Long Short Term Memory Based Detection Of Web Based Sql Injection Attacks
View/ Open
Date
2019Author
Mwaruwa, Mwaruwa Chaka
Type
ThesisLanguage
enMetadata
Show full item recordAbstract
The internet has experienced considerable growth in the past decade due to increased ease of
access and growth of mobile technologies. The internet is increasingly being used for important
transactions such as financial transactions. With this growth, security has become a major
concern as sophisticated attacks continue to be observed on various systems. Injection attacks
are one of these attacks, and it’s prevalence has remained high in the past few years, having
been at the top of the OWASP top ten list in 2013, 2015 and 2017. Existing signature based
intrusion detection systems use known attack signatures, hence it’s difficult for them to keep
up with the ever changing attack landscape. Existing work using neural networks focuses on
one kind of injection attacks, hence leaving out vulnerability to the other kinds of injection
attacks.
This study presents a machine learning based approach to detect injection attacks. We develop
a method of collecting a diverse dataset of injection attacks, by using sqlmap and a custom
python script to send requests to a vulnerable application. We then develop and train a neural
network model using long short term memory (LSTM) networks that detects injection attacks.
We then test the model to determine its performance so as to evaluate its ability to detect these
attacks.
The model shows a good detection performance, reaching an accuracy of 95.4%. The model is
superior to other similar works due to its ability to detect the eight different kinds of sql
injection attacks, compared to similar works that are not as diverse.
We found that LSTM recurrent neural networks are a sufficient tool for the detection of
injection attacks due to their ability to correctly classify the attacks from genuine requests. We
further keep a log of all detections from the model, which can be used to retrain it hence learn
from new attacks, making it a better solution for the ever changing attack landscape compared
to the existing signature based methods.
Publisher
UoN
Rights
Attribution-NonCommercial-NoDerivs 3.0 United StatesUsage Rights
http://creativecommons.org/licenses/by-nc-nd/3.0/us/Collections
The following license files are associated with this item: