Abstract
SQL Injection attacks are one of the major attacks targeting web applications as reported by OWASP. SQL injection, frequently referred to as SQLI, is an arising attack vector that uses malicious SQL code for unauthorized access to data. This can leave the system vulnerable and can result in severe loss of data. In this research work, we have reviewed the different types of SQL Injection attacks and existing techniques for the detection of SQL injection attacks. We have compiled and prepared our own dataset for the study including all major types of SQL attacks and have analyzed the performance of Machine learning algorithms like Naïve Bayes, Decision trees, Support Vector Machine, and K-nearest neighbor. We have also analyzed the performance of Convolutional Neural Networks (CNN) on the dataset using performance measures like accuracy, precision, Recall, and area of the ROC curve. Our experiments indicate that CNN outperforms other algorithms in accuracy, precision, recall, and area of the ROC curve.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
IMPERA (2020) https://www.imperva.com/learn/application-security/sql-injection-sqli/
AKAMI https://www.akamai.com/us/en/resources/prevent-sql-injection-attacks.jsp
HACKMAGEDDON https://www.hackmageddon.com/2021/01/13/2020-cyber-attacks-statistics/
Research India Publications (2020) SQL injection attack detection and prevention techniques using machine learning. Int J Appl Eng Res 15(6):569–580. ISSN 0973-4562. http://www.ripublication.com
Ladole A, Phalke MDA (2016) SQL injection attack and user behavior detection by using query tree fisher score and SVM classification. Int Res J Eng Technol 3(6)
Makiou A, Begriche Y, Serhrouchni A (2014) Improving web application Firewalls to detect advanced SQL injection attacks. In: 2014 10th International conference on information assurance and security. Okinawa, Japan, pp. 35–40. https://doi.org/10.1109/ISIAS.2014.7064617
Tang P, Qiu W, Huang Z, Lian H, Liu F (2020) Detection of SQL injection based on artificial neural network. Knowl-Based Syst 190:105528. ISSN: 0950-7051. https://doi.org/10.1016/j.knosys.2020.105528
Volkova M, Chmelar P, Sobotka L (2019) Machine learning blunts the needle of advanced SQL injections. MENDEL 25:23–30. https://doi.org/10.13164/mendel.2019.1.023
Valeur F, Mutz D, Vigna G (2005) A learning-based approach to the detection of SQL attacks. In: Detection of intrusions and malware, and vulnerability assessment, pp 123–140. Available: https://doi.org/10.1007/11506881_8
Kamtuo K, Soomlek C (2016) Machine learning for SQL injection prevention on server-side scripting. In: 2016 International computer science and engineering conference (ICSEC). Chiang Mai, Thailand, pp 1-6. https://doi.org/10.1109/ICSEC.2016.7859950
Moh M, Pininti S, Doddapaneni S, Moh T (2016) Detecting web attacks using multi-stage log analysis. In: 2016 IEEE 6th International conference on advanced computing (IACC). Bhimavaram, India, pp 733–738. https://doi.org/10.1109/IACC.2016.141
Hande N, Bhujbal A, Maitri P, Dhiwar A, Raskar S (2018) SQL injection detection and prevention using machine learning. Int J Sci Res Dev 6(1):1583–1584
Uwagbole SO, Buchanan WJ, Fan L (2017) Applied machine learning predictive analytics to SQL injection attack detection and prevention. In: 2017 IFIP/IEEE Symposium on integrated network and service management (IM). Lisbon, Portugal, pp 1087–1090. https://doi.org/10.23919/INM.2017.7987433
Halde J (2008) SQL injection analysis, detection and prevention. Master’s Projects 82. https://doi.org/10.31979/etd.mnyq-9gq5
Kar D, Agarwal K, Sahoo AK, Panigrahi S (2016) Detection of SQL injection attacks using Hidden Markov model. In: 2016 IEEE International conference on engineering and technology (ICETECH). Coimbatore, India, pp 1–6. https://doi.org/10.1109/ICETECH.2016.7569180
Lee I, Jeong S, Yeo S-S, Moon J (2012) A novel method for SQL injection attack detection based on removing SQL query attribute values. Math Comput Model 55(1–2):58–68 [Online]. Available: http://dblp.uni-trier.de/db/journals/mcm/mcm55.html#LeeJYM12
Huang Y-W, Yu F, Hang C, Tsai C-H, Lee D-T, Kuo S-Y (2004) Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th international conference on World Wide Web (WWW '04). Association for Computing Machinery, New York, NY, USA, pp 40–52. https://doi.org/10.1145/988672.988679
Dalai AK, Jena SK (2017) Neutralizing SQL injection attack using server-side code modification in web applications. Secur Commun Netw 2017:1–12. https://doi.org/10.1155/2017/3825373
Singh G, Kant D, Gangwar U, Singh AP (2015) SQL injection detection and correction using machine learning techniques. In: Satapathy S, Govardhan A, Raju K, Mandal J (eds) Emerging ICT for bridging the future—proceedings of the 49th annual convention of the computer society of India (CSI), vol 1. Advances in intelligent systems and computing, vol 337. Springer, Cham. https://doi.org/10.1007/978-3-319-13728-5_49
Zhang Y, Liu J, Zhang Z, Huang J (2019) Prediction of daily smoking behavior based on decision tree machine learning algorithm. In: 2019 IEEE 9th International conference on electronics information and emergency communication (ICEIEC). Beijing, China, pp 330–333. https://doi.org/10.1109/ICEIEC.2019.8784698
Zhang W, Chen X, Liu Y, Xi Q (2020) A distributed storage and computation k-nearest neighbor algorithm based cloud-edge computing for cyber-physical-social systems. IEEE Access 8:50118–50130. https://doi.org/10.1109/ACCESS.2020.2974764
Shalini K, Ravikurnar A, Vineetha RC, Aravind Reddy D, Aravind Kumar M, Soman KP (2018) Sentiment analysis of Indian languages using convolutional neural networks. In: 2018 International conference on computer communication and informatics (ICCCI). Coimbatore, India, pp 1–4. https://doi.org/10.1109/ICCCI.2018.8441371
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Falor, A., Hirani, M., Vedant, H., Mehta, P., Krishnan, D. (2022). A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks. In: Gupta, D., Polkowski, Z., Khanna, A., Bhattacharyya, S., Castillo, O. (eds) Proceedings of Data Analytics and Management . Lecture Notes on Data Engineering and Communications Technologies, vol 91. Springer, Singapore. https://doi.org/10.1007/978-981-16-6285-0_24
Download citation
DOI: https://doi.org/10.1007/978-981-16-6285-0_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-6284-3
Online ISBN: 978-981-16-6285-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)