Machine Learning Blunts the Needle of Advanced SQL Injections

Thumbnail Image
Files
2019-1-023.pdf(1007.55 KB)
Date
2019-06-24
Authors
ORCID
Advisor
Referee
Mark
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Automation and Computer Science, Brno University of Technology
Altmetrics
Abstract
SQL injection is one of the most popular and serious information security threats. By exploiting database vulnerabilities, attackers may get access to sensitive data or enable compromised computers to conduct further network attacks. Our research is focused on applying machine learning approaches for identication of injection characteristics in the HTTP query string. We compare results from Rule-based Intrusion Detection System, Support Vector Machines, Multilayer Perceptron, Neural Network with Dropout layers, and Deep Sequential Models (Long Short-Term Memory, and Gated Recurrent Units) using multiple string analysis, bag-of-word techniques, and word embedding for query string vectorization. Results proved benets of applying machine learning approach for detection malicious pattern in HTTP query string.
Description
Keywords
SQL injection identication, machine learning, deep learning, recurrent neural networks, text analysis, web application firewall, intrusion detection system
Citation
Mendel. 2018 vol. 25, č. 1, s. 23-30. ISSN 1803-3814
https://mendel-journal.org/index.php/mendel/article/view/74
Document type
Peer-reviewed
Document version
Published version
Date of access to the full text
Language of document
en
Study field
Comittee
Date of acceptance
Defence
Result of defence
Document licence
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license
http://creativecommons.org/licenses/by-nc-sa/4.0
DOI
10.13164/mendel.2019.1.023
URI
http://hdl.handle.net/11012/186977
Collections
Vol. 25, No. 1
Citace PRO