文章基本信息

标题：Research on SQL injection detection technology based on SVM
本地全文：下载
作者：Zhuang Chen ; Min Guo ; Lin zhou 等
期刊名称：MATEC Web of Conferences
电子版ISSN：2261-236X
出版年度：2018
卷号：173
DOI：10.1051/matecconf/201817301004
语种：English
出版社：EDP Sciences
摘要：SQL injection, which has the characteristics of great harm and fast variation, has always ranked the top of the OWASP TOP 10, which has always been a hot spot in the research of web security. In view of the difficulty of detecting unknown attacks by the existing rule matching method, a method of SQL injection detection based on machine learning is proposed. And the author analyses the method of SQL injection feature extraction, f Finally, the word2vec method is selected to process the text data of the HTTP request, which can effectively represent the SQL injection features containing the attack payload. Training and classification of processed samples with SVM algorithm, The experiment shows that this method effectively solves the problem of SQL injection to the mutation and the high leakage rate of the rule matching. By comparing with the classification results of statistical features, this SQL injection classification model has a higher detection rate.