SQL Injection Attack(SQLIA)is one of the network intrusion methods that can cause serious harm to web security.It is characterized by the simple syntax and the large gain of intrusion,and the range of attack can even be extended from Cloud system to any infrastructure in IoT devices,which makes SQLIA become the most popular intrusion method in the Top 10 Web Threats Report(OWASP).Therefore,how to effectively detect SQLIA in web applications has attracted lots of researchers.By investigating the literature on SQLIA detection,traditional detection methods and machine learning detection methods are categorized and briefly introduced.In the traditional detection methods,for the existence of multi-stage detection process,one-stage SQLIA detection and two-stage SQLIA detection are categorized for the first time.In machine learning detection methods,it is divided into traditional machine learning detection methods and deep learning detection methods.And the traditional machine learning detection methods are further categorized into single machine learning and integrated learning detection methods,and the deep learning detection methods are further categorized into single deep learning and algorithm fusion detection methods.Finally,the issues that need to be considered for future SQLIA detection are presented in terms of dataset,robustness assessment,and model interpretability,and outlooks are also made.
维普
万方数据