부산대학교 도서관

SQL injection attacks have posed a significant threat to web applications for decades. They obfuscate malicious codes into natural SQL statements so as to steal sensitive data, making them difficult to detect. Generally, malicious signals can be identified by using the contextual information of SQL statements. Such contextual information, however, is not always easily captured. Due to the fact that SQL as a formal language is highly structured, two tokens that are spatially far away may be semantically very close. An effective approach thus should take the structural feature of SQL statements into account when modeling their contextual information.In this paper, we present a novel abstract syntax tree-based neural network approach named Trident for effectively detecting SQL injection attacks. Benefiting from the structural feature delivered by ASTs, Trident realizes superior modeling of contextual information via tree-based positional embedding and well-designed neural networks. Trident is widely evaluated on a public SQL injection dataset and an adversarial sample dataset. The results demonstrate that Trident can significantly outperform the baselines.CCS CONCEPTS• Software and its engineering → Language features; • Security and privacy → Intrusion detection systems.