Using keras to judge SQL injection attacks (example explanation)

This article uses the deep learning framework keras to perform SQL injection feature recognition. Although keras is used, most of the neural networks are still ordinary neural networks, with just some regularization and dropout layers (layers that appear with deep learning) added.

The basic idea is to feed a bunch of data (INT type), calculate the probability of each class through neural network calculation (forward and reverse), and SOFTMAX multi-classification probability calculation. Note: there are only 2 categories here: 0-normal text; 1-text containing SQL injection

In terms of file segmentation, 4 python files are made:

Util class, used to convert char to int (NN requires numeric types, any other types must be converted to int/float before they can be fed, also known as feed)

The data class is used to obtain training data and verification data. Since the training here is supervised training, a tuple (x, y) needs to be returned at this time.

Trainer class, keras network model modeling here, including loss function, training epoch number, etc.

predict class, get some test data and see the effect of the prediction class

First put the trainer class code, the network definition is here, the most important one, as important as the data format (haha, the data format is very important in this kind of program)

import SQL Injection Data
import numpy as np
import keras
from keras.models import Sequential
from keras.layers import Dense, Dropout, Activation
from keras.layers.normalization import BatchNormalization
from keras.optimizers import SGD
 
x, y=SQL injectionData.loadSQLInjectData()
availableVectorSize=15
x = keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=availableVectorSize)
y = keras.utils.to_categorical(y, num_classes=2)
 
 
model = Sequential()
model.add(Dense(64, activation='relu', input_dim=availableVectorSize))
model.add(BatchNormalization())
model.add(Dropout(0.3))
model.add(Dense(64, activation='relu'))
model.add(Dropout(0.3))
model.add(Dense(2, activation='softmax'))
 
sgd = SGD(lr=0.001, momentum=0.9)
model.compile(loss='mse',
  optimizer=sgd,
  metrics=['accuracy'])
 
history = model.fit(x, y, epochs = 500, batch_size = 16)
 
model.save('E:\\sql_checker\\models\\trained_models.h5')
print("DONE, model saved in path-->E:\\sql_checker\\models\\trained_models.h5")
 
import matplotlib.pyplot as plt
plt.plot(history.history['loss'])
plt.title('model loss')
plt.ylabel('loss')
plt.xlabel('epoch')
plt.legend(['train', 'test'], loc='upper left')
plt.show()

Let's first explain the plt code above, because it is the easiest to explain. This code is used to show the loss value of each epoch training with a line graph:

What is training? What is loss value?

The purpose of training is to make the classification data finally calculated by the network consistent with the y we gave. How to calculate the inconsistency? Inconsistency means loss, which means the purpose of training is to be consistent, that is, to minimize the loss.

How to minimize losses? Gradient descent, the SGD optimization algorithm is used here:

from keras.optimizers import SGD
 
sgd = SGD(lr=0.001, momentum=0.9)
model.compile(loss='mse',
  optimizer=sgd,
  metrics=['accuracy'])

The loss='mse' in the above code defines the loss function to be used. There are several other loss functions. You can refer to them for yourself.

optimizer=sgd is the optimization algorithm to use. Different optimizers have different parameters.

Since a fully connected NN is used here, a fixed input size is required. This function is used to fix the feature vector size (if it is not enough, 0 will be added):

x = keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=availableVectorSize)

Let's take a look at the final classification output. It is one hot. You can check it yourself. It is very easy to define. It is a waste of space. There is no correlation between categories, but it is very convenient to use here.

y = keras.utils.to_categorical(y, num_classes=2)

Then let's talk about the prediction code:

import SQL Injection Data
Import Converter
 
 
import numpy as np
import keras
from keras.models import load_model
 
print("predict....")
 
x=SQL InjectionData.loadTestSQLInjectData()
x = keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=15)
 
model = load_model('E:\\sql_checker\\models\\trained_models.h5')
result = model.predict_classes(x, batch_size = len(x))
result = Converter.convert2label(result)
print(result)
 
 
print("DONE")

This part of the code is easy to understand, and there is no y

Okay, that seems to make some sense.

Here are some other tool and data class codes:

def toints(sentence):
 base=ord('0')
 ary=[]
 for c in sentence:
  ary.append(ord(c)-base)
 return ary
 
 
def convert2label(vector):
 string_array=[]
 for v in vector:
  if v==1:
   string_array.append('SQL injection')
  else:
   string_array.append('normal text')
 return string_array

Import Converter
import numpy as np
 
def loadSQLInjectData():
 x=[]
 x.append(Converter.toints("100"))
 x.append(Converter.toints("150"))
 x.append(Converter.toints("1"))
 x.append(Converter.toints("3"))
 x.append(Converter.toints("19"))
 x.append(Converter.toints("37"))
 x.append(Converter.toints("1'--"))
 x.append(Converter.toints("1' or 1=1;--"))
 x.append(Converter.toints("updatable"))
 x.append(Converter.toints("update tbl"))
 x.append(Converter.toints("update someb"))
 x.append(Converter.toints("update"))
 x.append(Converter.toints("updat"))
 x.append(Converter.toints("update a"))
 x.append(Converter.toints("'--"))
 x.append(Converter.toints("' or 1=1;--"))
 x.append(Converter.toints("aupdatable"))
 x.append(Converter.toints("hello world"))
 
 y=[[0],[0],[0],[0],[0],[0],[1],[1],[0],[1],[0],[1],[0],[0],[1],[1],[0],[0],[1],[1],[0],[0]]
 
 x = np.asarray(x)
 y = np.asarray(y)
 
 return x, y
 
 
def loadTestSQLInjectData(): 
 x=[]
 x.append(Converter.toints("some value"))
 x.append(Converter.toints("-1"))
 x.append(Converter.toints("' or 1=1;--"))
 x.append(Converter.toints("noupdate"))
 x.append(Converter.toints("update "))
 x.append(Converter.toints("update"))
 x.append(Converter.toints("update z"))
 x = np.asarray(x)
 return x

The above article on using keras to judge SQL injection attacks (with examples) is all I have to share with you. I hope it can give you a reference, and I also hope that you will support 123WORDPRESS.COM.

You may also be interested in: