Machine Learning-Based Technique to Detect SQL Injection Attack
- 1 Universiti Sains Islam Malaysia, Malaysia
- 2 Universiti Kebangsaan Malaysia, Malaysia
Abstract
Lack of secure codes implemented in the web apps will lead to cyber-attack because of vulnerabilities. The statistic shows that highest record on the data theft related cyber-attacks are through the SQL injection technique. Hence, an effective SQL injection detection is needed in any web system to combat this threat. In this research, machine learning technique is used where training is provided to the SQL injection detector using a training data and then is evaluated against a testing data. The research relies on the preparation of the training and testing datasets. Training sets are used by the detector to establish the knowledge base and the test set is used to evaluate the performance of the detector. The result of the detection shows that the proposed technique produces high accuracy in recognizing malicious and benign web requests.
DOI: https://doi.org/10.3844/jcssp.2021.296.303
Copyright: © 2021 Muhammad Amirulluqman Azman, Mohd Fadzli Marhusin and Rossilawati Sulaiman. This is an open access article distributed under the terms of the
Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 3,899 Views
- 4,197 Downloads
- 15 Citations
Download
Keywords
- Machine Learning
- Signature-Based
- Knowledge-Based
- SQL Injection
- SQL Injection Tools