SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel

McWhirter, Paul R.; Kifayat, Kashif; Shi, Qi; Askwith, Bob

doi:10.1016/j.jisa.2018.04.001

Cited by 43 publications

(31 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…McWhirter et al [22] extracted the features of SQL based on the gap-weighted string subsequence kernel in 2018, and used SVM for classification with an accuracy rate of over 92.48%. Many literatures used machine learning for detection [18], [24].…”

Section: Detection Of Sql Injection Attacks In Webmentioning

confidence: 99%

Pattern Mining and Detection of Malicious SQL Queries on Anonymization Mechanism

Zheng

Shen

2021

IEEE Access

View full text Add to dashboard Cite

With the striking development of big data, individual privacy and data security obtain unprecedented importance. Database anonymization mechanism is created for protecting individual privacy by adding noise to the result of a query, which finds a tradeoff between the privacy and utility of personal data. However, corresponding attacks are emerging continuously resulting in a high risk of individual identification. In this paper, we learn patterns of malicious SQL queries and propose a novel detection method. Association rules are used to mine patterns and features of noise-exploitation attacks, and parse trees are applied to the feature extraction of SQL, thereby we construct feature vectors and input them into the classifiers. At the same time, we also propose a SQL generation method to generate query samples based on a real database for model training and testing. Experiments show that our detection method can significantly prevent noise-exploitation attacks including almost all differential attacks and 91% cloning attacks based on the synthetic dataset, which ensures a strong degree of data utility. INDEX TERMS Database anonymization mechanism, diffix, malicious query detection, SQL parsing, random forest. IV. PATTERNS AND CHARACTERISTICS OF MALICIOUS QUERIES A. MAIN TYPES OF ATTACKS

show abstract

Section: Detection Of Sql Injection Attacks In Webmentioning

confidence: 99%

Pattern Mining and Detection of Malicious SQL Queries on Anonymization Mechanism

Zheng

Shen

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Detection of malicious queries, including SQL injections, is a significant area of research (McWhirter et al, 2018 ). The privacy-loss score model is built upon another model that captures the querying behavior of a user and constructs user profiles.…”

Section: Computing Privacy Scorementioning

confidence: 99%

Quantitatively Measuring Privacy in Interactive Query Settings Within RDBMS Framework

2020

View full text Add to dashboard Cite

Little attention has been paid to the measurement of risk to privacy in Database Management Systems, despite their prevalence as a modality of data access. This paper proposes PriDe, a quantitative privacy metric that provides a measure (privacy score) of privacy risk when executing queries in relational database management systems. PriDe measures the degree to which attribute values, retrieved by a principal (user) engaging in an interactive query session, represent a reduction of privacy with respect to the attribute values previously retrieved by the principal. It can be deployed in interactive query settings where the user sends SQL queries to the database and gets results at run-time and provides privacy-conscious organizations with a way to monitor the usage of the application data made available to third parties in terms of privacy. The proposed approach, without loss of generality, is applicable to BigSQL-style technologies. Additionally, the paper proposes a privacy equivalence relation that facilitates the computation of the privacy score.

show abstract

“…Though the approach minimized the execution time, the ER was not minimized. Hence a gapweighted string subsequence kernel algorithm was developed [7] to detect the subsequences of query strings and categorize indefinite test queries using support vector machine which resulted in failure in minimizing the error of the classification. Finally clustering-based fragmentation method was developed [8] for solving the data replication problem from the SQL query but, TC of the clustering remained unsolved.…”

Section: Related Workmentioning

confidence: 99%

BIBSQLQC: Brown infomax boosted SQL query clustering algorithm to detect anti-patterns in the query log

Ramakrishnan¹,

Palanisamy²

2020

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

Discovery of antipatterns from arbitrary SQL query log depends on the static code analysis used to enhance the quality and performance of software applications. The existence of antipatterns reduces the quality and leads to redundant SQL statements. SQL log includes a large load on the database and it is difficult for an analyst to extract large patterns in a minimal time. Existing techniques which discover antipatterns in SQL query face a lot of innumerable challenges to discover the normal sequences of queries within the log. In order to discover the antipatterns in the log, an efficient technique called Brown infomax boosted SQL query clustering (BIBSQLQC) technique is introduced. Initially, the number of patterns (i.e. queries) are extracted from the SQL query log. After extracting the patterns, the ensemble clustering process is carried out to find out the antipatterns from the given query log. The Brown infomax boost clustering is an ensemble learning method for grouping the patterns by constructing several weak learners. The Brown clustering is used as a weak learner for partitioning the patterns into 'k' number of clusters based on the Euclidean distance measure. Then the weak learner merges the two clusters with maximum information gained to minimize the time complexity. The clustering results of weak learners are combined into strong results with minimal error rate (ER). By this way, the antipattern in the SQL query log is detected with a higher accuracy. Experimental evaluation is conducted with different parameters namely detection accuracy (DA), false positive rate (FPR) and time complexity (TC) using the two SQL query log data-sets (DS). The experimental result shows that, the BIBSQLQC technique achieves higher DA with lower TC and FPR than the conventional methods.

show abstract

SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel

Cited by 43 publications

References 12 publications

Pattern Mining and Detection of Malicious SQL Queries on Anonymization Mechanism

Pattern Mining and Detection of Malicious SQL Queries on Anonymization Mechanism

Quantitatively Measuring Privacy in Interactive Query Settings Within RDBMS Framework

BIBSQLQC: Brown infomax boosted SQL query clustering algorithm to detect anti-patterns in the query log

Contact Info

Product

Resources

About