Machine Learning Approaches for Detection of SQL Injection Attacks
DOI:
https://doi.org/10.70356/jafotik.v3i1.50Keywords:
Cybersecurity, Deep Neural Networks, Machine Learning, SQL Injection Attacks, Support Vector MachinesAbstract
This study addresses the escalating cybersecurity challenges posed by SQL injection attacks in web applications and databases. This study aims to explore and evaluate the effectiveness of machine learning techniques in detecting SQL injection attacks, providing insights into the current state of research. The research involves collecting a relevant dataset of normal and malicious SQL queries, training and testing machine learning models (Support Vector Machines, Deep Neural Networks, and Random Forest). The Deep Neural Networks model stand out with the highest accuracy 0.95 and recall 0.98, indicating its robust capability to correctly classify instances of SQL Injection Attacks. The study contributes valuable insights into the current landscape of machine learning applications for SQL injection detection, providing a foundation for further exploration and analysis in this critical cybersecurity domain.
Downloads
References
Crespo-Martínez IS, Campazas-Vega A, Guerrero-Higueras ÁM, Riego-DelCastillo V, Álvarez-Aparicio C, Fernández-Llamas C. SQL injection attack detection in network flow data. Comput Secur. 2023;127. Available from: https://doi.org/10.1016/j.cose.2023.103093
Abaimov S, Bianchi G. A survey on the application of deep learning for code injection detection. Array [Internet]. 2021;11(July):100077. Available from: https://doi.org/10.1016/j.array.2021.100077
Devalla V, Srinivasa Raghavan S, Maste S, Kotian JD, Annapurna D. MURLi: A Tool for Detection of Malicious URLs and Injection Attacks. Procedia Comput Sci [Internet]. 2022;215:662–76. Available from: https://doi.org/10.1016/j.procs.2022.12.068
Marashdih AW, Zaaba ZF, Suwais K. An Enhanced Static Taint Analysis Approach to Detect Input Validation Vulnerability. J King Saud Univ - Comput Inf Sci [Internet]. 2023;35(2):682–701. Available from: https://doi.org/10.1016/j.jksuci.2023.01.009
Balasundaram I, Ramaraj E. An efficient technique for detection and prevention of SQL injection attack using ASCII based string matching. Procedia Eng [Internet]. 2012;30(2011):183–90. Available from: http://dx.doi.org/10.1016/j.proeng.2012.01.850
Kurniawan A, Abbas BS, Trisetyarso A, Isa SM. Static Taint Analysis Traversal with Object Oriented Component for Web File Injection Vulnerability Pattern Detection. Procedia Comput Sci [Internet]. 2018;135:596–605. Available from: https://doi.org/10.1016/j.procs.2018.08.227
Alwahedi F, Aldhaheri A, Ferrag MA, Battah A, Tihanyi N. Machine learning techniques for IoT security: Current research and future vision with generative AI and large language models. Internet Things Cyber-Physical Syst [Internet]. 2024;4(December 2023):167–85. Available from: https://doi.org/10.1016/j.iotcps.2023.12.003
Nagabhooshanam N, ganapathy NB sundara, Ravindra Murthy C, Mohammed Saleh AA, CosioBorda RF. Neural network based single index evaluation for SQL injection attack detection in health care data. Meas Sensors [Internet]. 2023;27(February):100779. Available from: https://doi.org/10.1016/j.measen.2023.100779
Sanmorino A. Development of computer assisted instruction (CAI) for compiler model: The simulation of stack on code generation. In: Proceedings of the 2012 International Conference in Green and Ubiquitous Technology, GUT 2012. 2012. Available from: https://doi.org/10.1109/GUT.2012.6344164
Chakir O, Rehaimi A, Sadqi Y, Abdellaoui Alaoui EA, Krichen M, Gaba GS, et al. An empirical assessment of ensemble methods and traditional machine learning techniques for web-based attack detection in industry 5.0. J King Saud Univ - Comput Inf Sci [Internet]. 2023;35(3):103–19. Available from: https://doi.org/10.1016/j.jksuci.2023.02.009
Al Nuaimi T, Al Zaabi S, Alyilieli M, AlMaskari M, Alblooshi S, Alhabsi F, et al. A comparative evaluation of intrusion detection systems on the edge-IIoT-2022 dataset. Intell Syst with Appl [Internet]. 2023;20(May):200298. Available from: https://doi.org/10.1016/j.iswa.2023.200298
Sanmorino A. Pemanfaatan teknologi informasi berupa web based application pada sektor usaha kecil dan menengah. Jurnal Informatika Global, vol. 1, no. 1, pp. 7–13, 2017. Available from: https://doi.org/10.36982/jam.v1i1.283
Sanmorino A., Ermatita, and Samsuryadi. The preliminary results of the kms model with additional elements of gamification to optimize research output in a higher education institution. Int. J. Eng. Adv. Technol., vol. 8, no. 5, 2019.
Osa E, Orukpe PE, Iruansi U. Design and implementation of a deep neural network approach for intrusion detection systems. e-Prime - Adv Electr Eng Electron Energy [Internet]. 2024;7(December 2023):100434. Available from: https://doi.org/10.1016/j.prime.2024.100434
Vishwakarma M, Kesswani N. DIDS: A Deep Neural Network based real-time Intrusion detection system for IoT. Decis Anal J [Internet]. 2022;5(November):100142. Available from: https://doi.org/10.1016/j.dajour.2022.100142
Ishaque M, Johar MGM, Khatibi A, Yamin M. A novel hybrid technique using fuzzy logic, neural networks and genetic algorithm for intrusion detection system. Meas Sensors [Internet]. 2023;30(March):100933. Available from: https://doi.org/10.1016/j.measen.2023.100933
Devalla V, Srinivasa Raghavan S, Maste S, Kotian JD, Annapurna D. MURLi: A Tool for Detection of Malicious URLs and Injection Attacks. Procedia Comput Sci [Internet]. 2022;215:662–76. Available from: https://doi.org/10.1016/j.procs.2022.12.068
Crespo-Martínez IS, Campazas-Vega A, Guerrero-Higueras ÁM, Riego-DelCastillo V, Álvarez-Aparicio C, Fernández-Llamas C. SQL injection attack detection in network flow data. Comput Secur. 2023;127.
Muhammad Salman Bukhari S, Zafar MH, Houran MA, Qadir Z, Kumayl Raza Moosavi S, Sanfilippo F. Enhancing cybersecurity in Edge IIoT networks: An asynchronous federated learning approach with a deep hybrid detection model. Internet of Things (Netherlands) [Internet]. 2024;27(January):101252. Available from: https://doi.org/10.1016/j.iot.2024.101252
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Ican Anwar
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
