Research On SQL Injection Vulnerability Detection Methods For Android Applications Based On Deep Learning

In Android applications,SQL injection vulnerabilities are one of the main threats it faces,seriously endangering the security of customer data.The dynamic detection method of SQL injection vulnerability is a method of discovering suspicious injection points through the response of the target site to the input test cases during the execution of the application program.It has carried out a lot of research in the field of Web-oriented applications.However,the following problems make it difficult to directly apply the Web-based SQL injection vulnerability detection method to Android application detection.First of all,SQL vulnerability detection for Android applications lacks automatic URL acquisition and effective deduplication methods;second,the traditional blind SQL time injection needs to send SQL injection statements containing the sleep()function multiple times,resulting in excessive time consumption.In response to the above problems,this paper proposes a deep learning-based Android application SQL injection vulnerability detection method.The main research contents are as follows:(1)Aiming at the problem of repeated HTTP traffic caused by triggering the same interface multiple times during the automatic acquisition of HTTP requests for Android application SQL injection vulnerability detection,a deduplication of HTTP traffic based on HASH splitting and composite eigenvalue Bloom filter is proposed method.The method builds a UI event call graph,drives the Android application to automatically obtain HTTP requests,uses HASH function splitting and feature value addition,improves the Bloom filter,and reduces the false positive rate.(2)Aiming at the problem of high time cost caused by sending SQL injection statements containing the sleep()function multiple times in the traditional SQL time blind injection process,a deep learning-based SQL blind injection method is proposed.This method matches defects according to WAF rules,uses HTTP block transmission to realize WAF bypass,collects database table names and field names,trains GRU language model,reduces the number of times HTTP requests are sent,and improves the efficiency of SQL injection.(3)Designed and implemented an Android application SQL injection vulnerability detection system based on deep learning,for Android application upload and download,Android application HTTP request acquisition and deduplication,SQL injection vulnerability scanning,SQL time blind injection and scanning based on deep learning Functions such as result display have been tested to verify the usability of the system.