An ensemble classification-based approach to detect attack level of SQL injections

摘要

Sensitive data including identity information, passwords, financial and business processes belonging to the user are kept in the databases. These data can be obtained by attackers with malicious code added to SQL queries. The malicious and clean SQL queries are taken from OWASP dataset to ensure that the proposed approach effective and practical. The middleware application which is developed in this study analyzes these SQL queries instantly to prevent attackers from accessing sensitive data in databases. In order to provide protection, an ensemble classification algorithm is trained with 22 features which are obtained from queries containing malicious codes. The trained ensemble algorithm classifies queries as clean and malicious. For the first time in this study, malicious SQL injections are detected as simple, unified or lateral to determine the level of the cyber-attack. If the query is clean, the request is provided in the flow forwarding scheme, otherwise the query is blocked. If SQL injection is detected as simple, the SQL request is blocked. In other cases source IP address is blocked at different time intervals. The accuracy of the model maintains over 98% to detect SQL injections, and 92% to classify as simple, unified or lateral these attacks. This result demonstrates that the developed middleware application has an active role against simple, unified and lateral SQL Injection attacks which are so hard to detect and provides flexible decisions against the attacks.