使用机器学习检测SQL注入攻击.pdf_如何检测sql注入资源-CSDN文库

版权申诉

142 浏览量 2024-04-24 16:14:37 上传评论收藏 761KB PDF 举报

资源推荐

资源详情

资源评论

Citation: Alghawazi, M.;

Alghazzawi, D.; Alariﬁ, S. Detection

of SQL Injection Attack Using

Machine Learning Techniques: A

Systematic Literature Review. J.

Cybersecur. Priv. 2022, 2, 764–777.

https://doi.org/10.3390/jcp2040039

Academic Editor: Marina

L. Gavrilova

Received: 31 July 2022

Accepted: 14 September 2022

Published: 20 September 2022

Publisher’s Note: MDPI stays neutral

with regard to jurisdictional claims in

published maps and institutional afﬁl-

iations.

Licensee MDPI, Basel, Switzerland.

This article is an open access article

distributed under the terms and

conditions of the Creative Commons

Attribution (CC BY) license (https://

creativecommons.org/licenses/by/

4.0/).

Article

Detection of SQL Injection Attack Using Machine Learning

Techniques: A Systematic Literature Review

Maha Alghawazi , Daniyal Alghazzawi and Suaad Alariﬁ *

Information Systems Department, Faculty of Computing and Information Technology, King Abdulaziz University,

Jeddah 80200, Saudi Arabia

* Correspondence: salariﬁ@kau.edu.sa

Abstract:

An SQL injection attack, usually occur when the attacker(s) modify, delete, read, and

copy data from database servers and are among the most damaging of web application attacks.

A successful

SQL injection attack can affect all aspects of security, including conﬁdentiality, integrity,

and data availability. SQL (structured query language) is used to represent queries to database

management systems. Detection and deterrence of SQL injection attacks, for which techniques from

different areas can be applied to improve the detect ability of the attack, is not a new area of research

but it is still relevant. Artiﬁcial intelligence and machine learning techniques have been tested and

used to control SQL injection attacks, showing promising results. The main contribution of this paper

is to cover relevant work related to different machine learning and deep learning models used to

detect SQL injection attacks. With this systematic review, we aims to keep researchers up-to-date and

contribute to the understanding of the intersection between SQL injection attacks and the artiﬁcial

intelligence ﬁeld.

Keywords: SQL injection; machine learning; deep learning; adversarial attacks

1. Introduction

Most cyber-physical system (CPS) applications are safety-critical; misbehavior caused

by random failures or cyber-attacks can considerably restrict their growth. Thus, it is

important to protect CPS from being damaged in this way [

]. Current security solutions

have been well-integrated into many networked systems including the use of middle boxes,

such as antivirus protection, ﬁrewall, and intrusion detection systems (IDS). A ﬁrewall

controls network trafﬁc based on the source or destination address. It alters network trafﬁc

according to the ﬁrewall rules. Firewalls are also limited to their knowledge of the hosts

receiving the content and the amount of state available. An IDS is a type of security tool that

scans the system for suspicious activity, monitors the network trafﬁc, and alerts the system

or network administrator [

]. In this context, a number of frameworks and mechanisms

have been suggested in recent papers.

In this paper, we have considered SQL injection attacks that target the HTTP/HTTPS

protocol, which aim to pass through the web application ﬁrewall (WAF) and obtain an

unauthorized access to proprietary data. SQL injection belongs to the injection family

of web attacks, wherein an attacker inserts inputs into a system to execute malicious

statements. The victim system is usually not ready to process this input, typically resulting

in data leakage and/or granting of unauthorized access to the attacker; in this case, the

attacker can access and/or modify the data, affecting all aspects of security, including

conﬁdentiality, integrity, and data availability [3].

In an SQL injection, the attacker inserts an SQL statement into an exchange between a

client and database server [

]. SQL (structured query language) is used to represent queries

to database management systems (DBMSs). The maliciously injected SQL statement is

designed to extract or modify data from the database server. A successful injection can result

J. Cybersecur. Priv. 2022, 2, 764–777. https://doi.org/10.3390/jcp2040039 https://www.mdpi.com/journal/jcp

J. Cybersecur. Priv. 2022, 2 765

in authentication and bypass and changes to the database by inserting, modifying, and/or

deleting data, causing data loss and/or destruction of the entire database. Furthermore,

such an attack could overrun and execute commands on the hosted operating system,

typically leading to more serious consequences [4].

Thus, SQL injection attacks present aserious threats to organizations. A variety of

research has been undertaken to address this threat, presenting various artiﬁcial intelligence

(AI)techniques for detection of SQL injection attacks using machine learning and deep learn-

ing models [

]. AI techniques to facilitate the detection of threats are usually implemented

via learning from historical data representing an attack and/or normal data. Historical data

are useful for learning, in order to recognize patterns of attacks, understanding detected

trafﬁc, and even predicting future attacks before they occur [6].

SQL injection attackers and defenders must understand how SQL language works to

know how it can be misused [3]. To extract data from a database or modify the data, queries

must be written using SQL language and they must follow a standard syntax, such as:

“SELECT * FROM books WHERE author = ‘MAHA’”

The above query will return all books authored by MAHA. Queries are submitted to

the DBMS and are usually written through a web browser. For the query to be transmitted

to the database server through the web browser, it has to be encoded through a long

URL string, such as: http://www.xyz_website.com?QUERY=SELECT%20*%20FROM%20

books%20WHERE%20author=7453.

What if the attacker adds to the previous SQL query? For example:

“SELECT * FROM books WHERE author =

MAHA

”

As the statement 1 = 1 is always true, the query will return all books in the database,

not just the books authored by MAHA.

The previous example might not represent a threat, especially if the stored list of books

is not conﬁdential. However, it could be applied to valuable using different syntax, and if

successful, it might return sensitive data, such as passwords, bank accounts, trade secrets,

and personal data, which might be considered a privacy breach, among other consequences.

In some research, injecting a code using ‘OR’ followed by a TRUE statement, such as

1 = 1 is called “tautology” [

]. Methods other than tautology can be used, such as when

an attacker intentionally injects an incorrect query to force the database server to return a

default error page, which might contain valuable information that could help an attacker to

understand the database to form a more advance attack [

]. The SQL syntax “UNION” can

also be used to extract information, in addition to many other methods based on the same

idea, of misusing SQL syntax to extract or even update the data in the targeted database.

This is how SQL injection works; the question then becomes: how does one detect this

type of attack using deep learning methods?

Deep learning is a machine learning and artiﬁcial intelligence method. It can be used

to support the detection of SQL injection attacks by training a classiﬁer to achieve the ability

to recognize and therefore detect an attack. The classiﬁer is trained using deep learning

models and can be used to classify new data, such as trafﬁc or data in log ﬁles. If the

classiﬁer is passive, it will alert the administrator; if it is active, it will prevent data from

passing to the database server. The classiﬁer can be trained to recognize and detect SQL

injection attacks using three different learning methods [8].

First is, unsupervised learning, where features are extracted from unclassiﬁed data, i.e.,

data that are labelled as neither normal nor abnormal. Using information and the Bayesian

probability theory, the classiﬁer detects hidden structures in the unclassiﬁed dataset. An

unclassiﬁed dataset means that it is not known whether these data are normal or abnormal

(malicious). Different techniques can be used in unsupervised learning, such as clustering

and density estimation [8].

J. Cybersecur. Priv. 2022, 2 766

The second is, supervised learning, whereby a labelled training dataset is used to train

the classifier. As the input data are labelled, i.e., normal or abnormal, the output is known

beforehand. Therefore, the process involves simple mapping between the input training data

and the known output, followed by continuous modification of the algorithm and changing

of the weights until an acceptable classification accuracy is achieved. Then, a test dataset

is used to test the classifier; if the result is with an acceptable accuracy range, the classifier

is ready to detect novel data, i.e., data not previously used in training or testing. The main

drawback of supervised learning is generating and labelling the training and testing data,

which might consume processing time, especially for complex attacks. Supervised learning

is categorized into classification and regression algorithms. The most common supervised

learning algorithms include Bayesian networks, decision trees, support vector machines

(SVMs), K-nearest neighbors, and neural networks. Third is, semi-supervised learning, which

use combination of supervised and unsupervised learning methods [8].

The main contribution of this paper is to provide a systematic review of the machine

learning and deep learning solutions that, are used to improve the detectability of SQL

injection attacks. With this systematic review, we aim to keep researchers up-to-date and

contribute to the understanding of the intersection between an SQL injection attack and

artiﬁcial intelligence.

