Attacks on SQL Injection and Developing Compressive Framework Using a Hybrid and Machine Learning Approach

Abstract

Abstract Web applications play an important role in everyday life. Various Web applications are used to carry out billions of online transactions. These applications are vulnerable to attacks due to their extensive use. The most prevalent attack is SQL injection, which accepts user input and runs queries in the backend based on the user's input, returning desired results. To counter the SQL injection attack, various approaches have been offered; however, the majority of them either fail to cover the full breadth of the problem. This research paper looks into frequent SQL injection attack forms, their mechanisms, and a way of identifying them based on the SQL query's existence. We propose a comprehensive framework for determining the effectiveness of techniques that address certain issues following the essence of the attack, using hybrid (Statistic and dynamic) and machine learning. An extensive examination of the model based on a test set indicates that the Hybrid and ANN approaches outperform Naive Bayes, SVM, and Decision trees in terms of accuracy in classifying injected Queries. However, when it came to web loading time during testing, Nave Bayes outperformed. The Hybrid Method improved the accuracy of SQL injection attack prevention, according to the test findings. Although we used a limited dataset for training and testing in our study, it is advised that the dataset be expanded and the model be tested in a real-world setting.