基於 Self-Attention 的輕量級神經網路實現 SQL 注入攻擊偵測之研究
No Thumbnail Available
Date
2025
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
隨著邊緣裝置應用的興起,未來將會有更多具有進階功能的產品推出,然而,同時需要注意的是資訊安全的重要性。為了防止使用者的隱私外洩,對於邊緣裝置的資訊安全防護是非常具有意義的。因此,本論文特別針對 SQL 注入攻擊的偵測進行研究。本論文討論了傳統方法以及現代方法的缺點,分別是準確度的不足,以及大量計算資源的需求,使得它們無法有效部署到邊緣裝置上。本論文提出一款自訂義的 Tokenizer 與輕量級混合神經網路模型,提升對 SQL 注入攻擊偵測的準確度,並且降低了模型的參數量以及推論時間,以方便部署於邊緣裝置。另一方面,本論文結合現有的 SentencePiece Tokenizer 與 Proposed Model,提供非資訊安全專業人員一款簡化模型訓練過程的方法。本論文的實驗部分,在邊緣裝置上架設資料庫以及架設簡易網站,模擬真實的應用場景進行測試,將參數量少、推論速度快、準確度高的模型成功部署到邊緣裝置上,並且使用自動化滲透工具測試實時偵測的實用性與可靠性,大大提升了邊緣裝置的安全性,為日後在資源受限的環境下防禦 SQL 注入攻擊提供一個基礎。
With the rise of edge device applications, more complex functional products will emerge in the future. However, it is crucial to also address the importance of information security. To prevent the leakage of user privacy, cybersecurity protection for edge devices is of great significance. Therefore, this thesis specifically focuses on the detection of SQL injection attacks. We discuss the shortcomings of traditional and modern methods, which include insufficient accuracy and high computational resource requirements, making them unsuitable for effective deployment on edge devices. This thesis proposes a customized Tokenizer and a lightweight hybrid neural network model to improve the accuracy of SQL injection attack detection while reducing the model's parameter count and inference time, facilitating deployment on edge devices. Additionally, we integrate an existing SentencePiece Tokenizer with our Proposed Model to provide a simplified training process for non-expert cybersecurity personnel. In the experimental part of this thesis, we set up a database and a simple website on an edge device to simulate practical application scenarios for testing. We successfully deployed the model, which features a low parameter count, fast inference speed, and high accuracy, onto the edge device. Automated penetration tools were used to test the model's real-time detection practicality and reliability, significantly enhancing the security of edge devices. This provides a foundation for defending against SQL injection attacks in resource-constrained environments in the future.
With the rise of edge device applications, more complex functional products will emerge in the future. However, it is crucial to also address the importance of information security. To prevent the leakage of user privacy, cybersecurity protection for edge devices is of great significance. Therefore, this thesis specifically focuses on the detection of SQL injection attacks. We discuss the shortcomings of traditional and modern methods, which include insufficient accuracy and high computational resource requirements, making them unsuitable for effective deployment on edge devices. This thesis proposes a customized Tokenizer and a lightweight hybrid neural network model to improve the accuracy of SQL injection attack detection while reducing the model's parameter count and inference time, facilitating deployment on edge devices. Additionally, we integrate an existing SentencePiece Tokenizer with our Proposed Model to provide a simplified training process for non-expert cybersecurity personnel. In the experimental part of this thesis, we set up a database and a simple website on an edge device to simulate practical application scenarios for testing. We successfully deployed the model, which features a low parameter count, fast inference speed, and high accuracy, onto the edge device. Automated penetration tools were used to test the model's real-time detection practicality and reliability, significantly enhancing the security of edge devices. This provides a foundation for defending against SQL injection attacks in resource-constrained environments in the future.
Description
Keywords
SQL 注入攻擊, Tokenizer, 邊緣裝置, 輕量級混合神經網路, 資訊安全, SQL injection attack, Tokenizer, edge devices, lightweight hybrid neural network, information security