SQL Injection Behavior Mining Based Deep Learning

被引：4

作者：

Tang, Peng ^{[1
]}

Qiu, Weidong ^{[1
]}

Huang, Zheng ^{[1
]}

Lian, Huijuan ^{[1
]}

Liu, Guozhen ^{[1
]}

机构：

[1] Shanghai Jiao Tong Univ, Sch Cyber Secur, Shanghai, Peoples R China

来源：

ADVANCED DATA MINING AND APPLICATIONS, ADMA 2018 | 2018年 / 11323卷

关键词：

SQL injection; Deep learning; MLP; LSTM;

D O I：

10.1007/978-3-030-05090-0_38

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

SQL injection is a common network attack. At present, filtering methods are mainly used to prevent SQL injection, yet risks of incomplete filtering still remains. By deep learning, we detect whether the user behaviors contain SQL injection attacks. The scheme proposed in this article extracts the characteristics of the HTTP traffic in the training sets and uses the deep neural network LSTM and the MLP training data sets, the final predictive capacity of the testing sets is over 99%. The deep neural network uses ReLU as the activation function of the hidden layer, continuously updates the weight parameters through gradient descent algorithm, and finally completes the training within 50 epoch iterations.

引用

页码：445 / 454

页数：10

共 10 条

[1] Bhardwaj M., 2015, ADAPTIVE ALGORITHM P, V4, P12
[2] Buja G., 2015, IEEE S COMP APPL IND, P60
[3] Web Application Security: Threats, Countermeasures, and Pitfalls
Huang, Hsiu-Chuan
Zhang, Zhi-Kai
Cheng, Hao-Wen
Shieh, Shiuhpyng Winston
[J]. COMPUTER, 2017, 50 (06) : 81 - 85
[4] Kaur N., 2016, INT C COMP SUST GLOB
[5] Kumar M., 2014, INT J COMPUT SCI INF, V5, P374
[6] Deep learning
LeCun, Yann
Bengio, Yoshua
Hinton, Geoffrey
[J]. NATURE, 2015, 521 (7553) : 436 - 444
[7] SQLPIL: SQL injection prevention by input labeling
Masri, Wes
Sleiman, Sam
[J]. SECURITY AND COMMUNICATION NETWORKS, 2015, 8 (15) : 2545 - 2560
[8] Parvez M, 2015, INT CONF INTERNET, P186, DOI 10.1109/ICITST.2015.7412085
[9] Shi CC, 2012, ADV INTEL SOFT COMPU, V127, P245
[10] Yuan GQ, 2017, IEEE IJCNN, P3896, DOI 10.1109/IJCNN.2017.7966347

← 1 →