The paper is organized as follows. Section 1 is an introduction to SQL injection

attacks and deep learning algorithms. In Section 2, we discuss related studies and consider

previous systematic reviews. In Section 3, we present the research method and planning of

the systematic review. In Section 4, highlights the results and review all related studies. In

Section 5, presents the discussion and answers to research questions. Finally, in Section 6,

we present our conclusions.

2. Related Studies

In this section, four published systematic reviews were considered. Newer systematic

reviews typically include both recent and older studies in the area under investigation. There-

fore, all of the papers we considered were relatively recent. The first was published in 2017 [

]

and it covered previous primary studies on SQL injection attacks, techniques, and tools. In [

forty-six primary studies were analyzed related to SQL injection attacks, tools, and techniques,

in addition to the impact of the attack. We adapted the same methodology as that used

in [

] due to its comprehensiveness and because it achieves satisfying results, in addition, this

research was similar to that in [9] in terms of objectives, ideas, and the area of research.

Qiu et al. [

] provided a comprehensive review of using artiﬁcial intelligence in

attacking and defending against security attacks, concentrating on the training and testing

stages. In their study, they sorted technologies and applications of adversarial attacks

in terms of natural language processing, cyberspace security, computer vision, and the

physical world. Furthermore, the authors considered defense strategies in their research

and proposed methods to deal with speciﬁc types of adversarial attack. Martins et al. [

]

explored more than 15 papers that applied adversarial machine learning techniques used in

intrusion and malware detection models. In their study, the authors summarized the most

common adversarial attacks and defense mechanisms for intrusion and malware detection.

Muslihi et al. [

] conducted a review of more than 14 studies published using deep

learning methods to detect SQL injection attacks, including CNN, LSTM, DBN, MLP, and

Bi-LSTM. They also provided a comparison of methods in terms of objectives, techniques,

features, and datasets. Muhammad et al. [

] reviewed and analytically evaluated the

methods and tools that are commonly used to detect and prevent SQL injection attacks,

considering a total of 82 studies. Their review results showed that most researchers focused

on proposing approaches to detect and mitigate SQL injection attacks (SQLIAs) rather than

evaluating the effectiveness of existing SQLIA detection methods.

剩余13页未读，继续阅读

评论收藏

内容反馈

版权申诉

百态老人

粉丝: 5116
资源: 2万+

使用机器学习检测 SQL 注入攻击.pdf

最新资源

使用机器学习检测 SQL 注入攻击.pdf

机器学习检测SQL注入.zip

使用机器学习检测 SQL 注入.pdf

论文研究-基于机器学习的SQL注入检测技术研究 .pdf

机器学习在SQL注入攻击检测中的应用.pdf

SQL注入文献.zip

基于机器学习的SQL注入检测方案.pdf

基于隐马尔可夫模型的SQL注入攻击行为检测 (1).pdf

基于机器学习的SQL攻击检测技术研究.pdf

基于TF-IDF文本向量化的SQL注入攻击检测.pdf

一种基于大语言模型的SQL注入攻击检测方法.pdf

基于机器学习的SQL注入漏洞挖掘技术的分析与实现.pdf

基于CNN的SQL注入检测.pdf

SQL注入攻击检测与防御技术研究综述 (1).pdf

基于机器学习的检测系统实现.pdf

基于深度卷积神经网络的SQL注入攻击检测.pdf

SQL注入攻击与防御技术白皮书.pdf

基于信息携带的SQL注入攻击检测方法.pdf

一种新型的SQL注入攻击检测机制研究.pdf

实时随机SQL注入攻击检测方法的研究.pdf

SQL注入攻击检测与防御技术研究.pdf

基于关键载荷截取的SQL注入攻击检测方法.pdf

基于本体的SQL注入攻击检测方法研究.pdf

分类模型的案例解释 SQL注入攻击的检测.pdf

基于LSTM神经网络的SQL注入攻击检测研究.pdf

基于语义分析的SQL注入行为检测方案研究.pdf

面向PHP应用程序的SQL注入行为检测.pdf

面向网络环境的SQL注入行为检测方法.pdf

SQL注入漏洞检测技术综述.pdf

SQL注入攻击及其防范检测技术的研究 (1).pdf

新型SQL注入攻击的研究与防范.pdf

最新资源