SQL Injection Detection Using RNN Deep Learning Model
DOI:
https://doi.org/10.37385/jaets.v5i1.2864Keywords:
SQL injection, Recurrent Neural Network (RNN), Deep learning, ClassificationAbstract
SQL injection attacks are a common type of cyber-attack that exploit vulnerabilities in web applications to access databases through malicious SQL queries. These attacks pose a serious threat to the security and integrity of web applications and their data. The existing methods for detecting SQL injection attacks are based on predefined rules that can be easily circumvented by sophisticated attackers. Therefore, there is a need for a more robust and effective method for detecting SQL injection attacks. In this research, we propose a novel method for detecting SQL injection attacks using recurrent neural networks (RNN), which are a type of deep learning model that can capture the syntax and semantic features of SQL queries. We train an RNN model on a dataset of benign and malicious SQL queries, and use it to classify queries as either benign or malicious. We evaluate our method on a benchmark dataset and compare it with the existing rule-based methods. Our experimental results show that our method achieved high accuracy and outperformed the rule-based methods for detecting SQL injection attacks. Our research contributes to the field of web application security by providing a new and effective solution for protecting web applications from SQL injection attacks using deep learning. Our method has both practical and theoretical implications, as it can be easily integrated into existing web application security frameworks to provide an additional layer of protection against SQL injection attacks, and it can also advance the understanding of how deep learning models can be applied to natural language processing tasks such as SQL query analysis.
Downloads
References
Alarfaj, F. K., & Khan, N. A. (2023). Enhancing the Performance of SQL Injection Attack Detection through Probabilistic Neural Networks. Applied Sciences, 13(7), 4365. https://doi.org/10.3390/app13074365
Alghawazi, M., Alghazzawi, D., & Alarifi, S. (2022). Detection of SQL injection attack using machine learning techniques: a systematic literature review. Journal of Cybersecurity and Privacy, 2(4), 764-777. https://doi.org/10.3390/jcp2040039
Alwan, Z. S., & Younis, M. F. (2017). Detection and prevention of SQL injection attack: a survey. International Journal of Computer Science and Mobile Computing, 6(8), 5-17.
Aminanto, M. E., Purbomukti, I. R., Chandra, H., & Kim, K. (2022). Two-Dimensional Projection-Based Wireless Intrusion Classification Using Lightweight EfficientNet. Computers, Materials & Continua, 72(3), 5301. https://doi.org/10.32604/cmc.2022.026749
Arock, M. (2021). Efficient detection of SQL injection attack (SQLIA) Using pattern-based neural network model. In 2021 International conference on computing, communication, and intelligent systems (ICCCIS) (pp. 343-347). IEEE. https://doi.org/10.1109/ICCCIS51004.2021.9397066
ArunKumar, K. E., Kalaga, D. V., Kumar, C. M. S., Kawaji, M., & Brenza, T. M. (2021). Forecasting of COVID-19 using deep layer recurrent neural networks (RNNs) with gated recurrent units (GRUs) and long short-term memory (LSTM) cells. Chaos, Solitons & Fractals, 146, 110861. https://doi.org/10.1016/j.chaos.2021.110861
Bhateja, N., Sikka, S., & Malhotra, A. (2021). A review of SQL injection attack and various detection approaches. Smart and Sustainable Intelligent Systems, 481-489, https://doi.org/10.1002/9781119752134.ch34
Chen, D., Yan, Q., Wu, C., & Zhao, J. (2021). SQL injection attack detection and prevention techniques using deep learning. In Journal of Physics: Conference Series (Vol. 1757, No. 1, p. 012055). IOP Publishing. https://doi.org/10.1088/1742-6596/1757/1/012055
Chen, Z., & Guo, M. (2018). Research on SQL injection detection technology based on SVM. In MATEC web of conferences (Vol. 173, p. 01004). EDP Sciences. https://doi.org/10.1051/matecconf/201817301004
Demilie, W. B., & Deriba, F. G. (2022). Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques. Journal of Big Data, 9(1), 124. https://doi.org/10.1186/s40537-022-00678-0
Falor, A., Hirani, M., Vedant, H., Mehta, P., & Krishnan, D. (2022). A deep learning approach for detection of SQL injection attacks using convolutional neural networks. In Proceedings of Data Analytics and Management: ICDAM 2021, Volume 2 (pp. 293-304). Springer Singapore. https://doi.org/10.1007/978-981-16-6285-0_24
Farhan, A. H., & Hasan, R. F. (2023). Detection SQL Injection Attacks Against Web Application by Using K-Nearest Neighbors with Principal Component Analysis. In Proceedings of Data Analytics and Management: ICDAM 2022 (pp. 631-642). Singapore: Springer Nature Singapore. https://doi.org/10.1007/978-981-19-7615-5_52
Ghozali, I., Asy'ari, M. F., Triarjo, S., Ramadhani, H. M., Studiawan, H., & Shiddiqi, A. M. (2022). A Novel SQL Injection Detection Using Bi-LSTM and TF-IDF. In 2022 7th International Conference on Information and Network Technologies (ICINT) (pp. 16-22). IEEE. https://doi.org/10.1109/ICINT55083.2022.00010
Hassan, M. M., Ahmad, R. B., & Ghosh, T. (2021). SQL injection vulnerability detection using deep learning: a feature-based approach. Indonesian Journal of Electrical Engineering and Informatics (IJEEI), 9(3), 702-718. http://dx.doi.org/10.52549/.v9i3.3131
Jemal, I., Cheikhrouhou, O., Hamam, H., & Mahfoudhi, A. (2020). Sql injection attack detection and prevention techniques using machine learning. International Journal of Applied Engineering Research, 15(6), 569-580.
