Tracing SQL attacks via neural networks

Abstract

In the paper we present a new approach based on application of neural networks to detect SQL attacks. SQL attacks are those attacks that take the advantage of using SQL statements to be executed. The problem of detection of this class of attacks is transformed into time series prediction problem. SQL queries are used as a source of events in a protected environment. To differentiate between normal SQL queries and those sent by an attacker, we divide SQL statements into tokens and pass them to our detection system, which predicts the next token, taking into account previously seen tokens. In the learning phase tokens are passed to recurrent neural network (RNN) trained by backpropagation through time (BPTT) algorithm. Training data in the output of RNN are shifted by one token forward in time with relation to input. An additional rule is defined to interpret RNNs output. Experiments were conducted on Jordan and Elman networks and the results show that the Jordan network outperforms the Elman network predicting correctly queries with higher efficiency. Moreover, our results lead to the form of the rule, which can be successfuly applied to the subset of SQL statements taken into consideration in this study. © 2008 Springer-Verlag Berlin Heidelberg.