Visible to the public WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM

TitleWOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM
Publication TypeConference Paper
Year of Publication2018
AuthorsFang, Yong, Peng, Jiayi, Liu, Liang, Huang, Cheng
Conference NameProceedings of the 2Nd International Conference on Cryptography, Security and Privacy
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6361-7
KeywordsHuman Behavior, LSTM networks, Metrics, policy-based-governance, privacy, pubcrawl, Resiliency, SQL Injection, SQL injection detection, SQL token word vector, threat vectors

The Structured Query Language Injection Attack (SQLIA) is one of the most serious and popular threats of web applications. The results of SQLIA include the data loss or complete host takeover. Detection of SQLIA is always an intractable challenge because of the heterogeneity of the attack payloads. In this paper, a novel method to detect SQLIA based on word vector of SQL tokens and LSTM neural networks is described. In the proposed method, SQL query strings were firstly syntactically analyzed into tokens, and then likelihood ratio test is used to build the word vector of SQL tokens, ultimately, an LSTM model is trained with sequences of token word vectors. We developed a tool named WOVSQLI, which implements the proposed technique, and it was evaluated with a dataset from several sources. The results of experiments demonstrate that WOVSQLI can effectively identify SQLIA.

Citation Keyfang_wovsqli:_2018