Skip to main content
SpringerLink
Log in

A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks

  • Conference paper
  • First Online:
Proceedings of Data Analytics and Management

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 91))

Abstract

SQL Injection attacks are one of the major attacks targeting web applications as reported by OWASP. SQL injection, frequently referred to as SQLI, is an arising attack vector that uses malicious SQL code for unauthorized access to data. This can leave the system vulnerable and can result in severe loss of data. In this research work, we have reviewed the different types of SQL Injection attacks and existing techniques for the detection of SQL injection attacks. We have compiled and prepared our own dataset for the study including all major types of SQL attacks and have analyzed the performance of Machine learning algorithms like Naïve Bayes, Decision trees, Support Vector Machine, and K-nearest neighbor. We have also analyzed the performance of Convolutional Neural Networks (CNN) on the dataset using performance measures like accuracy, precision, Recall, and area of the ROC curve. Our experiments indicate that CNN outperforms other algorithms in accuracy, precision, recall, and area of the ROC curve.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 279.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. IMPERA (2020) https://www.imperva.com/learn/application-security/sql-injection-sqli/

  2. AKAMI https://www.akamai.com/us/en/resources/prevent-sql-injection-attacks.jsp

  3. HACKMAGEDDON https://www.hackmageddon.com/2021/01/13/2020-cyber-attacks-statistics/

  4. Research India Publications (2020) SQL injection attack detection and prevention techniques using machine learning. Int J Appl Eng Res 15(6):569–580. ISSN 0973-4562. http://www.ripublication.com

  5. Ladole A, Phalke MDA (2016) SQL injection attack and user behavior detection by using query tree fisher score and SVM classification. Int Res J Eng Technol 3(6)

    Google Scholar 

  6. Makiou A, Begriche Y, Serhrouchni A (2014) Improving web application Firewalls to detect advanced SQL injection attacks. In: 2014 10th International conference on information assurance and security. Okinawa, Japan, pp. 35–40. https://doi.org/10.1109/ISIAS.2014.7064617

  7. Tang P, Qiu W, Huang Z, Lian H, Liu F (2020) Detection of SQL injection based on artificial neural network. Knowl-Based Syst 190:105528. ISSN: 0950-7051. https://doi.org/10.1016/j.knosys.2020.105528

  8. Volkova M, Chmelar P, Sobotka L (2019) Machine learning blunts the needle of advanced SQL injections. MENDEL 25:23–30. https://doi.org/10.13164/mendel.2019.1.023

  9. Valeur F, Mutz D, Vigna G (2005) A learning-based approach to the detection of SQL attacks. In: Detection of intrusions and malware, and vulnerability assessment, pp 123–140. Available: https://doi.org/10.1007/11506881_8

  10. Kamtuo K, Soomlek C (2016) Machine learning for SQL injection prevention on server-side scripting. In: 2016 International computer science and engineering conference (ICSEC). Chiang Mai, Thailand, pp 1-6. https://doi.org/10.1109/ICSEC.2016.7859950

  11. Moh M, Pininti S, Doddapaneni S, Moh T (2016) Detecting web attacks using multi-stage log analysis. In: 2016 IEEE 6th International conference on advanced computing (IACC). Bhimavaram, India, pp 733–738. https://doi.org/10.1109/IACC.2016.141

  12. Hande N, Bhujbal A, Maitri P, Dhiwar A, Raskar S (2018) SQL injection detection and prevention using machine learning. Int J Sci Res Dev 6(1):1583–1584

    Google Scholar 

  13. Uwagbole SO, Buchanan WJ, Fan L (2017) Applied machine learning predictive analytics to SQL injection attack detection and prevention. In: 2017 IFIP/IEEE Symposium on integrated network and service management (IM). Lisbon, Portugal, pp 1087–1090. https://doi.org/10.23919/INM.2017.7987433

  14. Halde J (2008) SQL injection analysis, detection and prevention. Master’s Projects 82. https://doi.org/10.31979/etd.mnyq-9gq5

