Using Nlp Techniques To Detect Sql Injection Attack

Abstract

Most of the applications used on the internet are Web-Based Applications, that accept critical information from users and store this information in databases.

Being connected to the internet, they are susceptible to all kinds of information security threats, including SQL injection attack.

SQL injection attacks, and web-based attacks fall in general under the top ten vulnerabilities according to the assessment of the most important information security centers and international networks, such as (OWASP) and (ENSIA), which means they continue to be a major issue in the cyber security field.

This paper proposes a method for SQL injection attack detection by using natural language processing techniques (BOW, TF-IDF, Word2Vec, Doc2Vec), and machine learning algorithms (LR, MLP) that allow the machine to automatically learn and detect the characteristic patterns of the query used in SQL injection attacks, which could greatly put an end to attackers’ intervention and provide an appropriate defense mechanism against this type of widespread attack.