MURLi: A Tool for Detection of Malicious URLs and Injection Attacks

Abstract

SQL databases have been a staple for storing data in enterprises to meet their database requirements. SQL injection has also become a major security threat due to the growth of SQL. Injection attacks occur when the query in the database is modified by malicious data from an unsecure user. The use of NoSQL databases has been growing steadily due to advancements in Big Data and similar domains, and as an alternative to SQL databases. But recent studies have proved that even NoSQL is susceptible to injection attacks. Malicious websites can harm a person using the internet in various ways. Phishing attacks, Spam attacks, Defacement Attacks can occur once a user clicks on a URL. In this research, we propose the tool mURLi, for early detection of Malicious URLs, SQLi and NoSQLi, which pose a large threat to the end-users. To build mURLi, we have used various deep learning models (ANN, BiLSTM, BERT) and machine learning models (Random Forest, XGBoost, Adaboost, KNN) in an attempt to detect these attacks (SQLi, NoSQLi and Malicious URLs) more accurately than traditional methods and have presented a comparative study of the same. The results show that BERT model outperforms the existing tools for SQL and NoSQL attacks with an accuracy of 99.6% and 99.01% respectively, which was achievable due to its pre-training and deep language knowledge. BiLSTM proves to be the best tool for detection of Malicious URL attacks, with the results being 95.2% accurate.