  15. Kar D, Agarwal K, Sahoo AK, Panigrahi S (2016) Detection of SQL injection attacks using Hidden Markov model. In: 2016 IEEE International conference on engineering and technology (ICETECH). Coimbatore, India, pp 1–6. https://doi.org/10.1109/ICETECH.2016.7569180

  16. Lee I, Jeong S, Yeo S-S, Moon J (2012) A novel method for SQL injection attack detection based on removing SQL query attribute values. Math Comput Model 55(1–2):58–68 [Online]. Available: http://dblp.uni-trier.de/db/journals/mcm/mcm55.html#LeeJYM12

  17. Huang Y-W, Yu F, Hang C, Tsai C-H, Lee D-T, Kuo S-Y (2004) Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th international conference on World Wide Web (WWW '04). Association for Computing Machinery, New York, NY, USA, pp 40–52. https://doi.org/10.1145/988672.988679

  18. Dalai AK, Jena SK (2017) Neutralizing SQL injection attack using server-side code modification in web applications. Secur Commun Netw 2017:1–12. https://doi.org/10.1155/2017/3825373

    Article  Google Scholar 

  19. Singh G, Kant D, Gangwar U, Singh AP (2015) SQL injection detection and correction using machine learning techniques. In: Satapathy S, Govardhan A, Raju K, Mandal J (eds) Emerging ICT for bridging the future—proceedings of the 49th annual convention of the computer society of India (CSI), vol 1. Advances in intelligent systems and computing, vol 337. Springer, Cham. https://doi.org/10.1007/978-3-319-13728-5_49

  20. Zhang Y, Liu J, Zhang Z, Huang J (2019) Prediction of daily smoking behavior based on decision tree machine learning algorithm. In: 2019 IEEE 9th International conference on electronics information and emergency communication (ICEIEC). Beijing, China, pp 330–333. https://doi.org/10.1109/ICEIEC.2019.8784698

  21. Zhang W, Chen X, Liu Y, Xi Q (2020) A distributed storage and computation k-nearest neighbor algorithm based cloud-edge computing for cyber-physical-social systems. IEEE Access 8:50118–50130. https://doi.org/10.1109/ACCESS.2020.2974764

    Article  Google Scholar 

  22. Shalini K, Ravikurnar A, Vineetha RC, Aravind Reddy D, Aravind Kumar M, Soman KP (2018) Sentiment analysis of Indian languages using convolutional neural networks. In: 2018 International conference on computer communication and informatics (ICCCI). Coimbatore, India, pp 1–4. https://doi.org/10.1109/ICCCI.2018.8441371

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, MPSTME, NMIMS University (Deemed-to-be), Mumbai, India

    Ayush Falor, Manav Hirani, Henil Vedant, Priyank Mehta & Deepa Krishnan

Authors
  1. Ayush Falor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manav Hirani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Henil Vedant
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Priyank Mehta
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Deepa Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Maharaja Agrasen Institute of Technology, New Delhi, Delhi, India

    Deepak Gupta

  2. Jan Wyzykowski University, Polkowice, Poland

    Zdzislaw Polkowski

  3. Maharaja Agrasen Institute of Technology, New Delhi, Delhi, India

    Ashish Khanna

  4. Rajnagar Mahavidyalaya, Birbhum, West Bengal, India

    Siddhartha Bhattacharyya

  5. Tijuana Institute of Technology, Tijuana, Mexico

    Oscar Castillo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Falor, A., Hirani, M., Vedant, H., Mehta, P., Krishnan, D. (2022). A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks. In: Gupta, D., Polkowski, Z., Khanna, A., Bhattacharyya, S., Castillo, O. (eds) Proceedings of Data Analytics and Management . Lecture Notes on Data Engineering and Communications Technologies, vol 91. Springer, Singapore. https://doi.org/10.1007/978-981-16-6285-0_24

Download citation

Publish with us

Policies and ethics

Search

Navigation