SQL injection attack detection framework based on HTTP traffic

• 1、School of Cyberspace Security, Beijing University of Posts and Telecommunications

Abstract：Aiming at the characteristics of SQL injection attacks under the background of complex HTTP traffic, this thsis systematically proposes a SQL injection attack detection framework based on HTTP traffic, which includes four modules: data collection, data cleaning, feature representation and model construction.The data collection module introduces multiple channels for obtaining data. The traffic cleaning module improves the detection ability of SQL injection attacks in complex traffic environments by reducing the interference of irrelevant information.The feature representation module describes an efficient and easy-to-obtain feature generation method, that is, retainingthe lexical features of special symbols.The model construction module proposes a model construction method to detect arbitrary length payloads and a variable length sequence training method to ensure efficiency.The detection location covers HTTP request headers, URLs and POSTs, multi-dimensional defense against SQL injection attacks.In the actual network environment, the framework for detecting SQL injection attacks has the characteristics of low false negative rate and low false positive rate.In the actual network environment, the framework for detecting SQL injection attacks has the characteristics of low false negative rate and low false positive rate.

Keywords： Computer software theory and structure, HTTP traffic, SQL injection, lexical characteristics