Knowledge-Based Systems ( IF 5.921 ) Pub Date : 2020-01-16 , DOI: 10.1016/j.knosys.2020.105528 Peng Tang; Weidong Qiu; Zheng Huang; Huijuan Lian; Guozhen Liu
The SQL injection, a common web attack, has been a challenging network security issue which causes annually millions of dollars of financial loss worldwide as well as a large amount of users’ privacy data leakage. This work presents a high accuracy SQL injection detection method based on neural network. We first acquire authentic user URL access log data from the Internet Service Provider(ISP), ensuring that our approach is real, effective and practical. We then conduct statistical research on normal data and SQL injection data. Based on the statistical results, we design eight types of features and train an MLP model. The accuracy of the model maintains over 99%. Meanwhile, we compare and evaluate the training effect of other machine learning algorithms(LSTM, for example), the results reveal that the accuracy of our method is superior to the relevant machine learning algorithms.