SQLi Detection with ML: A data-source perspective

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-04-24 DOI:10.48550/arXiv.2304.12115

Balázs Pejó, Nikolett Kapui

{"title":"SQLi Detection with ML: A data-source perspective","authors":"Balázs Pejó, Nikolett Kapui","doi":"10.48550/arXiv.2304.12115","DOIUrl":null,"url":null,"abstract":"Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today's ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine learning techniques into the proposed solutions. In this work, we highlight the shortcomings of the previous ML-based results focusing on four aspects: the evaluation methods, the optimization of the model parameters, the distribution of utilized datasets, and the feature selection. Since no single work explored all of these aspects satisfactorily, we fill this gap and provide an in-depth and comprehensive empirical analysis. Moreover, we cross-validate the trained models by using data from other distributions. This aspect of ML models (trained for SQLi detection) was never studied. Yet, the sensitivity of the model's performance to this is crucial for any real-life deployment. Finally, we validate our findings on a real-world industrial SQLi dataset.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"5 1","pages":"642-648"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2304.12115","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today's ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine learning techniques into the proposed solutions. In this work, we highlight the shortcomings of the previous ML-based results focusing on four aspects: the evaluation methods, the optimization of the model parameters, the distribution of utilized datasets, and the feature selection. Since no single work explored all of these aspects satisfactorily, we fill this gap and provide an in-depth and comprehensive empirical analysis. Moreover, we cross-validate the trained models by using data from other distributions. This aspect of ML models (trained for SQLi detection) was never studied. Yet, the sensitivity of the model's performance to this is crucial for any real-life deployment. Finally, we validate our findings on a real-world industrial SQLi dataset.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用ML进行sql检测:一个数据源透视图

在SQL发明近50年后，注入攻击仍然是当今ICT系统的顶级漏洞。因此，SQLi检测仍然是一个活跃的研究领域，其中最新的工作将机器学习技术纳入提出的解决方案。本文着重从评价方法、模型参数优化、利用数据集分布和特征选择四个方面分析了以往基于机器学习的结果的不足。由于没有一项工作令人满意地探讨了所有这些方面，我们填补了这一空白，并提供了深入而全面的实证分析。此外，我们使用来自其他分布的数据来交叉验证训练好的模型。ML模型的这一方面(为SQLi检测而训练)从未被研究过。然而，模型性能对这一点的敏感性对于任何实际部署都是至关重要的。最后，我们在一个真实的工业SQLi数据集上验证了我们的发现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography

自引率

0.00%

发文量