信息网络安全 ›› 2023, Vol. 23 ›› Issue (11): 84-93.doi: 10.3969/j.issn.1671-1122.2023.11.009

• 技术研究 • 上一篇    下一篇

一种基于大语言模型的SQL注入攻击检测方法

黄恺杰, 王剑(), 陈炯峄   

  1. 国防科技大学电子科学学院,长沙 410073
  • 收稿日期:2023-08-25 出版日期:2023-11-10 发布日期:2023-11-10
  • 通讯作者: 王剑 jwang@nudt.edu.cn
  • 作者简介:黄恺杰(2000—),男,湖南,硕士研究生,主要研究方向为网络安全|王剑(1975—),男,湖南,教授,博士,主要研究方向为网络安全|陈炯峄(1993—),男,湖南,讲师,博士,主要研究方向为网络安全
  • 基金资助:
    国家自然科学基金(62302508);教育部-中国移动科研基金(MCM20200103)

A Large Language Model Based SQL Injection Attack Detection Method

HUANG Kaijie, WANG Jian(), CHEN Jiongyi   

  1. College of Electronic Science and Technology, National University of Defense Technology, Changsha 410073, China
  • Received:2023-08-25 Online:2023-11-10 Published:2023-11-10

摘要:

SQL注入攻击是一种被攻击者广泛使用的网络攻击手段,严重威胁网络空间安全。传统的SQL注入攻击检测方法主要有基于规则和基于机器学习两种,这些方法存在泛用性较差且误报率高的问题。文章提出一种基于大语言模型的SQL注入攻击检测方法,利用提示工程和指令微调技术,得到SQL注入攻击检测专用大语言模型;通过分析迭代轮数、微调样本数以及推理参数对模型性能的影响,探索提升大语言模型检测能力的途径;依托大语言模型强大的语义理解能力,降低检测误报率。对文章所提的SQL注入攻击检测专用大语言模型在Kaggle数据集上进行实验分析,结果表明其准确率达到99.85%以上,误报率低于0.2%,F1值达到0.999,相较于目前较先进的SQL注入攻击检测方法,在检测性能上有较大提升。

关键词: SQL注入攻击, 攻击检测, 大语言模型, 提示工程, 指令微调

Abstract:

The SQL injection attack, widely employed by attackers, poses a significant threat to cyberspace security. Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method, suffering from limited applicability and high false positive rates. This paper proposed a large language model-based method for detecting SQL injection attacks. By applying prompt engineering and instruction fine-tuning techniques, a specialized large language model for SQL injection attack detection was developed; Additionally, the impact of iteration rounds, the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models; Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate. This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed, using the Kaggle dataset. The model achievedes an accuracy rate of over 99.85%, a false alarm rate of less than 0.2%, and an F1 score of 0.999. Compared to the current state-of-the-art methods for SQL injection attack detection, our model demonstrates a significant improvement in detection performance.

Key words: SQL injection attack, attack detection, large language model, prompt engineering, instruction tuning

中图分类号: