Abstract
SQL injection attacks are a commonly used network attack method. To effectively detect and prevent such attacks, this paper proposes a SQL injection detection method based on a knowledge base of error codes associated with SQL injection. The proposed method is comprised of three main components: a data preprocessing module, an automatic detection feature extraction module, and a design module for the error code knowledge base. Using the error code knowledge base, the input SQL statements are matched in real time. As soon as a successful match is detected, the system promptly identifies it as a SQL injection attack and initiates the necessary response measures. By accumulating new error codes, the detection model can be further trained on new samples, thereby enhancing its recognition ability and expanding the detection range of the model. Based on experimental results, the error code knowledge base method achieves an accuracy of 97.34%. Furthermore, it maintains an accuracy of over 96% when tested on a new data set. When compared to traditional feature detection methods, it shows higher accuracy, precision, and recall rates.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bhavnani, H., Bardia, S., Modi, A., et al.: An extensive review of data security infrastructure and legislature. Secur. Priv. 5(1), e189 (2022)
Bedeković, N., Havaš, L., Horvat, T., et al.: The importance of developing preventive techniques for SQL injection attacks. Tehnički glasnik 16(4), 523–529 (2022)
Lu, D., Fei, J., Liu, L.: A semantic learning-based SQL injection attack detection technology. Electronics 12(6), 1344–1345 (2023)
Sharma, S., Zavarsky, P., Butakov, S.: Machine learning based intrusion detection system for web-based attacks In: 2020 IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS), pp. 227–230. IEEE (2020)
Hasan, M., Balbahaith, Z., Tarique, M.: Detection of SQL injection attacks: a machine learning approach In: 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6. (IEEE)
Li, Q., Wang, F., Wang, J., et al.: LSTM-based SQL injection detection method for intelligent transportation system. IEEE Trans. Veh. Technol. 68(5), 4182–4191 (2019)
Raju, P.S., Rao, P.V.: An optimistic security model for improving cyber security using adaptive algorithms to prevent SQL injection attacks. Int. J. Secur. Priv. Pervasive Comput. (IJSPPC) 13(4), 17–32 (2021)
Shehu, B., Xhuvani, A., Ahmetaj, S.: Methods of identifying and preventing SQL attacks. Int. J. Comput. Sci. Issues (IJCSI) 9(6), 403–404 (2012)
Yan, D., Li, K., Gu, S., et al.: Network-based bag-of-words model for text classification. IEEE Access 8, 82641–82652 (2020)
Acknowledgement
This project is supported by Shandong Province Science and Technology Small and Medium Enterprises Innovation Ability Enhancement Project of China (No. 2023TSGC0449); Linyi University Students Innovation and Entrepreneurship Training Program (No.X202310452341). The tutor is Haifeng Wang.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lin, H., Shao, J., Sun, T., Zou, X., Wang, H. (2024). SQL Injection Attack Detection Based on Error Code Knowledge. In: Dong, J., Zhang, L., Cheng, D. (eds) Proceedings of the 2nd International Conference on Internet of Things, Communication and Intelligent Technology. IoTCIT 2023. Lecture Notes in Electrical Engineering, vol 1197. Springer, Singapore. https://doi.org/10.1007/978-981-97-2757-5_50
Download citation
DOI: https://doi.org/10.1007/978-981-97-2757-5_50
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2756-8
Online ISBN: 978-981-97-2757-5
eBook Packages: Computer ScienceComputer Science (R0)