Machine learning detection of database injection attacks

Machine learning detection of database injection attacks

Techniques and solutions are described for detecting malicious database activity, such as SQL injection attempts. A first machine learning classifier can be trained by comparing processed and unprocessed user input, where a difference between the two can indicate suspicious or malicious activity. Th...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Klein, Udo
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
HANDLING RECORD CARRIERS
PHYSICS
PRESENTATION OF DATA
RECOGNITION OF DATA
RECORD CARRIERS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Techniques and solutions are described for detecting malicious database activity, such as SQL injection attempts. A first machine learning classifier can be trained by comparing processed and unprocessed user input, where a difference between the two can indicate suspicious or malicious activity. The trained classifier can be used to analyze user input before query execution. A second machine learning classifier is trained with a data set that includes call stack information for an application requesting execution of a dynamic query and query statistics associated with processing of the query at the database. The query of the application can be correlated with a corresponding database query by hashing the application query and the database query and comparing the hash values, where matching hash value indicate a common query. The trained classifier can monitor execution of future queries to identify queries having anomalous patterns, which may indicate malicious or suspicious activity.