Litcius/Paper detail

SQL injection attack detection in network flow data

Ignacio Samuel Crespo-Martínez, Adrián Campazas, Ángel Manuel Guerrero‐Higueras, Virginia Riego del Castillo, Claudia Álvarez-Aparicio, Camino Fernández

2023Computers & Security83 citationsDOIOpen Access PDF

Abstract

SQL injections rank in the OWASP Top 3. The literature shows that analyzing network datagrams allows for detecting or preventing such attacks. Unfortunately, such detection usually implies studying all packets flowing in a computer network. Therefore, routers in charge of routing significant traffic loads usually cannot apply the solutions proposed in the literature. This work demonstrates that detecting SQL injection attacks on flow data from lightweight protocols is possible. For this purpose, we gathered two datasets collecting flow data from several SQL injection attacks on the most popular database engines. After evaluating several machine learning-based algorithms, we get a detection rate of over 97% with a false alarm rate of less than 0.07% with a Logistic Regression-based model.

Topics & Concepts

Computer scienceSQL injectionDatagramNetwork packetSQLConstant false alarm rateComputer networkData miningDatabaseQuery by ExampleSearch engineArtificial intelligenceInformation retrievalWeb search queryNetwork Security and Intrusion DetectionWeb Application Security VulnerabilitiesSoftware System Performance and Reliability