Use keras to determine SQL injection attacks (for example ).
This article uses the deep learning framework keras for SQL Injection feature recognition. However, although keras is used, most of them are common neural networks, it only adds some regularization and dropout layers (layers that appear with deep learning ).
The basic idea is to feed a pile of data (INT type), calculate the probability of each class through neural network (forward and reverse), and calculate the SOFTMAX multiclass classification probability. Note: here there are only two categories: 0-normal text; 1-including SQL Injection text
The file is split into four python files:
Util class, used to convert char to int (NN requires numeric type, and any other type must be converted to int/float to feed, also known as feed)
Data class, used to obtain training data and verify data. Because the training here is supervised training, the returned data is a tuple (x, y)
Trainer class, keras Network Model Modeling here, including loss function, number of epochs trained, etc.
Predict class, get several test data to see the effect prediction class
Put the trainer class code first, and define the network here. The most important one is just as important as the data format (haha, the data format is very important, in this program)
Import SQL Injection Dataimport numpy as npimport kerasfrom keras. models import Sequentialfrom keras. layers import Dense, Dropout, Activationfrom keras. layers. normalization import BatchNormalizationfrom keras. optimizers import SGD x, y = SQL Injection Data. loadSQLInjectData () availableVectorSize = 15x = keras. preprocessing. sequence. pad_sequences (x, padding = 'post', maxlen = availableVectorSize) y = keras. utils. to_categorical (y, num_classes = 2) model = Sequential () model. add (Dense (64, activation = 'relu', input_dim = availableVectorSize) model. add (BatchNormalization () model. add (Dropout (0.3) model. add (Dense (64, activation = 'relu') model. add (Dropout (0.3) model. add (Dense (2, activation = 'softmax ') sgd = SGD (lr = 0.001, momentum = 0.9) model. compile (loss = 'mse', optimizer = sgd, metrics = ['accuracy ']) history = model. fit (x, y, epochs = 500, batch_size = 16) model. save ('e :\\ SQL _checker \ models \ trained_models.h5 ') print ("DONE, model saved in path --> E: \ SQL _checker \ models \ trained_models.h5 ") import matplotlib. pyplot as pltplt. plot (history. history ['loss']) plt. title ('model loss') plt. ylabel ('loss') plt. xlabel ('epoch') plt. legend (['train', 'test'], loc = 'Upper left ') plt. show ()
The code above is explained first, because it is the easiest to explain. This code is used to represent the loss of the loss value for each epoch training using a line chart:
What is training? What is the loss value?
The purpose of training is to make the classification data finally calculated by the Network consistent with the y given by us. How can we calculate the inconsistency? Inconsistency means there is a loss, that is, the purpose of training is to be consistent, that is, to minimize the loss.
How can we minimize the loss? Gradient Descent. Here we use the SGD optimization algorithm:
from keras.optimizers import SGD sgd = SGD(lr=0.001, momentum=0.9)model.compile(loss='mse', optimizer=sgd, metrics=['accuracy'])
The loss = 'mse' in the above Code defines the loss function. There are several loss functions available for your reference.
Optimizer = sgd is used by the optimization algorithm. Different optimizer have different parameters.
Because the fully connected NN is used here, a fixed input size is required. This function is used to fix (if not enough, 0 is required) the feature vector size:
x=keras.preprocessing.sequence.pad_sequences(x, padding='post', maxlen=availableVectorSize)
Let's take a look at the final classification output, which is one hot. This one hot is easily defined as a waste of space and there is no relevance between categories, but it is very convenient to use it here.
y=keras.utils.to_categorical(y, num_classes=2)
Let's talk about the prediction code:
Import SQL Injection Dataimport Converter import numpy as npimport kerasfrom keras. models import load_model print ("predict .... ") x = SQL Injection Data. loadTestSQLInjectData () x = keras. preprocessing. sequence. pad_sequences (x, padding = 'post', maxlen = 15) model = load_model ('e: \ SQL _checker \ models \ trained_models.h5 ') result = model. predict_classes (x, batch_size = len (x) result = Converter. convert2label (result) print ("DONE ")
This part of the code is easy to understand and does not even have y
Well, it seems a little interesting.
The following code releases several other tool classes and data classes:
Def toints (sentence): base = ord ('0') ary = [] for c in sentence: ary. append (ord (c)-base) return ary def convert2label (vector): string_array = [] for v in vector: if v = 1: string_array.append ('SQL injection ') else: string_array.append ('normal text') return string_array
import Converterimport numpy as np def loadSQLInjectData(): x=[] x.append(Converter.toints("100")) x.append(Converter.toints("150")) x.append(Converter.toints("1")) x.append(Converter.toints("3")) x.append(Converter.toints("19")) x.append(Converter.toints("37")) x.append(Converter.toints("1'--")) x.append(Converter.toints("1' or 1=1;--")) x.append(Converter.toints("updatable")) x.append(Converter.toints("update tbl")) x.append(Converter.toints("update someb")) x.append(Converter.toints("update")) x.append(Converter.toints("updat")) x.append(Converter.toints("update a")) x.append(Converter.toints("'--")) x.append(Converter.toints("' or 1=1;--")) x.append(Converter.toints("aupdatable")) x.append(Converter.toints("hello world")) y=[[0],[0],[0],[0],[0],[0],[1],[1],[0],[1],[1],[0],[0],[1],[1],[1],[0],[0]] x=np.asarray(x) y=np.asarray(y) return x, y def loadTestSQLInjectData(): x=[] x.append(Converter.toints("some value")) x.append(Converter.toints("-1")) x.append(Converter.toints("' or 1=1;--")) x.append(Converter.toints("noupdate")) x.append(Converter.toints("update ")) x.append(Converter.toints("update")) x.append(Converter.toints("update z")) x=np.asarray(x) return x
The judgment on using keras for SQL injection attacks (for example) is all the content shared by the editor. I hope to give you a reference and support for the customer.