Qi Li,Fang Wang,Junfeng Wang,Weishi Li

DOI: https://doi.org/10.1109/tvt.2019.2893675

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Intelligent transportation is an emerging technology that integrates advanced sensors, network communication, data processing, and automatic control technologies to provide great convenience for our daily lives. With the increasing popularity of intelligent transportation, its security issues have also attracted much attention. SQL injection attack is one of the most common attacks in the intelligent transportation system. It has characteristics of various types, fast mutations, hidden attacks, etc., and leads to great harm. Most of the current SQL detection methods are based on manually defined features. The detection results are heavily dependent on the accuracy of feature extraction, so it cannot cope with the increasingly complex SQL injection attacks in the intelligent transportation system. In order to solve this problem, this paper proposes a long short-term memory based SQL injection attack detection method, which can automatically learn the effective representation of data, and has a strong advantage to confront with complex high-dimensional massive data. In addition, this paper proposes an injection sample generation method based on data transmission channel from the perspective of penetration. This method can formally model SQL injection attack and generate valid positive samples. It can effectively solve the over-fitting problem caused by insufficient positive samples. The experimental results show that the proposed method improves the accuracy of the SQL injection attack detection and reduces the false positive rate, which is better than several related classical machine learning algorithms and commonly used deep learning algorithms.