Using keras to judge SQL injection attacks (example explanation)

Using keras to judge SQL injection attacks (example explanation)

This article uses the deep learning framework keras to perform SQL injection feature recognition. Although keras is used, most of the neural networks are still ordinary neural networks, with just some regularization and dropout layers (layers that appear with deep learning) added.

The basic idea is to feed a bunch of data (INT type), calculate the probability of each class through neural network calculation (forward and reverse), and SOFTMAX multi-classification probability calculation. Note: there are only 2 categories here: 0-normal text; 1-text containing SQL injection

In terms of file segmentation, 4 python files are made:

Util class, used to convert char to int (NN requires numeric types, any other types must be converted to int/float before they can be fed, also known as feed)

The data class is used to obtain training data and verification data. Since the training here is supervised training, a tuple (x, y) needs to be returned at this time.

Trainer class, keras network model modeling here, including loss function, training epoch number, etc.

predict class, get some test data and see the effect of the prediction class

First put the trainer class code, the network definition is here, the most important one, as important as the data format (haha, the data format is very important in this kind of program)

import SQL Injection Data
import numpy as np
import keras
from keras.models import Sequential
from keras.layers import Dense, Dropout, Activation
from keras.layers.normalization import BatchNormalization
from keras.optimizers import SGD
 
x, y=SQL injectionData.loadSQLInjectData()
availableVectorSize=15
x = keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=availableVectorSize)
y = keras.utils.to_categorical(y, num_classes=2)
 
 
model = Sequential()
model.add(Dense(64, activation='relu', input_dim=availableVectorSize))
model.add(BatchNormalization())
model.add(Dropout(0.3))
model.add(Dense(64, activation='relu'))
model.add(Dropout(0.3))
model.add(Dense(2, activation='softmax'))
 
sgd = SGD(lr=0.001, momentum=0.9)
model.compile(loss='mse',
  optimizer=sgd,
  metrics=['accuracy'])
 
history = model.fit(x, y, epochs = 500, batch_size = 16)
 
model.save('E:\\sql_checker\\models\\trained_models.h5')
print("DONE, model saved in path-->E:\\sql_checker\\models\\trained_models.h5")
 
import matplotlib.pyplot as plt
plt.plot(history.history['loss'])
plt.title('model loss')
plt.ylabel('loss')
plt.xlabel('epoch')
plt.legend(['train', 'test'], loc='upper left')
plt.show()

Let's first explain the plt code above, because it is the easiest to explain. This code is used to show the loss value of each epoch training with a line graph:

What is training? What is loss value?

The purpose of training is to make the classification data finally calculated by the network consistent with the y we gave. How to calculate the inconsistency? Inconsistency means loss, which means the purpose of training is to be consistent, that is, to minimize the loss.

How to minimize losses? Gradient descent, the SGD optimization algorithm is used here:

from keras.optimizers import SGD
 
sgd = SGD(lr=0.001, momentum=0.9)
model.compile(loss='mse',
  optimizer=sgd,
  metrics=['accuracy'])

The loss='mse' in the above code defines the loss function to be used. There are several other loss functions. You can refer to them for yourself.

optimizer=sgd is the optimization algorithm to use. Different optimizers have different parameters.

Since a fully connected NN is used here, a fixed input size is required. This function is used to fix the feature vector size (if it is not enough, 0 will be added):

x = keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=availableVectorSize)

Let's take a look at the final classification output. It is one hot. You can check it yourself. It is very easy to define. It is a waste of space. There is no correlation between categories, but it is very convenient to use here.

y = keras.utils.to_categorical(y, num_classes=2)

Then let's talk about the prediction code:

import SQL Injection Data
Import Converter
 
 
import numpy as np
import keras
from keras.models import load_model
 
print("predict....")
 
x=SQL InjectionData.loadTestSQLInjectData()
x = keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=15)
 
model = load_model('E:\\sql_checker\\models\\trained_models.h5')
result = model.predict_classes(x, batch_size = len(x))
result = Converter.convert2label(result)
print(result)
 
 
print("DONE")

This part of the code is easy to understand, and there is no y

Okay, that seems to make some sense.

