Abstract
The risk of attacks on web systems increased with the reliance of web systems in a wide range of businesses, and attackers invent new techniques to crack these systems. According to OWASP SQL injection stays one of the top 10 web applications security risks. This research use machine learning to detect SQL injection attacks, we used four machine learning models to detect SQL injection attacks. An insight into the data showing that data preparation and feature extraction have influenced the detection accuracy. The used training dataset is a combination of live requests extracted from user requests log file and a training dataset contains records of benign and malicious SQL queries. Then we compared the use of these models in term of detection quality and speed of training, results showed that Support Vector Model achieved highest detection accuracy with .997 accuracy followed by Extreme Gradient Boosting with .995 accuracy. In other hand Naïve Bayes using N-gram level feature extraction model was the fastest model it required 6 ms to train the classifier.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OWASP, “OWASP Top 10 web application security,” OWASP foundation (2021). https://owasp.org/www-project-top-ten/. Accessed 15 Feb 2021
Jemal I, Cheikhrouhou O, Hamam H, Mahfoudhi A (2020) SQL injection attack detection and prevention techniques using machine learning. Int J Appl Eng Res 15(6):569–580 (ISSN 0973-4562)
Fakhreddine A (2019) State of the internet. Akamai Technologies, Inc, Cambridge
Binu S, Ashish K (2018) Proposed method for SQL injection detection and its prevention. Int J Eng Technol 7:213–216
Clarke J (2012) SQL Injection Attacks and Defense, vol 2. Elsevier, Waltham
Positive technologies, “Web Application Attack Statistics: Q2 2017,” Positive Technologies, 14 Sep 2017. https://www.ptsecurity.com/ww-en/analytics/web-application-attack-statistics-q2-2017/. Accessed 19 23 2020
Puneet SJ (2016) Analysis of SQL injection detection techniques. ArXiv preprint arXiv:1605.02796
Alwan ZS, Younis MF (2017) Detection and prevention of SQL injection attack : a survey. Int J Comput Sci Mob Comput 6(8):5–17
Ramasamy P, Abburu DS (2012) SQL injection attack detection and prevention. Int J Eng Sci Technol (IJEST) 4:1396–1401
Shegokar AM, Manjaramkar AK (2014) A survey on SQL injection attack, detection and prevention techniques. Int J Comput Sci Inf Technol (IJCSIT) 5(2):2553–2555
Mohammed MMZE, Khan MB, Mohammed Bashier EB (2017) Machine learning: algorithms and applications. Taylor & Francis Group, LLC, NewYork
Kadhim AI, Cheah Y-N, Hieder IA, Ali RA (2017) Improving TF-IDF with singular value decomposition (SVD) for feature extraction on twitter. 3rd International engineering conference on developments in civil & computer engineering
Kumawat D (2019) 7 Natural Language Processing Techniques for Extracting Information, AnalyticsSteps, 18 November 2019. https://www.analyticssteps.com/blogs/7-natural-language-processing-techniques-extracting-information. Accessed 21 Sep 2021
Marhusin F, Lokan CJ (2018) A preemptive behaviour-based malware detection through analysis of API calls sequence inspired by human immune system. Int J Eng Technol 7(4):113–119
Pham BA, Subburaj VH (2020) An experimental setup for detecting SQLi attacks using machine learning algorithms. J Colloquium Info Syst Secur Educ 8(1):1–5
Mishra S (2019) SQL injection detection using machine learning, master's projects. SJSU ScholarWorks
Azman MA, Marhusin MF, Sulaiman R (2021) Machine learning-based technique to detect SQL injection attack. J Comput Sci 17:296–303
Uwagbole S, Buchanan WJ, Fan L (2017) Applied machine learning predictive analytics to SQL injection attack detection and prevention. 3rd IEEE/IFIP workshop on security for emerging distributed network technologies (DISSECT), Lisbon, Portugal
Cheon EH, Huang Z, Sik Lee Y (2013) Preventing SQL injection attack based on machine learning. Int J Adv Comput Technol (IJACT) 5(9):967–974
Abdulmalik Y (2021) An improved SQLInjection attack detection model using machine learning techniques. Int J Innov Comput 11(1):53–57
Shah SSH (2020) Kaggle.com 03 Mar 2020. https://www.kaggle.com/syedsaqlainhussain/sql-injection-dataset?select=SQLiV3.csv. Accessed 10 May 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Oudah, M.A., Marhusin, M.F., Narzullaev, A. (2023). SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches. In: Al-Emran, M., Al-Sharafi, M.A., Shaalan, K. (eds) International Conference on Information Systems and Intelligent Applications. ICISIA 2022. Lecture Notes in Networks and Systems, vol 550. Springer, Cham. https://doi.org/10.1007/978-3-031-16865-9_57
Download citation
DOI: https://doi.org/10.1007/978-3-031-16865-9_57
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16864-2
Online ISBN: 978-3-031-16865-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)