Abstract
The Internet of Things (IoT) presents a great many challenges in cybersecurity as the world grows more and more digitally dependent. Personally identifiable information (PII) (i,e., names, addresses, emails, credit card numbers) is stored in databases across websites the world over. The greatest threat to privacy, according to the Open Worldwide Application Security Project (OWASP) is SQL injection attacks (SQLIA) [1]. In these sorts of attacks, hackers use malicious statements entered into forms, search bars, and other browser input mediums to trick the web application server into divulging database assets. A proposed technique against such exploitation is convolution neural network modeling. We have written a proof of concept, Python-based program that takes advantage of the PyTorch package’s built-in convolution layered modeling classes. The model has been trained on a dataset of four known classifications and after reaching maturity underwent blind validation on a separate dataset 1000 times. The model was able to reach up to 81% accuracy by correctly reporting the packet classification. We believe the same behavior can be mapped to malicious SQLIA in other datasets by marking features in web traffic with abnormally large packet sizes, network errors, and unrecognized server responses. The research presented herein serves to corroborate related research in the field employing similar neural network and deep learning techniques to today’s greatest threat to cybersecurity.
Faculty Advisor/Mentor
Rui Ning
Document Type
Paper
Disciplines
Databases and Information Systems | Programming Languages and Compilers | Theory and Algorithms
DOI
10.25776/v3tq-b514
Publication Date
4-14-2021
Upload File
wf_yes
Included in
Databases and Information Systems Commons, Programming Languages and Compilers Commons, Theory and Algorithms Commons
SQL Injection & Web Application Security: A Python-Based Network Traffic Detection Model
The Internet of Things (IoT) presents a great many challenges in cybersecurity as the world grows more and more digitally dependent. Personally identifiable information (PII) (i,e., names, addresses, emails, credit card numbers) is stored in databases across websites the world over. The greatest threat to privacy, according to the Open Worldwide Application Security Project (OWASP) is SQL injection attacks (SQLIA) [1]. In these sorts of attacks, hackers use malicious statements entered into forms, search bars, and other browser input mediums to trick the web application server into divulging database assets. A proposed technique against such exploitation is convolution neural network modeling. We have written a proof of concept, Python-based program that takes advantage of the PyTorch package’s built-in convolution layered modeling classes. The model has been trained on a dataset of four known classifications and after reaching maturity underwent blind validation on a separate dataset 1000 times. The model was able to reach up to 81% accuracy by correctly reporting the packet classification. We believe the same behavior can be mapped to malicious SQLIA in other datasets by marking features in web traffic with abnormally large packet sizes, network errors, and unrecognized server responses. The research presented herein serves to corroborate related research in the field employing similar neural network and deep learning techniques to today’s greatest threat to cybersecurity.