Here are some other tool and data class codes:

def toints(sentence):
 base=ord('0')
 ary=[]
 for c in sentence:
  ary.append(ord(c)-base)
 return ary
 
 
def convert2label(vector):
 string_array=[]
 for v in vector:
  if v==1:
   string_array.append('SQL injection')
  else:
   string_array.append('normal text')
 return string_array
Import Converter
import numpy as np
 
def loadSQLInjectData():
 x=[]
 x.append(Converter.toints("100"))
 x.append(Converter.toints("150"))
 x.append(Converter.toints("1"))
 x.append(Converter.toints("3"))
 x.append(Converter.toints("19"))
 x.append(Converter.toints("37"))
 x.append(Converter.toints("1'--"))
 x.append(Converter.toints("1' or 1=1;--"))
 x.append(Converter.toints("updatable"))
 x.append(Converter.toints("update tbl"))
 x.append(Converter.toints("update someb"))
 x.append(Converter.toints("update"))
 x.append(Converter.toints("updat"))
 x.append(Converter.toints("update a"))
 x.append(Converter.toints("'--"))
 x.append(Converter.toints("' or 1=1;--"))
 x.append(Converter.toints("aupdatable"))
 x.append(Converter.toints("hello world"))
 
 y=[[0],[0],[0],[0],[0],[0],[1],[1],[0],[1],[0],[1],[0],[0],[1],[1],[0],[0],[1],[1],[0],[0]]
 
 x = np.asarray(x)
 y = np.asarray(y)
 
 return x, y
 
 
def loadTestSQLInjectData(): 
 x=[]
 x.append(Converter.toints("some value"))
 x.append(Converter.toints("-1"))
 x.append(Converter.toints("' or 1=1;--"))
 x.append(Converter.toints("noupdate"))
 x.append(Converter.toints("update "))
 x.append(Converter.toints("update"))
 x.append(Converter.toints("update z"))
 x = np.asarray(x)
 return x

The above article on using keras to judge SQL injection attacks (with examples) is all I have to share with you. I hope it can give you a reference, and I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:
  • Detect SQL injection attack code under asp.net

<<:  React new version life cycle hook function and usage detailed explanation

>>:  Linux system opens ports 3306, 8080, etc. to the outside world, detailed explanation of firewall settings

Recommend

Detailed explanation of IFNULL() and COALESCE() functions to replace null in MySQL

The isnull() function cannot be used as a substit...

Summary of various forms of applying CSS styles in web pages

1. Inline style, placed in <body></body&g...

Solve the problem of being unable to log in when installing MySQL on mac using homebrew

If your computer is a Mac, using homebrew to inst...

Mysql cannot select non-aggregate columns

1. Introduction I recently upgraded my blog and a...

Detailed explanation of client configuration for vue3+electron12+dll development

Table of contents Modify the repository source st...

MySQL high concurrency method to generate unique order number

Preface After this blog post was published, some ...

Detailed tutorial on installation and configuration of nginx under Centos7

Note: The basic directory path for software insta...

Detailed explanation of the solution to duplicate insertion of MySQL primary key and unique key

Table of contents Solution: 1. IGNORE 2. REPLACE ...

How to support Webdings fonts in Firefox

Firefox, Opera and other browsers do not support W...

Vue state management: using Pinia instead of Vuex

Table of contents 1. What is Pinia? 2. Pinia is e...

In-depth analysis of MySQL lock blocking

In daily maintenance, threads are often blocked, ...

The use of mysql unique key in query and related issues

1. Create table statement: CREATE TABLE `employee...

A brief discussion on the differences and connections between .html, .htm, .shtml, and .shtm

As we all know, the web pages, websites or web pag...

How to remotely log in to the MySql database?

Introduction: Sometimes, in order to develop a pr...

Webservice remote debugging and timeout operation principle analysis

WebService Remote Debugging In .NET, the remote d...