Detecting SQL Injection Attack using Natural Language Processing | |
---|---|
Author | |
Abstract |
Natural Language Processing - In today’s digital era, online attacks are increasing in number and are becoming severe day by day, especially those related to web applications. The data accessible over the web persuades the attackers to dispatch new kinds of attacks. Serious exploration on web security has shown that the most hazardous attack that affects web security is the Structured Query Language Injection(SQLI). This attack addresses a genuine threat to web application security and a few examination works have been directed to defend against this attack by detecting it when it happens. Traditional methods like input validation and filtering, use of parameterized queries, etc. are not sufficient to counter these attacks as they rely solely on the implementation of the code hence factoring in the developer’s skill-set which in turn gave rise to Machine Learning based solutions. In this study, we have proposed a novel approach that takes the help of Natural Language Processing(NLP) and uses BERT for feature extraction that is capable to adapt to SQLI variants and provides an accuracy of 97\% with a false positive rate of 0.8\% and a false negative rate of 5.8\%. |
Year of Publication |
2022
|
Date Published |
dec
|
Publisher |
IEEE
|
Conference Location |
Prayagraj, India
|
ISBN Number |
9798350332506
|
URL |
https://ieeexplore.ieee.org/document/9986458/
|
DOI |
10.1109/UPCON56432.2022.9986458
|
Google Scholar | BibTeX | DOI |