Netinfo Security ›› 2019, Vol. 19 ›› Issue (11): 36-42.doi: 10.3969/j.issn.1671-1122.2019.11.005

Previous Articles     Next Articles

Analysis and Implementation of SQL Injection Vulnerability Mining Technology Based on Machine Learning

Jianwei HU, Wei ZHAO(), Zheng YAN, Rui ZHANG   

  1. Xidian University, Xi’an Shaanxi 710071, China
  • Received:2019-06-10 Online:2019-11-10 Published:2020-05-11

Abstract:

With the advent of the Web2.0 era, the presentation ability of Web applications has been improved dramatically, and the supporting functions have increased significantly. Therefore, Web applications have penetrated into all aspects of people’s lives. The biggest characteristic of the Web2.0 is that ordinary users participate in the process of creating Internet content, their identities changed from the pure recipients of information to the contributors and the winner of information.Thus the data saved by Web application is larger on and more complex in the structure, which leads the large and small web applications today maintain their own databases to store those data.The data stored in the database is the most valuable part of a Web application. However, an attacker can obtain the data or even modify the data through SQL injection vulnerability. This attack seriously affects the integrity and confidentiality of the data in the database, and it is one of the most serious security problems of the Web application. Vulnerability mining technology can identify SQL injection vulnerabilities and fix it before the product goes live.This paper briefly introduces the traditional SQL injection vulnerability mining technology and its shortcomings, and then discusses the development direction and difficulties of SQL injection vulnerability mining technology in today’s machine learning and big data environment.

Key words: SQL injection, vulnerability mining, machine learning, SVM, static analysis

CLC Number: