with the rapid development of Internet, more and more enterprises, research and finance institutions connect their databases to the Internet for resource sharing. However, due to developers' technical may be uneven, or they does not take security considerations into account, web applications become vulnerable to the attacks, thus the network databases will face the threats. Many e-service
... [Show full abstract] providers are reported to have leaked customers' information through their websites. This paper presents a learning-based anomaly detection model of SQL attacks deployed between web server and database server; it creates a legitimate library while learning, and detects the threats using the library. This model recovers the fault of signature-based model which can not detect new types of attacks. Compared to the traditional anomaly detection technology, it is more flexible and can eliminate the complicated steps of establish the legal library manually.