SQL Injection Attack Detection Based on Error Code Knowledge

Lin, HongQing; Shao, JianQi; Sun, Ting; Zou, Xue; Wang, HaiFeng

doi:10.1007/978-981-97-2757-5_50

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 1197))

Included in the following conference series:

International Conference on Internet of Things, Communication and Intelligent Technology

74 Accesses

Abstract

SQL injection attacks are a commonly used network attack method. To effectively detect and prevent such attacks, this paper proposes a SQL injection detection method based on a knowledge base of error codes associated with SQL injection. The proposed method is comprised of three main components: a data preprocessing module, an automatic detection feature extraction module, and a design module for the error code knowledge base. Using the error code knowledge base, the input SQL statements are matched in real time. As soon as a successful match is detected, the system promptly identifies it as a SQL injection attack and initiates the necessary response measures. By accumulating new error codes, the detection model can be further trained on new samples, thereby enhancing its recognition ability and expanding the detection range of the model. Based on experimental results, the error code knowledge base method achieves an accuracy of 97.34%. Furthermore, it maintains an accuracy of over 96% when tested on a new data set. When compared to traditional feature detection methods, it shows higher accuracy, precision, and recall rates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 299.00; Price excludes VAT (USA)

Hardcover Book: USD 379.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Bhavnani, H., Bardia, S., Modi, A., et al.: An extensive review of data security infrastructure and legislature. Secur. Priv. 5(1), e189 (2022)
Article Google Scholar
Bedeković, N., Havaš, L., Horvat, T., et al.: The importance of developing preventive techniques for SQL injection attacks. Tehnički glasnik 16(4), 523–529 (2022)
Article Google Scholar
Lu, D., Fei, J., Liu, L.: A semantic learning-based SQL injection attack detection technology. Electronics 12(6), 1344–1345 (2023)
Article Google Scholar
Sharma, S., Zavarsky, P., Butakov, S.: Machine learning based intrusion detection system for web-based attacks In: 2020 IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS), pp. 227–230. IEEE (2020)
Google Scholar
Hasan, M., Balbahaith, Z., Tarique, M.: Detection of SQL injection attacks: a machine learning approach In: 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6. (IEEE)
Google Scholar
Li, Q., Wang, F., Wang, J., et al.: LSTM-based SQL injection detection method for intelligent transportation system. IEEE Trans. Veh. Technol. 68(5), 4182–4191 (2019)
Google Scholar
Raju, P.S., Rao, P.V.: An optimistic security model for improving cyber security using adaptive algorithms to prevent SQL injection attacks. Int. J. Secur. Priv. Pervasive Comput. (IJSPPC) 13(4), 17–32 (2021)
Article Google Scholar
Shehu, B., Xhuvani, A., Ahmetaj, S.: Methods of identifying and preventing SQL attacks. Int. J. Comput. Sci. Issues (IJCSI) 9(6), 403–404 (2012)
Google Scholar
Yan, D., Li, K., Gu, S., et al.: Network-based bag-of-words model for text classification. IEEE Access 8, 82641–82652 (2020)
Article Google Scholar

Download references

Acknowledgement

This project is supported by Shandong Province Science and Technology Small and Medium Enterprises Innovation Ability Enhancement Project of China (No. 2023TSGC0449); Linyi University Students Innovation and Entrepreneurship Training Program (No.X202310452341). The tutor is Haifeng Wang.

Author information

Authors and Affiliations

Information Science and Engineering School, Lin Yi University, Linyi, 276002, China
HongQing Lin, JianQi Shao, Ting Sun, Xue Zou & HaiFeng Wang

Authors

HongQing Lin
View author publications
You can also search for this author in PubMed Google Scholar
JianQi Shao
View author publications
You can also search for this author in PubMed Google Scholar
Ting Sun
View author publications
You can also search for this author in PubMed Google Scholar
Xue Zou
View author publications
You can also search for this author in PubMed Google Scholar
HaiFeng Wang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to HaiFeng Wang .

Editor information

Editors and Affiliations

Central South University, Changsha, Hunan, China
Jian Dong
School of Information Engineering, Shenzhen University, Shenzhen, Guangdong, China
Long Zhang
School of Information and Control Engineering, China University of Mining and Technolog, Xuzhou, Jiangsu, China
Deqiang Cheng

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Lin, H., Shao, J., Sun, T., Zou, X., Wang, H. (2024). SQL Injection Attack Detection Based on Error Code Knowledge. In: Dong, J., Zhang, L., Cheng, D. (eds) Proceedings of the 2nd International Conference on Internet of Things, Communication and Intelligent Technology. IoTCIT 2023. Lecture Notes in Electrical Engineering, vol 1197. Springer, Singapore. https://doi.org/10.1007/978-981-97-2757-5_50

Download citation

DOI: https://doi.org/10.1007/978-981-97-2757-5_50
Published: 26 April 2024
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2756-8
Online ISBN: 978-981-97-2757-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics