Fragmented query parse tree based SQL injection detection system for web applications

摘要

Increasing use of database driven web applications every day causes attacks on those web applications are also increasing. The common web application attack is SQL Injection attack or code injection or insertion of SQL query via input data from the client to the application. There are many detection techniques focused on the SQL structure at the application level are available. Those techniques failed to detect some of the attacks at the database level. Many existing approaches were proposed to detect the attack at the database level. The existing approach uses SVM classification for classification, which is the supervised learning algorithm, uses the syntactic and semantic features of the query parse tree. It takes more time for preprocessing of the query parse tree. In this paper, we fragmented the query parse tree to increase the speed of the preprocessing. The internal query tree can be obtained from the database log. To get instances for classification, the query tree is converted to n - dimensional feature vector by using multi - dimensional sequence. The semantic features are used as the component of feature vectors. And also the syntactic and semantic features are used to generate multi - dimensional sequences. Then the extracted feature is converted into a numeric value, if the feature contains any string value. Experimental results show that the proposed approach is more accurate and fast in detecting the attacks than existing approaches.