious statements made by attackers. The experimental results show that SDSIOT achieves an accuracy of 98.57% for SQLIA detection and 94.01% for SQLIA stage identification. Notably, the accuracy of SDSIOT’s SQLIA detection is 8.22 percentage points higher than that of ModSecurity.

Funder

Science and Technology Support Program of Guizhou Province

Science and Technology Foundation of Guizhou Province

Key Technologies R&D Program of He’nan Province

Foundation of He’nan Educational Committee

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/11/2472/pdf

Reference41 articles.

1. Performance evaluation of Convolutional Neural Network for web security;Jemal;Comput. Commun.,2021

2. RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls;Amouei;IEEE Trans. Dependable Secur. Comput.,2021

3. van der Stock, A., Glas, B., Smithline, N., and Gigler, T. (2022, August 04). OWASP Top 10:2021. Available online: https://owasp.org/www-project-top-ten/.

4. An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection;Stiawan;Comput. Syst. Sci. Eng.,2023

5. (2021, August 01). SQLMAP: Automatic SQL Injection and Database Takeover Tool. Available online: https://sqlmap.org/.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Detecting Structured Query Language Injections in Web Microservices Using Machine Learning;Informatics;2024-04-02

2. Analysis of SQL injection attacks in the cloud and in WEB applications;SECURITY AND PRIVACY;2024-01-18

3. Analysis of SQLMAP Efficacy in Exploiting SQL Injection Vulnerabilities in Web Applications: A Case Study on DVWA;2023 International Conference on Engineering Applied and Nano Sciences (ICEANS);2023-10-25