SQL Injection Detection using Machine Learning: A Review
DOI:
https://doi.org/10.33102/mjosht.v10i1.368Keywords:
Cybersecurity, Machine Learning, SQL Injection DetectionAbstract
SQL injection attacks are critical security vulnerability exploitation in web applications, posing risks to data, if successfully executed, allowing attackers to gain unauthorised access to sensitive data. Due to the absence of a standardised structure, traditional signature-based detection methods face challenges in effectively detecting SQL injection attacks. To overcome this challenge, machine learning (ML) algorithms have emerged as a promising approach for detecting SQL injection attacks. This paper presents a comprehensive literature review on the utilisation of ML techniques for SQL injection detection. The review covers various aspects, including dataset collection, feature extraction, training, and testing, with different ML algorithms. The studies included in the review demonstrate high levels of accuracy in detecting attacks and reducing false positives.
Downloads
References
"OWASP Top10 - 2021," 2021. [Online]. Available: https://owasp.org/Top10/. [Accessed 14 May 2023].
J. Clarke, SQL Injection Attacks and Defense, vol. 2, Waltham: Elsevier, 2012.
M. A. Oudah, M. F. Marhusin and A. Narzullaev, "SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches," in International Conference on Information Systems and Intelligent Applications, Springer, Cham, 2022, pp. 707-720. DOI: 10.1007/978-3-031-16865-9_57.
S. Uwagbole, W. J. Buchanan and L. Fan, "Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention," in 3RD IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Lisbon, Portugal, 2017. DOI: 10.23919/INM.2017.7987433.
M. Soni, A. Prakash, H. Mittal and M. Tiwari, "Honeypot Approach for Web Security," International Journal of Engineering Research in Computer Science and Engineering (IJERCSE), pp. 128-132, 19 April 2018.
J. P. Singh, "Analysis of SQL Injection Detection Techniques," Theoretical and Applied Informatics, May 2016. DOI : 10.48550/arXiv.1605.02796.
M. Mohammed, M. B. Khan and E. B. Mohammed Bashier, Machine Learning: Algorithms and Applications, CRC Press, 2016. DOI: 10.1201/9781315371658.
I. M. M. Matin and B. Rahardjo, "Malware Detection Using Honeypot and Machine Learning," in The 7th International Conference on Cyber and IT Service Management (CITSM 2019), Kuala Lumpur, 2019. DOI: 10.1109/CITSM47753.2019.8965419.
W. B. Demilie and F. G. Deriba, "Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques," Journal of Big Data, 2022. DOI:10.15199/48.2022.07.30.
S. A. Krishnan, A. N. Sabu, P. P Sajan and A. Sreedeep, "SQL Injection Detection Using Machine Learning," Revista Gestão Inovação e Tecnologias, pp. 300-310, June 2021. DOI:10.47059/revistageintec.v11i3.1939.
F. Y. Hernawan, I. Hidayatulloh and I. F. Adam, "Hybrid method integrating SQL-IF and Naïve Bayes for SQL injection attack avoidance," Journal of Engineering and Applied Technology, vol. 1, no. 2, pp. 85-96, August 2020. DOI:10.21831/jeatech.v1i2.35497.
H. K. Khanuja, P. Gadekar, S. Kulkarni, S. Kulkarni and S. More, "Web Application Security Scanning using Machine Learning," International Journal of Engineering Research in Computer Science and Engineering (IJERCSE), vol. 8, no. 8, pp. 21-27, August 2021. DOI : 01.1617/vol8/iss8/pid37860
B. A. Pham and V. H. Subburaj, "An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms," Journal of The Colloquium for Information Systems Security Education, vol. 8, no. 1, pp. 1-5, 2020. DOI:10.1007/978-3-031-28975-0_1.
Y. Abdulmalik, "An Improved SQLInjection Attack Detection Model Using Machine Learning Techniques," International Journal of Innovative Computing, vol. 11, no. 1, pp. 53 - 57, 2021. DOI: 10.11113/ijic.v11n1.300.
O. Morufu , R. A. Egigogo, I. Idris and R. G. Jimoh, "A Naïve Bayes Based Pattern Recognition Model for Detection and Categorization of Structured Query Language Injection Attack," International Journal of Cyber-Security and Digital Forensics (IJCSDF), pp. 189-199, 2018. DOI: 10.17781/P002396.
J. E. T. Akinsola, O. Awodele and S. A. Idowu, "SQL Injection Attacks Predictive Analytics Using Supervised Machine Learning Techniques," International Journal of Computer Applications Technology and Research, vol. 9, no. 04, pp. 139-149, 2020. DOI:10.7753/IJCATR0904.1004.
T.P. Latchoumi, M. S. Reddy and K. Balamurugan, "Applied Machine Learning Predictive Analytics to SQL Injection AttackDetection and Prevention," European Journal of Molecular & Clinical Medicine, vol. 7, no. 02, pp. 3543-3553, 2020.
M. Kavitha, V. Vennila, G. Padmapriya and A. R. Kannan, "Prevention Of Sql Injection Attack Using Unsupervised Machine Learning Approach," International Journal of Aquatic Science ISSN: 2008-8019 vol. 12, no. 03, pp. 1413-1424, 2021.
J. M. Alkhatami and S. M. Alzahrani, "Detection Of Sql Injection Attacks Using Machine Learning In Cloud Computing Platform," Journal of Theoretical and Applied Information Technology, E-ISSN: 1817-3195 vol. 100, no. 15, pp. 5446-5459, 15 August 2022.
M. A. Azman, M. F. Marhusin and R. Sulaiman, "Machine Learning-Based Technique to Detect SQL Injection Attack," Journal of Computer Science, pp. 296-303, 2021. DOI:10.3844/jcssp.2021.296.303.
U. Farooq, "Ensemble Machine Learning Approaches for Detection of SQL Injection Attack," in International Conference on Convergence of Smart Technologies IC2ST-2021, Pune, 2021. DOI: 10.31803/tg-20210205101347.
S. Mishra, "SQL Injection Detection Using Machine Learning, Master's Projects," SJSU ScholarWorks, 5 May 2019.
J. Triloka, H. Hartono and S. Sutedi, "Detection of SQL Injection Attack Using Machine Learning Based on Natural Language Processing," International Journal of Artificial Intelligence Research, vol. 6, no. 2, December 2022. DOI: 10.29099/ijair.v6i2.355.
H. S. Anderson and P. Roth, "EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models," 2018.
M. Wang and C. Wang, "Detection of SQL Injection Attack Based on Improved TFIDF Algorithm," in International Conference on Mechanisms and Robotics (ICMAR 2022), Zhuhai, 2022. DOI: 10.1117/12.2652203.
W.B. Demilie, F.G. Deriba, Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques. J Big Data 9, 124 (2022). DOI: 10.1186/s40537-022-00678-0.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Mohammed A M Oudah, Mohd Fadzli Marhusin
This work is licensed under a Creative Commons Attribution 4.0 International License.
The copyright of this article will be vested to author(s) and granted the journal right of first publication with the work simultaneously licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license, unless otherwise stated.