Detection of SQL Injection Attack Using Machine Learning Techniques
DOI:
https://doi.org/10.32628/IJSRST24114323Keywords:
SQL Injection, Cross Side Scripting, Denial of Service Attack, Naïve Bias, Gradient BoostingAbstract
SQL injection attacks (SQLIAs) remain a prevalent threat to web applications, exploiting vulnerabilities in database interactions to compromise data security. Detecting such attacks effectively is crucial for ensuring robust application security. This study investigates the use of machine learning techniques to identify SQLIAs by analyzing patterns and features in SQL queries. A dataset comprising both legitimate and malicious SQL queries is utilized to train and evaluate various machine learning models, including decision trees, support vector machines, and neural networks. The proposed approach achieves high accuracy in distinguishing between benign and malicious queries, showcasing the potential of machine learning for proactive SQLIA detection. The findings highlight the importance of feature selection, algorithm choice, and real-time detection capabilities in mitigating the risk of SQL injection attacks. This research provides a foundation for developing intelligent, automated systems to enhance the security of database-driven applications.
Downloads
References
Laila Aburashed1,Marah AL Amoush1, Wardeh Alrefai1 “SQL Injection Attack Detection Using Machine Learning Algorithms ‖ ISSN: 3030-5241, 15 June 2024. DOI: https://doi.org/10.37934/sijml.2.1.112
Hakan Can Altunay. "Detection of SQL Injection Attacks Using Machine Learning Algorithms Based on NLP-Based Feature Extraction” 11 December 2023. DOI: https://doi.org/10.1109/UBMK63289.2024.10773483
Maha Alghawazi , Daniyal Alghazzawi and Suaad Alarifi “Detection of SQL Injection Attack Using Machine Learning Techniques” Volume 2, Issue 4 ,20 September 2022 . DOI: https://doi.org/10.3390/jcp2040039
Ravi Raj Choudhary; Susheela Verma; Gaurav Meena. "Detection of SQL Injection attack Using Machine Learning” 17-19 December 2021. DOI: https://doi.org/10.1109/TRIBES52498.2021.9751616
Binh An Pham, Vinitha Hannah Subburaj “An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms” Volume 8, No. 1, 2020.
Tareek Pattewar,Hitesh Patil, Harshada Patil, Neha Patil, Muskan Taneja, Tushar Wadile "Detection of SQL Injection using Machine Learning” Volume: 06, Issue: 11, ISSN: 2395-0072, Nov 2019.
S. Steiner, D. Conte de Leon, and J. Alves-Foss. (2017). AStructured Analysis of SQL Injection
Runtime MitigationTechniques. Proc. 50th Hawaii Int. Conf. Syst. Sci., 2887-2895.Doi: 10.24251/hicss.2017.349. DOI: https://doi.org/10.24251/HICSS.2017.349
W. G. J. Halfond, J. Viegas, and A. Orso. (2008). AClassification of SQL Injection Attacks and Countermeasures.Prev. Sql Code Inject. By Comb. Static Runtime Anal., 53.
P. Kumar and R. K. Pateriya. (2012). ASurveyonSQLInjection Attacks, Detection and Prevention Techniques. 20123rd Int. Conf. Comput. Commun. Netw. Technol. ICCCNT2012.Doi:10.1109/ICCCNT.2012.6396096. DOI: https://doi.org/10.1109/ICCCNT.2012.6396096
G. Wassermann and Z. Su. (2004). An Analysis FrameworkforSecurity in Web Applications. SAVCBS 2004 Specif. Verif.Component-Based Syst., 70. [Online]. Available:http://web.cs.ucdavis.edu/~su/publications/savcbs.pdf%0Ahttp://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.72.2255&rep=rep1&type=pdf#page=82.
C. Gould, Z. Su, and P. Devanbu. (2004). JDBCChecker:A Static Analysis Tool for SQL/JDBC Applications. Proc. - Int. Conf. Softw. Eng., 26, 697-698. Doi: 10.1109/icse.2004.1317494. DOI: https://doi.org/10.1109/ICSE.2004.1317494
Y. Kosuga, K. Kono, M. Hanaoka, M. Hishiyama, and Y. Takahama. (2007). Sania: Syntactic and Semantic Analysis for Automated Testing Against SQL Injection. Proc. - Annu. Comput. Secur. Appl. Conf. ACSAC, 107-116. Doi: 10.1109/ACSAC.2007.20. DOI: https://doi.org/10.1109/ACSAC.2007.20
X. Fu, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao. (2007). A Static Analysis Framework for Detecting SQL Injection Vulnerabilities. Proc. - Int. Comput. Softw. Appl. Conf., 1(August), 87-94. Doi: 10.1109/COMPSAC.2007.43. DOI: https://doi.org/10.1109/COMPSAC.2007.43
D. Appelt, C. D. Nguyen, L. C. Briand, and N. Alshahwan. (2014). Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach. 2014 Int. Symp. Softw. Test. Anal. ISSTA 2014 - Proc., May, 259-269. Doi: 10.1145/2610384.2610403. DOI: https://doi.org/10.1145/2610384.2610403
A. Ciampa, C. A. Visaggio, and M. Di Penta. (2010). A Heuristic-based Approach for Detecting SQL-injection Vulnerabilities in Web Applications. Proc. - Int. Conf. Softw. Eng., January, 43-49. Doi: 10.1145/1809100.1809107. DOI: https://doi.org/10.1145/1809100.1809107
Y. Shin. (2004). Improving the Identification of Actual InputManipulation Vulnerabilities, 1-4. [12] W. G. J. Halfond and A. Orso. (2005). AMNESIA: Analysisand Monitoring for Neutralizing SQL-injection Attacks. 20thIEEE/ACM Int. Conf. Autom. Softw. Eng. ASE2005, 174-183.Doi: 10.1145/1101908.1101935. DOI: https://doi.org/10.1145/1101908.1101935
R. Mui and P. Frankl. (2010). Preventing SQLInjectionthrough Automatic Query Sanitization with ASSIST. Electron.Proc. Theor. Comput. Sci., 35, 27-38. Doi: 10.4204/eptcs.35.3. DOI: https://doi.org/10.4204/EPTCS.35.3
R. Dharam and S. G. Shiva. (2012). Runtime MonitoringTechnique to handle Tautology based SQL InjectionAttacks.Int. J. Cyber-Security Digit. Forensics (IJCSDF), 1(3), 189-203,
W. Qing and C. He. (2016). The Research of anAOP-basedApproach to the Detection and Defense of SQLInjectionAttack, 731-737. Doi: 10.2991/aest-16.2016.98. DOI: https://doi.org/10.2991/aest-16.2016.98
A. Ghafarian. (2018). A Hybrid Method for DetectionandPrevention of SQL Injection Attacks. Proc. Comput. Conf.2017, 833-838. Doi: 10.1109/SAI.2017.8252192. DOI: https://doi.org/10.1109/SAI.2017.8252192
Downloads
Published
Issue
Section
License
Copyright (c) 2024 International Journal of Scientific Research in Science and Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
