In the digital era where APIs facilitate seamless data exchange, security vulnerabilities in these interfaces, particularly injection attacks like SQL injection or script injection, have emerged as critical concerns.
Injection refers to a broad class of attack vectors that allow an attacker to add part of a command or a query that changes the way the program executes.
The consequences of undetected injection attacks are severe, ranging from unauthorized data access to service disruptions.
Left unchecked, these incidents can result in reputational damage and financial losses for organizations
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
Evaluation of Recurrent Neural Networks for Detecting Injections in API Requests
1.
2. INTRODUCTION
OBJECTIVES
PROBLEM IDENTIFICATION
LITERATURE SURVEY
PROPOSED SOLUTION
SYSTEM ARCHITECTURE
METHODOLOGY
REFERENCES
3. In the digital era where APIs facilitate seamless data exchange,
security vulnerabilities in these interfaces, particularly injection
attacks like SQL injection or script injection, have emerged as
critical concerns.
Injection refers to a broad class of attack vectors that allow an
attacker to add part of a command or a query that changes the
way the program executes.
The consequences of undetected injection attacks are severe,
ranging from unauthorized data access to service disruptions.
Left unchecked, these incidents can result in reputational damage
and financial losses for organizations
4. Traditional static rule-based security approaches often struggle to keep
pace with the dynamic and evolving nature of injection attacks. There's a
need for advanced methods capable of learning and adapting to new threat
patterns.
Leveraging machine learning, particularly Recurrent Neural Networks
(RNNs), holds promise in addressing the shortcomings of static
approaches.
RNNs can analyze the sequential patterns in API requests, providing a
dynamic and adaptive security solution.
To facilitate swift response and minimize the impact of security incidents,
the project integrates with logging and alerting systems. This ensures that
security teams are promptly notified, enabling effective mitigation and
response strategies.
5. Generate a dataset with huge API requests, equally distributed
between 50% malicious and 50% non-malicious instances,
ensuring a balanced representation for model training.
Exclude irrelevant fields (e.g., timestamp, headers) from the
dataset and perform text preprocessing, converting API request
entries into vector representations suitable for neural network
input.
Employ RNNs with an embedding layer to analyze sequential
patterns in API requests, specifically focusing on their temporal
dependencies
6. Enhance memory efficiency by using word embeddings, a
vector representation, for textual data in API requests,
enabling the model to generalize effectively.
Split the dataset into 75% training and 25% testing data to
facilitate robust model training and evaluation.
7. Security Vulnerabilities in API Requests:
Systems are more vulnerable to security risks due to the increase in the
use of APIs, especially injection attacks. Unsecured API requests risk
unauthorized access, data breaches, and application integrity compromise.
Dynamic and Evolving Attacks:
Traditional static security struggles with evolving injection tactics. Rule-
based approaches may miss sophisticated patterns, leaving systems
susceptible to emerging threats.
Potential Impact on Data Integrity:
Injection attacks (e.g., SQL, script) pose severe risks to sensitive data
integrity. Undetected attacks can result in manipulation, unauthorized
access, and significant consequences.
8. Inadequacy of Rule-Based Models:
Existing security models relying on static rules may not effectively adapt
to minute injection attack patterns, creating gaps in comprehensive threat
detection.
Limited Proactive Measures:
Current security lacks proactive features, making it difficult to stay ahead
of evolving injection tactics. A solution is needed for identifying and
addressing threats before escalation.
Insufficient Integration with Logging and Alerting:
Incomplete integration with logging and alerting systems hampers swift
responses to detected threats. A comprehensive solution should provide
actionable insights and facilitate rapid response to potential breaches
9. SL
NO
TITLE AUTHOR PULICATION YEAR DESCRIPTION
1 Integrated
approach to
prevent SQL
Injection
attack and
reflected Cross
site scripting
attack
P. sharma. R.
Johari and S.
Sarma
International Journal
of system Assurance
engineering and
management, Vol.3
no. 4
2012 proposed a query model
generator using the hybrid
approach i.e. a
modification to the
existing model of
MHAPSIA
2 Detection of
SQL Injection
Attacks: A
Machine
Learning
Approach
M. Hasan, Z.
Balbahaith and
M. Tarique,
International
Conference on
Electrical and
Computing
Technologies and
Applications
(ICECTA), Ras Al
Khaimah, United Arab
Emirates
2019 proposed a machine
learning-based heuristic
algorithm to detect SQL
injection attacks. Using
machine learning, they
were able to predict most
of the attacks achieving
high accuracy of 93.8%.
