Abstract
Cybersecurity is a critical concern in the transportation sector, where web applications play a pivotal role in managing essential services and sensitive data. Among the various cyber threats, SQL injection attacks pose a significant risk, potentially leading to unauthorized access, data breaches, and disruption of transportation systems. To address this challenge, an advanced approach is proposed that combines Artificial Intelligence (AI) techniques and Natural Language Processing (NLP) to detect and mitigate SQL injection attacks in transportation web applications. In the data collection phase, a comprehensive dataset of real-world attack instances is selected from publicly available sources specializing in cybersecurity datasets. The dataset includes a diverse range of attack vectors and addresses the issue of class imbalance by incorporating both successful and unsuccessful attack attempts. The preprocessing step involves employing NLP techniques to transform the textual input data into a suitable format for AI-based detection. Tokenization, stop-word removal, and stemming are applied to ensure the model effectively analyze and recognize attack patterns. For detection, a logistic regression model is utilized to estimate the probability of a successful SQL injection attack based on the relevant features. Oversampling and undersampling techniques are employed to handle class imbalance and improve the model’s performance. Additionally, feature selection techniques are implemented to reduce noise and enhance pattern recognition. The evaluation of our proposed approach demonstrates a remarkable accuracy detection rate of 99.97%, indicating the model's high capability to identify SQL injection attacks. The precision and recall values further validate the model’s effectiveness in correctly detecting successful attacks and minimizing false positives. The success of our approach lies in its ability to integrate AI and NLP techniques effectively, offering a more robust and reliable solution for detecting and mitigating SQL injection attacks in transportation web applications. By addressing the limitations and exploring future research directions, our approach holds promise in bolstering cybersecurity measures and safeguarding critical transportation infrastructure from evolving cyber threats.
Similar content being viewed by others
Data availability
The data that support the findings of this study are available from the corresponding author upon reasonable request.
Code availability
Not applicable.
References
Abdulmalik Y (2021) An improved SQL injection attack detection model using machine learning techniques. Int J Innov Comput 11(1):53–57
Agbakwuru AO, Njoku DO (2021) SQL Injection Attack on Web Base Application: Vulnerability Assessments and Detection Technique. International Research Journal of Engineering and Technology 8(3):243–252
Alarfaj FK, Khan NA (2023) Enhancing the Performance of SQL Injection Attack Detection through Probabilistic Neural Networks. Appl Sci 13(7):4365
Alghawazi M, Alghazzawi D, Alarifi S (2023) Deep Learning Architecture for Detecting SQL Injection Attacks Based on RNN Autoencoder Model. Mathematics 11(15):3286
Bhardwaj S, Dave M (2021) Sql injection attack detection, evidence collection, and notifying system using standard intrusion detection system in network forensics. In Proceedings of International Conference on Computational Intelligence, Data Science and Cloud Computing: IEM-ICDC 2020. Springer, Singapore, p 681–692
Crespo-Martínez IS, Campazas-Vega A, Guerrero-Higueras ÁM, Riego-DelCastillo V, Álvarez-Aparicio C, Fernández-Llamas C (2023) SQL injection attack detection in network flow data. Comput Secur 127:103093
Deriba F, Salau AO, Mohammed SH, Kassa TM, Demilie WB (2022) Development of a compressive framework using machine learning approaches for SQL injection attacks. PRZEGLĄD ELEKTROTECHNICZNY 1(7):183–189
Falor A, Hirani M, Vedant H, Mehta P, Krishnan D (2022) A deep learning approach for detection of SQL injection attacks using convolutional neural networks. In Proceedings of Data Analytics and Management: ICDAM 2021, vol 2. Springer, Singapore, p 293–304
Hassan MM, Ahmad RB, Ghosh T (2021) SQL injection vulnerability detection using deep learning: a feature-based approach. Indonesian Journal of Electrical Engineering and Informatics (IJEEI) 9(3):702–718
Krishnan SA, Sabu AN, Sajan PP, Sreedeep AL (2021) SQL injection detection using machine learning. 11:11
Kumar MNA, Sujatha B (2022) Early Detection And Mitigation Methods For Sql Injection Attacks Using Adaptive Free Algorithm. Journal of Positive School Psychology 6(8):6315–6326
Lu D, Fei J, Liu L (2023) A Semantic Learning-Based SQL Injection Attack Detection Technology. Electronics 12(6):1344
Mokbal FMM, Dan W, Xiaoxi W, Wenbin Z, Lihua F (2021) XGBXSS: an extreme gradient boosting detection framework for cross-site scripting attacks based on hybrid feature selection approach and parameters optimization. Journal of Information Security and Applications 58:102813
NasereddinALKhamaiseh MA, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Information Security Journal: A Global Perspective 32(4):252–265
Nofal DE, Amer AA (2021) SQL injection attacks detection and prevention based on neuro—fuzzy technique. Machine learning and big data analytics paradigms: analysis, applications and challenges, p 93–112
Radhoush S, Vannoy T, Liyanage K, Whitaker BM, Nehrir H (2023) Distribution System State Estimation and False Data Injection Attack Detection with a Multi-Output Deep Neural Network. Energies 16(5):2288
Roy P, Kumar R, Rani P (2022) SQL injection attack detection by machine learning classifier. In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC). IEEE, p 394–400
Sivasangari A, Jyotsna J, Pravalika K (2021) SQL injection attack detection using machine learning algorithm. In 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI). IEEE, p 1166–1169
Yousef Alshunaifi S, Mishra S, Alshehri M (2022) Cyber-Attack Detection and Mitigation Using SVM for 5G Network. Intell Autom Soft Comput 31(1)
Acknowledgements
We hereby verify that Dr. Nachaat Mohamed is the exclusive author of this paper. We would like to express our appreciation to the Rabdan Academy, UAE, for their support and financial assistance. We genuinely appreciate the reviewers for their valuable feedback and suggestions, which significantly improved the research’s quality. We acknowledge the individuals who provided support throughout this undertaking, as their contributions were indispensable. We extend our heartfelt gratitude to all those involved in the completion of this research paper.
Funding
Not applicable.
Author information
Authors and Affiliations
Contributions
NM agreed on the content of the study. NM collected all the data for analysis. NM agreed on the methodology. NM completed the analysis based on agreed steps. Results and conclusions are discussed and written together. The author read and approved the final manuscript.
Corresponding author
Ethics declarations
Informed consent
Informed consent was obtained from all individual participants included in the study.
Consent to participate
Not applicable.
Consent for publication
Not applicable.
Human and animal rights
This article does not contain any studies with human or animal subjects performed by any of the authors.
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Mohamed, N. Securing transportation web applications: An AI-driven approach to detect and mitigate SQL injection attacks. J Transp Secur 17, 2 (2024). https://doi.org/10.1007/s12198-023-00269-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12198-023-00269-x