Modified Parse-Tree Based Pattern Extraction Approach for Detecting SQLIA Using Neural Network Model.

A, Meharaj Begum; Arock, Michael

doi:10.22042/isecure.2023.370697.886

Modified Parse-Tree Based Pattern Extraction Approach for Detecting SQLIA Using Neural Network Model.

Document Type : Research Article

Authors

Meharaj Begum A

Michael Arock

Bio-informatics and Parallel Computing Lab,Department of Computer Applications, National Institute of Technology, Tiruchirappalli, Tamilnadu, India

https://doi.org/10.22042/isecure.2023.370697.886

Abstract

Whatever malware protection is upcoming, still the data are prone to cyber-attacks. The most threatening Structured Query Language Injection Attack (SQLIA) happens at the database layer of web applications leading to unlimited and unauthorized access to confidential information through malicious code injection. Since feature extraction accuracy significantly influences detection results, extracting the features of a query that predominantly contributes to SQL Injection (SQLI) is the most challenging task for the researchers. So, the proposed work primarily focuses on that using modified parse-tree representation. Some existing techniques used graph representation to identify characteristics of the query based on a predefined fixed list of SQL keywords. As the complete graph representation requires high time complexity for traversals due to the unnecessary links, a modified parse tree of tokens is proposed here with restricted links between operators (internal nodes) and operands (leaf nodes) of the WHERE clause. Tree siblings from the leaf nodes comprise the WHERE clause operands, where the attackers try to manipulate the conditions to be true for all the cases. A novelty of this work is identifying patterns of legitimate and injected queries from the proposed modified parse tree and applying a pattern-based neural network (NN) model for detecting attacks. The proposed approach is applied in various machine learning (ML) models and a neural network model, Multi-Layer Perceptron (MLP). With the scrupulously extracted patterns and their importance (weights) in legitimate and injected queries, the MLP model provides better results in terms of accuracy (97.85%), precision (93.8%) and AUC (97.8%)