They have considered a
dataset that consists of
SQL queries
10. SL
NO
TITLE AUTHOR PULICATION YEAR DESCRIPTION
3 Detection of
SQL Injection
Behaviors
Using Word
Vector and
LSTM
Fang, Yong &
Peng, Jiayi &
Liu, Liang &
Huang, Cheng
Proceedings of the 2nd
International
Conference on
Cryptography, Security
and Privacy
2018 proposed using word
vectors representation of
SQL queries and feeding
this into LSTMs to detect
SQL injections. They
identified the problem as a
sequence of words that
could be solved using the
popular sequence model,
LSTM
11. In this project we proposes a solution using sequence
models to identify whether or not an API request has SQL,
XML, JSON, and other types of malicious injections.
We also propose a novel heuristic procedure that minimizes
the number of false positives. False positives are the valid
API requests that are misclassified as malicious by the
model
12.
13. Dataset Generation:
Create a dataset using a mock API with diverse endpoints (/login, /search,
/checkout). Send 100 requests per second, randomly distributing attempted
injections.
Each request is represented as a JSON object with a '0' label for valid requests
and '1' for attempted injections. Ensure dataset balance with 12,500 malicious and
12,500 non-malicious API requests.
Data Preprocessing:
Exclude irrelevant fields (timestamp, headers) that cannot contain injections.
Perform text pre-processing to convert entries into vector representations.
Add an embedding layer before the Recurrent Neural Network (RNN) model to
utilize word embeddings, optimizing memory usage and enhancing
generalization.
14. Dataset Splitting:
Divide the dataset into 75% training and 25% testing data to ensure a
robust evaluation of the model's performance.
RNN Model Training:
Integrate an embedding layer before the RNN model. Train six models
using the training data over three epochs.
Use a sigmoid activation function in the last layer to output a value
between 0 and 1, representing the probability of a request being
malicious.
Classification and Threshold:
Employ a threshold of 50% for classification. Requests with a
probability greater than 50% are classified as malicious, while those
with a probability less than 50% are considered valid
15. H/W REQUIREMENTS
Processor : Intel I3 2nd generation
Speed : 2.1 Ghz
RAM : 4GB
Hard Disk : 500 GB
S/W REQUIREMENTS
Operating System :Windows 7 / 10
Front End : HTML,CSS,JS
Framework used : Flask
Coding Language : Python.
Database Connectivity : Mysql.
16. [1] Nagpal, B., Chauhan, N., & Singh, N. (2017). A Survey on the Detection of SQL Injection
Attacks and Their Countermeasures. JIPS (Journal of Information Processing Systems)
[2] P. sharma. R. Johari and S. Sarma,” Integrated approach to prevent SQL Injection attack and
reflected Cross site scripting attack”, International Journal of system Assurance engineering and
management, Vol.3 no. 4. pp:343-351,2012
[3] G. Jiao, C M Xu and J. Maohua,” SQLIMW: a new mechanism against SQL injection”, in
Proceedings of the International Conference on Computer science and Service Systems (CSSS)
Nanjing, China 2012,pp:1178-1180
[4] Fang, Yong & Peng, Jiayi & Liu, Liang & Huang, Cheng. (2018). WOVSQLI: Detection of SQL
Injection Behaviors Using Word Vector and LSTM. 170-174. 10.1145/3199478.3199503.
[5] Hochreiter, Sepp & Schmidhuber, Jürgen. (1997). Long Short-term Memory. Neural
computation. 9. 1735-80. 10.1162/neco.1997.9.8.1735.
17. [6] Chung, J.; Gulcehre, C.; Cho, K. & Bengio, Y. (2014), 'Empirical
Evaluation of Gated Recurrent Neural Networks on Sequence Modeling' ,
cite arxiv:1412.3555Comment: Presented in NIPS 2014 Deep Learning and
Representation Learning Workshop
[7] M. Hasan, Z. Balbahaith and M. Tarique, "Detection of SQL Injection
Attacks: A Machine Learning Approach," 2019 International Conference on
Electrical and Computing Technologies and Applications (ICECTA), Ras
Al Khaimah, United Arab Emirates, 2019, pp. 1-6, doi:
10.1109/ICECTA48151.2019.8959617.
[8] M. Schuster and K. K. Paliwal, "Bidirectional recurrent neural networks,"
in IEEE Transactions on Signal Processing, vol. 45, no. 11, pp. 2673- 2681,
Nov. 1997, doi: 10.1109/78.650093. [9] Liu, W., Wang, Z., Liu, X., Zeng,
N., Liu, Y., & Alsaadi, F.E. (2017). A survey of deep neural network
architectures and their applications. Neurocomputing, 234, 11-2