SQL injection attack identification method based on machine learning

A technology of injection attack and machine learning, which is applied in character and pattern recognition, instruments, computer parts, etc., can solve problems such as inability to prevent SQL injection attacks in a timely and effective manner, and achieve flexible and diverse identification methods, reduce dependence, and reduce complexity Effect

Pending Publication Date: 2022-03-01
北京墨云科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention aims to solve the technical problem that people cannot timely and effectively prevent SQL injection attacks when using Internet data in the prior art, and provides a machine learning-based SQL injection attack identification method, which can effectively improve the efficiency of SQL injection attack identification and improve security sex

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection attack identification method based on machine learning
  • SQL injection attack identification method based on machine learning
  • SQL injection attack identification method based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] like figure 1 As shown, a method for identifying SQL injection attacks based on machine learning includes the following steps:

[0044] S1. Obtain request data: build a shooting range with SQL injection target holes, use SQLMAP and manual penetration to collect relevant data containing SQL injection, and classify and label relevant data; relevant data include request parameters, request methods, response content, responses Status; classification and labeling include SQL injection attacks and non-SQL injection attacks;

[0045] S2. Relevant data feature engineering: perform data cleaning on relevant data, extract feature data and convert it into a vector; for example figure 2 shown, including the following steps:

[0046] S21. Use a downsampling algorithm to clear data containing missing values ​​in the relevant data;

[0047] S22. Use xpath to remove the tags in the response content, and only keep the page content;

[0048] S23, using the method in the urlparse pac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SQL injection attack recognition method based on machine learning, which comprises the following steps: S1, obtaining request data: establishing a target range containing an SQL injection target hole, collecting related data containing SQL injection by using an SQLMAP and artificial penetration mode, and classifying and marking the related data; s2, related data feature engineering: carrying out data cleaning on related data, extracting feature data and converting the feature data into vectors; s3, machine learning: training the vectors through a classifier model by adopting an ensemble learning algorithm, and carrying out final category judgment by adopting a judgment method that minority obeys majority to obtain a classifier model for SQL injection detection; and S4, SQL injection attack identification: performing feature engineering and vectorization processing on the Web request data, then entering a classifier model for prediction, and identifying the SQL injection attack. According to the method, the SQL injection attack recognition efficiency can be effectively improved, and the safety is improved.

Description

technical field [0001] The invention relates to the technical field of network data security, in particular to a machine learning-based SQL injection attack identification method. Background technique [0002] Web-based applications typically rely on back-end database servers to manage application-specific persistent state and to extract data by executing queries composed using input provided by the application's users. If the user's request is not handled correctly, the attacker can change the structure of the SQL statement by manipulating user input. As a result, the server may suffer from SQL injection attacks based on web applications, and even endanger the security of the database. [0003] SQL injection attack detection is divided into pre-intrusion detection and post-intrusion detection. Pre-intrusion detection can be done manually or by using SQL injection tool software. The purpose of detection is to prevent SQL injection attacks, and the detection after SQL injec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40G06K9/62
CPCH04L63/1425H04L63/1466G06F18/24
Inventor 何召阳任玉坤谢鑫刘兵方仁贵尉俊强
Owner 北京墨云科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap