SQL Injection Detection using Machine Learning: A Review

Authors

  • Mohammed A M Oudah Cyber Security and Systems (CSS) Research Unit, Faculty of Sciences and Technology, Universiti Sains Islam Malaysia, 71800 Nilai, Negeri Sembilan, Malaysia.
  • Mohd Fadzli Marhusin Cyber Security and Systems (CSS) Research Unit, Faculty of Sciences and Technology, Universiti Sains Islam Malaysia, 71800 Nilai, Negeri Sembilan, Malaysia.

DOI:

https://doi.org/10.33102/mjosht.v10i1.368

Keywords:

Cybersecurity, Machine Learning, SQL Injection Detection

Abstract

SQL injection attacks are critical security vulnerability exploitation in web applications, posing risks to data, if successfully executed, allowing attackers to gain unauthorised access to sensitive data. Due to the absence of a standardised structure, traditional signature-based detection methods face challenges in effectively detecting SQL injection attacks. To overcome this challenge, machine learning (ML) algorithms have emerged as a promising approach for detecting SQL injection attacks. This paper presents a comprehensive literature review on the utilisation of ML techniques for SQL injection detection. The review covers various aspects, including dataset collection, feature extraction, training, and testing, with different ML algorithms. The studies included in the review demonstrate high levels of accuracy in detecting attacks and reducing false positives.

Downloads

Download data is not yet available.

References

"OWASP Top10 - 2021," 2021. [Online]. Available: https://owasp.org/Top10/. [Accessed 14 May 2023].

J. Clarke, SQL Injection Attacks and Defense, vol. 2, Waltham: Elsevier, 2012.

M. A. Oudah, M. F. Marhusin and A. Narzullaev, "SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches," in International Conference on Information Systems and Intelligent Applications, Springer, Cham, 2022, pp. 707-720. DOI: 10.1007/978-3-031-16865-9_57.

S. Uwagbole, W. J. Buchanan and L. Fan, "Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention," in 3RD IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Lisbon, Portugal, 2017. DOI: 10.23919/INM.2017.7987433.

M. Soni, A. Prakash, H. Mittal and M. Tiwari, "Honeypot Approach for Web Security," International Journal of Engineering Research in Computer Science and Engineering (IJERCSE), pp. 128-132, 19 April 2018.

J. P. Singh, "Analysis of SQL Injection Detection Techniques," Theoretical and Applied Informatics, May 2016. DOI : 10.48550/arXiv.1605.02796.

M. Mohammed, M. B. Khan and E. B. Mohammed Bashier, Machine Learning: Algorithms and Applications, CRC Press, 2016. DOI: 10.1201/9781315371658.

I. M. M. Matin and B. Rahardjo, "Malware Detection Using Honeypot and Machine Learning," in The 7th International Conference on Cyber and IT Service Management (CITSM 2019), Kuala Lumpur, 2019. DOI: 10.1109/CITSM47753.2019.8965419.

W. B. Demilie and F. G. Deriba, "Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques," Journal of Big Data, 2022. DOI:10.15199/48.2022.07.30.

S. A. Krishnan, A. N. Sabu, P. P Sajan and A. Sreedeep, "SQL Injection Detection Using Machine Learning," Revista Gestão Inovação e Tecnologias, pp. 300-310, June 2021. DOI:10.47059/revistageintec.v11i3.1939.

F. Y. Hernawan, I. Hidayatulloh and I. F. Adam, "Hybrid method integrating SQL-IF and Naïve Bayes for SQL injection attack avoidance," Journal of Engineering and Applied Technology, vol. 1, no. 2, pp. 85-96, August 2020. DOI:10.21831/jeatech.v1i2.35497.

H. K. Khanuja, P. Gadekar, S. Kulkarni, S. Kulkarni and S. More, "Web Application Security Scanning using Machine Learning," International Journal of Engineering Research in Computer Science and Engineering (IJERCSE), vol. 8, no. 8, pp. 21-27, August 2021. DOI : 01.1617/vol8/iss8/pid37860

B. A. Pham and V. H. Subburaj, "An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms," Journal of The Colloquium for Information Systems Security Education, vol. 8, no. 1, pp. 1-5, 2020. DOI:10.1007/978-3-031-28975-0_1.

Y. Abdulmalik, "An Improved SQLInjection Attack Detection Model Using Machine Learning Techniques," International Journal of Innovative Computing, vol. 11, no. 1, pp. 53 - 57, 2021. DOI: 10.11113/ijic.v11n1.300.

O. Morufu , R. A. Egigogo, I. Idris and R. G. Jimoh, "A Naïve Bayes Based Pattern Recognition Model for Detection and Categorization of Structured Query Language Injection Attack," International Journal of Cyber-Security and Digital Forensics (IJCSDF), pp. 189-199, 2018. DOI: 10.17781/P002396.

J. E. T. Akinsola, O. Awodele and S. A. Idowu, "SQL Injection Attacks Predictive Analytics Using Supervised Machine Learning Techniques," International Journal of Computer Applications Technology and Research, vol. 9, no. 04, pp. 139-149, 2020. DOI:10.7753/IJCATR0904.1004.

T.P. Latchoumi, M. S. Reddy and K. Balamurugan, "Applied Machine Learning Predictive Analytics to SQL Injection AttackDetection and Prevention," European Journal of Molecular & Clinical Medicine, vol. 7, no. 02, pp. 3543-3553, 2020.

M. Kavitha, V. Vennila, G. Padmapriya and A. R. Kannan, "Prevention Of Sql Injection Attack Using Unsupervised Machine Learning Approach," International Journal of Aquatic Science ISSN: 2008-8019 vol. 12, no. 03, pp. 1413-1424, 2021.

J. M. Alkhatami and S. M. Alzahrani, "Detection Of Sql Injection Attacks Using Machine Learning In Cloud Computing Platform," Journal of Theoretical and Applied Information Technology, E-ISSN: 1817-3195 vol. 100, no. 15, pp. 5446-5459, 15 August 2022.

M. A. Azman, M. F. Marhusin and R. Sulaiman, "Machine Learning-Based Technique to Detect SQL Injection Attack," Journal of Computer Science, pp. 296-303, 2021. DOI:10.3844/jcssp.2021.296.303.

U. Farooq, "Ensemble Machine Learning Approaches for Detection of SQL Injection Attack," in International Conference on Convergence of Smart Technologies IC2ST-2021, Pune, 2021. DOI: 10.31803/tg-20210205101347.

S. Mishra, "SQL Injection Detection Using Machine Learning, Master's Projects," SJSU ScholarWorks, 5 May 2019.

J. Triloka, H. Hartono and S. Sutedi, "Detection of SQL Injection Attack Using Machine Learning Based on Natural Language Processing," International Journal of Artificial Intelligence Research, vol. 6, no. 2, December 2022. DOI: 10.29099/ijair.v6i2.355.

H. S. Anderson and P. Roth, "EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models," 2018.

M. Wang and C. Wang, "Detection of SQL Injection Attack Based on Improved TFIDF Algorithm," in International Conference on Mechanisms and Robotics (ICMAR 2022), Zhuhai, 2022. DOI: 10.1117/12.2652203.

W.B. Demilie, F.G. Deriba, Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques. J Big Data 9, 124 (2022). DOI: 10.1186/s40537-022-00678-0.

Downloads

Published

2024-04-05

How to Cite

Mohammed A M Oudah, & Mohd Fadzli Marhusin. (2024). SQL Injection Detection using Machine Learning: A Review. Malaysian Journal of Science Health & Technology, 10(1), 39–49. https://doi.org/10.33102/mjosht.v10i1.368

Issue

Vol. 10 No. 1 (2024)

Section

Computer Science

License

Copyright (c) 2023 Mohammed A M Oudah, Mohd Fadzli Marhusin

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The copyright of this article will be vested to author(s) and granted the journal right of first publication with the work simultaneously licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license, unless otherwise stated.

Crossref
Scopus
Google Scholar
Europe PMC

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.