A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks

Thousands of organisations store important and confidential information related to them, their customers, and their business partners in databases all across the world. The stored data ranges from less sensitive (e.g. first name, last name, date of birth) to more sensitive data (e.g. password, pin code, and credit card information). Losing data, disclosing confidential information or even changing the value of data are the severe damages that Structured Query Language injection (SQLi) attack can cause on a given database. It is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. In this paper, we propose an effective pattern recognition neural network model for detection and classification of SQLi attacks. The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to: 1) classify each generated URL to either a benign URL or a malicious URL and 2) classify the malicious URLs into different SQLi attack categories, and a NN model in order to: 1) detect either a given URL is a malicious URL or a benign URL and 2) identify the type of SQLi attack for each malicious URL. The model is first trained and then evaluated by employing thousands of benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.

Authors:

• Naghmeh Moradpoor Sheykhkanloo

Keywords:

• Neural Networks
• pattern recognition
• SQL injection attacks
• SQL injection attack classification
• SQL injection attack detection.

References:

[1] W. G. Halfond, J. Viegas, and A. Orso, “A Classification of SQLInjection
Attacks and countermeasures”, in Proc. of the Internet
Symposium on Secure Software Engineering (ISSSE 2006), Mar. 2006.
[2] R. Romil, R. Shailendra, "SQL injection attack Detection using SVM",
in International Journal of Computer Applications, V.42, N.13, March
2012.
[3] C. Gould, Z. Su, and P. Devanbu, "JDBC checker: A static analysis tool
for SQL/JDBC applications," 2004, pp. 697- 698.
[4] N. A. Lambert and K. Song Lin, “Use of Query Tokenization to detect
and prevent SQL Injection Attacks”, IEEE, 2010.
[5] A. Srinivas, G. Narayan, S. Ram, “Random4: An Application Specific
Randomized Encryption Algorithm to prevent SQL injection, in Trust,
Security and Privacy in Computing and Communications (TrustCom)”,
2012 IEEE 11th International Conference, pp.no. 1327 – 133, 25-27
June 2012.
[6] V. Shanmughaneethi, C. Emilin Shyni and S. Swamynathan,
“SBSQLID: Securing Web Applications with Service Based SQL
Injection Detection” 2009 International Conference on Advances in
Computing, Control, and Telecommunication Technologies, 978-0-
7695-3915-7/09, 2009 IEEE.
[7] K. Zhang, Ch. Lin, Sh. Chen, Y. Hwang, H. Huang, and F. Hsu,
“TransSQL: A Translation and Validation-based Solution for SQLInjection
Attacks”, First International Conference on Robot, Vision and
Signal Processing, IEEE, 2011.
[8] W. G. Halfond and A. Orso, “AMNESIA: Analysis and Monitoring for
NEutralizing SQL-Injection Attacks”, In Proceedings of the IEEE and
ACM International Conference on Automated Software Engineering
(ASE 2005), Long Beach, CA, USA, Nov 2005.
[9] R. McClure and I. Kruger, “SQL DOM: Compile Time Checking of
Dynamic SQL Statements”, In Proceedings of the 27th International
Conference on Software Engineering (ICSE 05), pages 88–96, 2005.
[10] Stephen W. Boyd, Angelos D. Keromytis, “SQLrand: Preventing SQL
injection Attacks”.
[11] Y. Huang, S. Huang, T. Lin, and C. Tsai, “Web Application Security
Assessment by Fault Injection and Behavior Monitoring”, In
Proceedings of the 11th International World Wide Web Conference
(WWW 03), May 2003.
[12] Z. Su and G. Wassermann, “The Essence of Command Injection Attacks
in Web Applications”, In the 33rd Annual Symposium on Principles of
Programming Languages (POPL 2006), Jan. 2006.
[13] Open Web Application Security Project (OWASP), available at:
https://www.owasp.org/index.php/About_OWASP (retrieved: Dec,
2014).
[14] Open Web Application Security Project (OWASP) top 10, available at:
https://www.owasp.org/index.php/Top_10_2013-Top_10 (retrieved:
Dec, 2014).
[15] MATLAB R2014a, available at: http://www.mathworks.co.uk
(retrieved: Dec, 2014).
[16] N. Moradpoor, “Employing Neural Networks for the Detection of SQL
Injection Attack”, In The 7th conference on Security of Information and
Networks (SIN2014), Sep 2014.
[17] Alexa, Bringing Information into Focus, available at:
http://www.alexa.com/topsites/countries/GB (retrieved: Dec, 2014).
[18] Introduction to SQL, available at:
http://www.w3schools.com/sql/sql_intro.asp (retrieved: June, 2015).