Long Short Term Memory Based Detection Of Web Based Sql Injection Attacks

Abstract

The internet has experienced considerable growth in the past decade due to increased ease of access and growth of mobile technologies. The internet is increasingly being used for important transactions such as financial transactions. With this growth, security has become a major concern as sophisticated attacks continue to be observed on various systems. Injection attacks are one of these attacks, and it’s prevalence has remained high in the past few years, having been at the top of the OWASP top ten list in 2013, 2015 and 2017. Existing signature based intrusion detection systems use known attack signatures, hence it’s difficult for them to keep up with the ever changing attack landscape. Existing work using neural networks focuses on one kind of injection attacks, hence leaving out vulnerability to the other kinds of injection attacks. This study presents a machine learning based approach to detect injection attacks. We develop a method of collecting a diverse dataset of injection attacks, by using sqlmap and a custom python script to send requests to a vulnerable application. We then develop and train a neural network model using long short term memory (LSTM) networks that detects injection attacks. We then test the model to determine its performance so as to evaluate its ability to detect these attacks. The model shows a good detection performance, reaching an accuracy of 95.4%. The model is superior to other similar works due to its ability to detect the eight different kinds of sql injection attacks, compared to similar works that are not as diverse. We found that LSTM recurrent neural networks are a sufficient tool for the detection of injection attacks due to their ability to correctly classify the attacks from genuine requests. We further keep a log of all detections from the model, which can be used to retrain it hence learn from new attacks, making it a better solution for the ever changing attack landscape compared to the existing signature based methods.