Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Advancing SQL Injection Detection for High-Speed Data Centers: A Novel Approach Using Cascaded NLP (2312.13041v1)

Published 20 Dec 2023 in cs.CR

Abstract: Detecting SQL Injection (SQLi) attacks is crucial for web-based data center security, but it is challenging to balance accuracy and computational efficiency, especially in high-speed networks. Traditional methods struggle with this balance, while NLP-based approaches, although accurate, are computationally intensive. We introduce a novel cascade SQLi detection method, blending classical and transformer-based NLP models, achieving a 99.86% detection accuracy with significantly lower computational demands-20 times faster than using transformer-based models alone. Our approach is tested in a realistic setting and compared with 35 other methods, including Machine Learning-based and transformer models like BERT, on a dataset of over 30,000 SQL sentences. Our results show that this hybrid method effectively detects SQLi in high-traffic environments, offering efficient and accurate protection against SQLi vulnerabilities with computational efficiency. The code is available at https://github.com/gdrlab/cascaded-sqli-detection .

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. “Owasp top 10:2021 - a03 injection,” accessed on Feb 23, 2023. [Online]. Available: https://owasp.org/Top10/A03_2021-Injection/
  2. D. Mitropoulos, P. Louridas, M. Polychronakis, and A. D. Keromytis, “Defending against web application attacks: Approaches, challenges and implications,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 2, pp. 188–203, 2019.
  3. M. Amouei, M. Rezvani, and M. Fateh, “Rat: Reinforcement-learning-driven and adaptive testing for vulnerability discovery in web application firewalls,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 5, pp. 3371–3386, 2022.
  4. G. M and P. H. B, “Semantic query-featured ensemble learning model for sql-injection attack detection in iot-ecosystems,” IEEE Transactions on Reliability, vol. 71, pp. 1057–1074, 6 2022.
  5. T. Hatomura, A. Yoshinaga, Y. Matsuzaki, al, K. Adhikary, S. Mal, B. Deb, D. Chen, Q. Yan, C. Wu, and J. Zhao, “Sql injection attack detection and prevention techniques using deep learning,” iopscience.iop.org, vol. 1757, p. 12055, 2021. [Online]. Available: https://iopscience.iop.org/article/10.1088/1742-6596/1757/1/012055/meta
  6. M. Ahmed and M. N. Uddin, “Cyber attack detection method based on nlp and ensemble learning approach,” in 2020 23rd International Conference on Computer and Information Technology (ICCIT).   IEEE, 2020, pp. 1–6.
  7. J. Triloka, H. Hartono, and S. Sutedi, “Detection of sql injection attack using machine learning based on natural language processing,” International Journal of Artificial Intelligence Research, vol. 6, 8 2022. [Online]. Available: https://ijair.id/index.php/ijair/article/view/355
  8. B. Gogoi, T. Ahmed, and A. Dutta, “Defending against sql injection attacks in web applications using machine learning and natural language processing,” Proceedings of the 2021 IEEE 18th India Council International Conference, INDICON 2021, 2021.
  9. M. Liu, K. Li, and T. Chen, “Deepsqli: Deep semantic learning for testing sql injection,” ISSTA 2020 - Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 286–297, 7 2020. [Online]. Available: https://dl.acm.org/doi/abs/10.1145/3395363.3397375?casa_token=LfgJiaDRIyYAAAAA:BCAQnvoTFu2GP7_W3G0hdiend3RBVttIzDe7gonoZ3zHoiRChHpXnSrK_FaEPU4Krs21Y-JiF_24Vg
  10. V. Matam, H. S. S. Hebbar, P. Jha, A. Bhat, S. Nagasundari, and P. B. Honnavalli, “Two-tier securing mechanism against web application attacks,” Lecture Notes in Electrical Engineering, vol. 905, pp. 787–798, 2022. [Online]. Available: https://link.springer.com/chapter/10.1007/978-981-19-2177-3_73
  11. I. Ghozali, M. F. Asy’ari, S. Triarjo, H. M. Ramadhani, H. Studiawan, and A. M. Shiddiqi, “A novel sql injection detection using bi-lstm and tf-idf,” in 2022 7th International Conference on Information and Network Technologies (ICINT).   IEEE, 2022, pp. 16–22.
  12. M. Wang and C. Wang, “Detection of sql injection attack based on improved tfidf algorithm,” in International Conference on Mechanisms and Robotics (ICMAR 2022), vol. 12331.   SPIE, 2022, pp. 885–892.
  13. W. Zhang, Y. Li, X. Li, M. Shao, Y. Mi, H. Zhang, and G. Zhi, “Deep neural network-based sql injection detection method,” Security and Communication Networks, vol. 2022, 2022.
  14. S. Lakhani, A. Yadav, and V. Singh, “Detecting sql injection attack using natural language processing,” 9th IEEE Uttar Pradesh Section International Conference on Electrical, Electronics and Computer Engineering, UPCON 2022, 2022.
  15. Y. E. Seyyar, A. G. Yavuz, and H. M. Ünver, “An attack detection framework based on bert and deep learning,” IEEE Access, vol. 10, pp. 68 633–68 644, 2022.
  16. A. K and A. John, “A deep learning based intrusion detection system using transformers,” SSRN Electronic Journal, 5 2022. [Online]. Available: https://papers.ssrn.com/abstract=4294593
  17. M. A. Oudah, M. F. Marhusin, and A. Narzullaev, “Sql injection detection using machine learning with different tf-idf feature extraction approaches,” in International Conference on Information Systems and Intelligent Applications: ICISIA 2022.   Springer, 2022, pp. 707–720.
  18. P. Viola and M. Jones, “Rapid object detection using a boosted cascade of simple features,” in Proceedings of the 2001 IEEE computer society conference on computer vision and pattern recognition. CVPR 2001, vol. 1.   Ieee, 2001, pp. I–I.
  19. K. Tasdemir, R. Khan, F. Siddiqui, S. Sezer, F. Kurugollu, and A. Bolat, “An investigation of machine learning algorithms for high-bandwidth sql injection detection utilising bluefield-3 dpu technology,” in 2023 IEEE 36th International System-on-Chip Conference (SOCC), 2023, pp. 1–6.
  20. A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Ł. Kaiser, and I. Polosukhin, “Attention is all you need,” Advances in neural information processing systems, vol. 30, 2017.
  21. J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv:1810.04805, 2018.
  22. I. Turc, M.-W. Chang, K. Lee, and K. Toutanova, “Well-read students learn better: On the importance of pre-training compact models,” arXiv preprint arXiv:1908.08962v2, 2019.
  23. “Smaller bert models,” accessed on Feb 23, 2023. [Online]. Available: https://github.com/google-research/bert/
  24. H. Liu, P. Burnap, W. Alorainy, and M. L. Williams, “A fuzzy approach to text classification with two-stage training for ambiguous instances,” IEEE Transactions on Computational Social Systems, vol. 6, no. 2, pp. 227–240, 2019.
  25. J. Hussain, S. Lalmuanawma, and L. Chhakchhuak, “A two-stage hybrid classification technique for network intrusion detection system,” International Journal of Computational Intelligence Systems, vol. 9, no. 5, pp. 863–875, 2016.
  26. K. Crammer, O. Dekel, J. Keshet, S. Shalev-Shwartz, and Y. Singer, “Online passive aggressive algorithms,” 2006.
  27. “Sqliv3: Sql injection dataset, kaggle,” accessed on Feb 23, 2023. [Online]. Available: https://www.kaggle.com/datasets/syedsaqlainhussain/sql-injection-dataset
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now