Jothi, K. R., Pandey, N., Beriwal, P., & Amarajan, A. (2021, March). An efficient SQL injection detection system using deep learning. In 2021 International conference on computational intelligence and knowledge economy (ICCIKE) (pp. 442-445). IEEE. https://doi.org/10.1109/ICCIKE51210.2021.9410674
Kals, S., Kirda, E., Kruegel, C., & Jovanovic, N. (2006). Secubat: a web vulnerability scanner. In Proceedings of the 15th international conference on World Wide Web (pp. 247-256). https://doi.org/10.1145/1135777.1135817
Kareem, F. Q., Ameen, S. Y., Salih, A. A., Ahmed, D. M., Kak, S. F., Yasin, H. M., ... & Omar, N. (2021). SQL injection attacks prevention system technology. Asian Journal of Research in Computer Science, 10(3), 13-32. https://doi.org/10.9734/AJRCOS/2021/v10i330242
Krishnan, S. A., Sabu, A. N., Sajan, P. P., & Sreedeep, A. L. (2021). SQL injection detection using machine learning. REVISTA GEINTEC-GESTAO INOVACAO E TECNOLOGIAS, 11(3), 300-310.
LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. nature, 521(7553), 436-444. https://doi.org/10.1038/nature14539
Li, Q., Wang, F., Wang, J., & Li, W. (2019). LSTM-based SQL injection detection method for intelligent transportation system. IEEE Transactions on Vehicular Technology, 68(5), 4182-4191. https://doi.org/ 0.1109/TVT.2019.2893675
Markoulidakis, I., Kopsiaftis, G., Rallis, I., & Georgoulas, I. (2021). Multi-class confusion matrix reduction method and its application on net promoter score classification problem. In The 14th pervasive technologies related to assistive environments conference (pp. 412-419). https://doi.org/10.1145/3453892.3461323
Nagasundari, S., & Honnavali, P. B. (2019). SQL injection attack detection using ResNet. In 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-7). IEEE. https://doi.org/10.1109/ICCCNT45670.2019.8944874
Oudah, M. A., Marhusin, M. F., & Narzullaev, A. (2022). SQL injection detection using machine learning with different TF-IDF feature extraction approaches. In International Conference on Information Systems and Intelligent Applications (pp. 707-720). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-031-16865-9_57
Pallam, R., Konda, S. P., Manthripragada, L., & Noone, R. A. (2021). Detection of Web Attacks using Ensemble Learning. learning, 3(4), 5.
Roy, P., Kumar, R., & Rani, P. (2022). SQL injection attack detection by machine learning classifier. In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC) (pp. 394-400). IEEE. https://doi.org/10.1109/ICAAIC53929.2022.9792964
Sudharshan, K., Naveen, C., Vishnuram, P., Krishna Rao Kasagani, D. V. S., & Nastasi, B. (2022). Systematic review on impact of different irradiance forecasting techniques for solar energy prediction. Energies, 15(17), 6267. https://doi.org/10.3390/en15176267
Tang, P., Qiu, W., Huang, Z., Lian, H., & Liu, G. (2020). Detection of SQL injection based on artificial neural network. Knowledge-Based Systems, 190, 105528. https://doi.org/10.1016/j.knosys.2020.105528
Theissler, A., Thomas, M., Burch, M., & Gerschner, F. (2022). ConfusionVis: Comparative evaluation and selection of multi-class classifiers based on confusion matrices. Knowledge-Based Systems, 247, 108651. https://doi.org/10.1016/j.knosys.2022.108651
Yu, L., Luo, S., & Pan, L. (2019, July). Detecting SQL injection attacks based on text analysis. In 3rd International Conference on Computer Engineering, Information Science & Application Technology (ICCIA 2019) (pp. 95-101). Atlantis Press. https://doi.org/10.2991/iccia-19.2019.14
Zhang, W., Li, Y., Li, X., Shao, M., Mi, Y., Zhang, H., & Zhi, G. (2022). Deep Neural Network-Based SQL Injection Detection Method. Security and Communication Networks, 2022, 4836289. https://doi.org/10.1155/2022/4836289
Zhao, J., Wang, N., Ma, Q., & Cheng, Z. (2019). Classifying malicious URLs using gated recurrent neural networks. In Innovative Mobile and Internet Services in Ubiquitous Computing: Proceedings of the 12th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2018) (pp. 385-394). Springer International Publishing. https://doi.org/10.1007/978-3-319-93554-6_36.
CITEDNESS IN SCOPUS
CITEDNESS IN WOS
