SQL-IDS: evaluation of SQLi attack detection and classification based on machine learning techniques

Abstract

Structured Query Language injection (SQLi) attack is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. Injected SQL commands can alter the database and thus compromise the security of a web application. In our previous work, we proposed an effective pattern recognition Neural Network (NN) model for detection and classification of the SQLi attacks. Our proposed model was built from: a Uniform Resource Locator (URL) generator, a URL classifier, and a NN model. The URL generator was implemented in order to generate thousands of malicious and benign URLs. The URL classifier was employed in order to identify each URL, which was generated by the URL generator, as either a benign URL or a malicious URL. The URL classifier also pigeonholed the malicious URLs into seven popular SQLi attack categories. The NN model includes n hidden layers with x input and y output nodes where the benign and malicious URLs were employed for training, validating, and testing phases. Addressing our previous captured results, our proposed pattern recognition NN model for the detection and classification of the SQLi attacks demonstrated a good performance in terms of accuracy, true-positive rate, and false-positive rate. In this paper, we stress test our previous proposal in order to prove the effectiveness of our proposed approach.