Employing Neural Networks for the detection of SQL injection attack

Naghmeh Moradpoor Sheykhkanloo

doi:10.1145/2659651.2659675

Employing Neural Networks for the detection of SQL injection attack

Naghmeh Moradpoor Sheykhkanloo

SDI

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

84 Downloads (Pure)

Abstract

Structured Query Language Injection (SQLI) attack is a code injection technique in which malicious SQL statements are inserted into the SQL database by simply using web browsers. SQLI attack can cause severe damages on a given SQL database such as losing data, disclosing confidential information or even changing the values of data. It has also been rated as the number-one attack on the Open Web Application Security Project (OWASP) top ten. In this paper, we propose an effective model to deal with this problem based on Neural Networks (NNs). The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to classify the generated URLs to either benign or malicious URLs, and an NN model in order to detect either a given URL is a malicious URL or a benign URL. The model is first trained and then evaluated by employing both benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.

Original language	English
Title of host publication	Proceedings of the 7th International Conference on Security of Information and Networks
Editors	Ron Poet
Place of Publication	New York
Publisher	Association for Computing Machinery (ACM)
Pages	318-323
Number of pages	6
ISBN (Print)	9781450330336
DOIs	https://doi.org/10.1145/2659651.2659675
Publication status	Published - 9 Sep 2014
Event	7th International Conference on Security of Information and Networks - University of Glasgow, Glasgow, United Kingdom Duration: 9 Sep 2014 → 11 Sep 2014 Conference number: 7th

Conference

Conference	7th International Conference on Security of Information and Networks
Abbreviated title	SIN 2014
Country	United Kingdom
City	Glasgow
Period	9/09/14 → 11/09/14

Access to Document

10.1145/2659651.2659675

Moradpor_EmployingNeuralNetworksForTheDetectionOf SQL InjectionAttack_Author_2014Accepted author manuscript, 351 KB

Fingerprint Dive into the research topics of 'Employing Neural Networks for the detection of SQL injection attack'. Together they form a unique fingerprint.

Cite this

Moradpoor Sheykhkanloo, N. (2014). Employing Neural Networks for the detection of SQL injection attack. In R. Poet (Ed.), Proceedings of the 7th International Conference on Security of Information and Networks (pp. 318-323). Association for Computing Machinery (ACM). https://doi.org/10.1145/2659651.2659675

@inproceedings{ec637d9fa83845e49abb4f1624fbb22c,

title = "Employing Neural Networks for the detection of SQL injection attack",

abstract = "Structured Query Language Injection (SQLI) attack is a code injection technique in which malicious SQL statements are inserted into the SQL database by simply using web browsers. SQLI attack can cause severe damages on a given SQL database such as losing data, disclosing confidential information or even changing the values of data. It has also been rated as the number-one attack on the Open Web Application Security Project (OWASP) top ten. In this paper, we propose an effective model to deal with this problem based on Neural Networks (NNs). The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to classify the generated URLs to either benign or malicious URLs, and an NN model in order to detect either a given URL is a malicious URL or a benign URL. The model is first trained and then evaluated by employing both benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.",

author = "{Moradpoor Sheykhkanloo}, Naghmeh",

year = "2014",

month = sep,

day = "9",

doi = "10.1145/2659651.2659675",

language = "English",

isbn = "9781450330336",

pages = "318--323",

editor = "Ron Poet",

booktitle = "Proceedings of the 7th International Conference on Security of Information and Networks",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "7th International Conference on Security of Information and Networks, SIN 2014 ; Conference date: 09-09-2014 Through 11-09-2014",

}

Moradpoor Sheykhkanloo, N 2014, Employing Neural Networks for the detection of SQL injection attack. in R Poet (ed.), Proceedings of the 7th International Conference on Security of Information and Networks. Association for Computing Machinery (ACM), New York, pp. 318-323, 7th International Conference on Security of Information and Networks, Glasgow, United Kingdom, 9/09/14. https://doi.org/10.1145/2659651.2659675

TY - GEN

T1 - Employing Neural Networks for the detection of SQL injection attack

AU - Moradpoor Sheykhkanloo, Naghmeh

N1 - Conference code: 7th

PY - 2014/9/9

Y1 - 2014/9/9

N2 - Structured Query Language Injection (SQLI) attack is a code injection technique in which malicious SQL statements are inserted into the SQL database by simply using web browsers. SQLI attack can cause severe damages on a given SQL database such as losing data, disclosing confidential information or even changing the values of data. It has also been rated as the number-one attack on the Open Web Application Security Project (OWASP) top ten. In this paper, we propose an effective model to deal with this problem based on Neural Networks (NNs). The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to classify the generated URLs to either benign or malicious URLs, and an NN model in order to detect either a given URL is a malicious URL or a benign URL. The model is first trained and then evaluated by employing both benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.

AB - Structured Query Language Injection (SQLI) attack is a code injection technique in which malicious SQL statements are inserted into the SQL database by simply using web browsers. SQLI attack can cause severe damages on a given SQL database such as losing data, disclosing confidential information or even changing the values of data. It has also been rated as the number-one attack on the Open Web Application Security Project (OWASP) top ten. In this paper, we propose an effective model to deal with this problem based on Neural Networks (NNs). The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to classify the generated URLs to either benign or malicious URLs, and an NN model in order to detect either a given URL is a malicious URL or a benign URL. The model is first trained and then evaluated by employing both benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.

U2 - 10.1145/2659651.2659675

DO - 10.1145/2659651.2659675

M3 - Conference contribution

SN - 9781450330336

SP - 318

EP - 323

BT - Proceedings of the 7th International Conference on Security of Information and Networks

A2 - Poet, Ron

PB - Association for Computing Machinery (ACM)

CY - New York

T2 - 7th International Conference on Security of Information and Networks

Y2 - 9 September 2014 through 11 September 2014

ER -