Detection of SQL Injection Attacks: A Machine Learning Approach

Document Type

Conference Proceeding

Source of Publication

2019 International Conference on Electrical and Computing Technologies and Applications, ICECTA 2019

Publication Date



© 2019 IEEE. With the rapid growth in online services, hacking (alternatively attacking) on online database applications has become a grave concern now. Attacks on online database application are being frequently reported. Among these attacks, the SQL injection attack is at the top of the list. The hackers alter the SQL query sent by the user and inject malicious code therein. Hence, they access the database and manipulate the data. It is reported in the literature that the traditional SQL injection detection algorithms fail to prevent this type of attack. In this paper, we propose a machine learning based heuristic algorithm to prevent the SQL injection attack. We use a dataset of 616 SQL statements to train and test 23 different machine learning classifiers. Among these classifiers, we select the best five classifiers based on their detection accuracy and develop a Graphical User Interface (GUI) application based on these five classifiers. We test our proposed algorithm and the results show that our algorithm is able to detect the SQL injection attack with a high accuracy (93.8%).




Institute of Electrical and Electronics Engineers Inc.


Computer Sciences


classifiers, Database application, database Security, machine learning, SQL detection, SQL injection

Scopus ID


Indexed in Scopus


Open Access