Detection of SQL Injection Attacks: A Machine Learning Approach
Source of Publication
2019 International Conference on Electrical and Computing Technologies and Applications, ICECTA 2019
© 2019 IEEE. With the rapid growth in online services, hacking (alternatively attacking) on online database applications has become a grave concern now. Attacks on online database application are being frequently reported. Among these attacks, the SQL injection attack is at the top of the list. The hackers alter the SQL query sent by the user and inject malicious code therein. Hence, they access the database and manipulate the data. It is reported in the literature that the traditional SQL injection detection algorithms fail to prevent this type of attack. In this paper, we propose a machine learning based heuristic algorithm to prevent the SQL injection attack. We use a dataset of 616 SQL statements to train and test 23 different machine learning classifiers. Among these classifiers, we select the best five classifiers based on their detection accuracy and develop a Graphical User Interface (GUI) application based on these five classifiers. We test our proposed algorithm and the results show that our algorithm is able to detect the SQL injection attack with a high accuracy (93.8%).
Institute of Electrical and Electronics Engineers Inc.
Social and Behavioral Sciences
classifiers, Database application, database Security, machine learning, SQL detection, SQL injection
Hasan, Musaab; Balbahaith, Zayed; and Tarique, Mohammed, "Detection of SQL Injection Attacks: A Machine Learning Approach" (2019). All Works. 1223.
Indexed in Scopus