Keywords

Modified Parse Tree

Neural Network Model

Pattern Mining

Siblings

SQLIA Detection

Web Application Security

20.1001.1.20082045.2024.16.1.1.5

[1] Injection attacks: The least glamorous attack is one of the most threateningsql injection attack: A major application security threat. https://securityintelligence.com/injection-attacks-the-least-glamorous-attack-is-
one-of-the-most- threatening. Accessed:2021-05-5.
[2] Sql injection attack: A major application security threat. urlhttps://www.kratikal.com/blog/sql-injection-attack-a-major- application-security-threat/. Accessed: 2021-05-5.
[3] Massive freepik data breach tied to sql injection attack. https://www.databreachtoday.com/massive-freepik-data- breach-tied-to-sql-injection-attack-a-14880. Accessed: 2022-05-3.
[4] Debabrata Kar, Suvasini Panigrahi, and Srikanth Sundararajan. Sqligot: Detecting sql injection attacks using graph of tokens and svm. Computers & Security, 60:206–225, 2016. January 2024, Volume 16, Number 1 (pp. 1–16) 15
[5] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour. Study of sql injection attacks and countermeasures. International Journal of Computer and Communication Engineering, 2(5):539, 2013.
[6] Subhranil Som, Sapna Sinha, and Ritu Kataria. Study on sql injection attacks: Mode detection and prevention. International Journal of Engineering Applied Sciences and Technology, 1(8):23–29, 2016.
[7] MA Lawal, Abu Bakar Md Sultan, and Ayanloye O Shakiru. Systematic literature review on sql injection attack. International Journal of Soft Computing, 11(1):26–35, 2016.
[8] Bharti Nagpal, Naresh Chauhan, and Nanhay Singh. A survey on the detection of sql injection attacks and their countermeasures. Journal of Information Processing Systems, 13(4):689–702, 2017.
[9] Zainab S Alwan and Manal F Younis. Detection and prevention of sql injection attack: a survey. International Journal of Computer Science and Mobile Computing, 6(8):5–17, 2017.
[10] EE Ogheneovo and PO Asagba. A parse tree model for analyzing and detecting sql injection vulnerabilities. West African Journal of Industrial and Academic Research, 6(1):33–49, 2013.
[11] K Jhala and UD Shukla. Tautology based advanced sql injection technique a peril to web application. In National conference on latest trends in networking and cyber security, 2017.
[12] Rishiraj Saha Roy, Yogarshi Vyas, Niloy Ganguly, and Monojit Choudhury. Improving unsupervised query segmentation using parts-of-speech sequence information. In Proceedings of the 37th international ACM SIGIR conference
on Research & development in information retrieval, pages 935–938, 2014.
[13] Yong Fang, Jiayi Peng, Liang Liu, and Cheng Huang. Wovsqli: Detection of sql injection behaviors using word vector and lstm. In Proceedings of the 2nd international conference on cryptography, security and privacy, pages 170–174, 2018.
[14] Stanislav Abaimov and Giuseppe Bianchi. Coddle: Code-injection detection with deep learning. IEEE Access, 7:128617–128627, 2019.
[15] Ines Jemal, Omar Cheikhrouhou, Habib Hamam, and Adel Mahfoudhi. Sql injection attack detection and prevention techniques using machine learning. International Journal of Applied Engineering Research, 15(6):569–580, 2020.
[16] Romil Rawat and Shailendra Kumar Shrivastav. Sql injection attack detection using svm. International Journal of Computer Applications, 42(13):1–4, 2012.
[17] TP Latchoumi, Manoj Sahit Reddy, and K Balamurugan. Applied machine learning predictive analytics to sql injection attack detection and prevention. European Journal of Molecular & Clinical Medicine, 7(02):2020, 2020.
[18] Solomon Ogbomon Uwagbole, William J Buchanan, and Lu Fan. An applied patterndriven corpus to predictive analytics in mitigating sql injection attack. In 2017 Seventh International Conference on Emerging Security Technologies (EST), pages 12–17. IEEE, 2017.
[19] B Kranthikumar and R Leela Velusamy. Sql injection detection using regex classifier. Journal of Xi’an University of Architecture & Technology, 12(VI):800–809, 2020.
[20] Abdalla Hadabi, Eltyeb Elsamani, Ali Abdallah, and Rashad Elhabob. An efficient model to detect and prevent sql injection attack. Journal of Karary University for Engineering and Science, 2022.
[21] Anamika Joshi and V Geetha. Sql injection detection using machine learning. In 2014 international conference on control, instrumentation, communication and computational technologies(ICCICCT), pages 1111–1115. IEEE, 2014.
[22] Mohammad Saiful Islam Mamun, Mohammad Ahmad Rathore, Arash Habibi Lashkari, Natalia Stakhanova, and Ali A Ghorbani. Detecting malicious urls using lexical analysis. In Network and System Security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, Proceedings 10, pages 467–482. Springer, 2016.
[23] Lu Yu, Senlin Luo, and Limin Pan. Detecting sql injection attacks based on text analysis. In 3rd International Conference on Computer Engineering, Information Science & Application Technology (ICCIA 2019), pages 95–101. Atlantis Press, 2019.
[24] Chamundeswari Arumugam, Varsha Bhargavi Dwarakanathan, S Gnanamary, Vishalraj Natarajan Neyveli, Rohit Kanakuppaliyalil Ramesh, Yeshwanthraa Kandhavel, and Sadhanandhan Balakrishnan. Prediction of sql injection attacks in web applications. In Computational Science and Its Applications–ICCSA 2019: 19th International Conference, Saint Petersburg, Russia, July 1–4, 2019, Proceedings, Part IV 19, pages 496–505. Springer, 2019.
[25] Qi Li, Weishi Li, Junfeng Wang, and Mingyu Cheng. A sql injection detection method based on adaptive deep forest. IEEE Access, 7:145385–145394, 2019.
[26] Joko Triloka, Hartono Hartono, and Sutedi Sutedi. Detection of sql injection attack using machine learning based on natural language processing. International Journal of Artificial Intelligence Research, 6(2), 2022.
[27] Naghmeh Moradpoor Sheykhkanloo. A learningbased neural network model for the detection and classification of sql injection attacks. International Journal of Cyber Warfare and Terrorism (IJCWT), 7(2):16–41, 2017.
[28] Peng Tang, Weidong Qiu, Zheng Huang, Huijuan Lian, and Guozhen Liu. Detection of sql injection based on artificial neural network. Knowledge-Based Systems, 190:105528, 2020.
[29] Wei Zhang, Yueqin Li, Xiaofeng Li, Minggang Shao, Yajie Mi, Hongli Zhang, and Guoqing Zhi.Deep neural network-based sql injection detection method. Security and Communication Networks, 2022, 2022.
[30] Ayush Falor, Manav Hirani, Henil Vedant, Priyank Mehta, and Deepa Krishnan. A deep learning approach for detection of sql injection attacks using convolutional neural networks. In Proceedings of Data Analytics and Management: ICDAM 2021, Volume 2, pages 293–304. Springer, 2022.
[31] Tao Yu, Rui Zhang, Kai Yang, Michihiro Yasunaga, Dongxu Wang, Zifan Li, James Ma, Irene Li, Qingning Yao, Shanelle Roman, et al. Spider: A large-scale human-labeled dataset for complex and cross-domain semantic parsing and text-to-sql task. arXiv preprint arXiv:1809.08887, 2018.