SQL Injection Vulnerability Detection Using Deep Learning: A Feature-based Approach

Md Maruf Hassan,Tonmoy Ghosh,R Badlishah Ahmad

doi:10.52549/.v9i3.3131

Abstract

SQL injection (SQLi), a well-known exploitation technique, is a serious risk factor for database-driven web applications that are used to manage the core business functions of organizations. SQLi enables an unauthorized user to get access to sensitive information of the database, and subsequently, to the application’s administrative privileges. Therefore, the detection of SQLi is crucial for businesses to prevent financial losses. There are different rules and learning-based solutions to help with detection, and pattern recognition through support vector machines (SVMs) and random forest (RF) have recently become popular in detecting SQLi. However, these classifiers ensure 97.33% accuracy with our dataset. In this paper, we propose a deep learning-based solution for detecting SQLi in web applications. The solution employs both correlation and chi-squared methods to rank the features from the dataset. Feed-forward network approach has been applied not only in feature selection but also in the detection process. Our solution provides 98.04% accuracy over 1,850+ recorded datasets, where it proves its superior efficiency among other existing machine learning solutions.

Highlights

The versatility of the internet raises the expectations of its user by offering limitless information and connectivity
There are different rules and learning-based solutions to help with detection, and pattern recognition through support vector machines (SVMs) and random forest (RF) have recently become popular in detecting SQL injection (SQLi)
This paper proposed a technique to detect web application's SQLi vulnerability based on various web features using deep learning

Summary

Introduction

The versatility of the internet raises the expectations of its user by offering limitless information and connectivity. Binu [31] proposed a method where they made a set of tokens with the SQL query and matched them with user input at the runtime to detect SQLi attacks. Tzouramanis [44] proposed a technique where they extracted some syntactical structures of SQL queries of a web application and filtered runtime SQL queries based on those structures to detect SQLi attacks.

Results

Conclusion