Author:
Mohammed A M Oudah ,Mohd Fadzli Marhusin
Abstract
SQL injection attacks are critical security vulnerability exploitation in web applications, posing risks to data, if successfully executed, allowing attackers to gain unauthorised access to sensitive data. Due to the absence of a standardised structure, traditional signature-based detection methods face challenges in effectively detecting SQL injection attacks. To overcome this challenge, machine learning (ML) algorithms have emerged as a promising approach for detecting SQL injection attacks. This paper presents a comprehensive literature review on the utilisation of ML techniques for SQL injection detection. The review covers various aspects, including dataset collection, feature extraction, training, and testing, with different ML algorithms. The studies included in the review demonstrate high levels of accuracy in detecting attacks and reducing false positives.
Publisher
Universiti Sains Islam Malaysia
Reference26 articles.
1. "OWASP Top10 - 2021," 2021. [Online]. Available: https://owasp.org/Top10/. [Accessed 14 May 2023].
2. J. Clarke, SQL Injection Attacks and Defense, vol. 2, Waltham: Elsevier, 2012.
3. M. A. Oudah, M. F. Marhusin and A. Narzullaev, "SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches," in International Conference on Information Systems and Intelligent Applications, Springer, Cham, 2022, pp. 707-720. DOI: 10.1007/978-3-031-16865-9_57.
4. S. Uwagbole, W. J. Buchanan and L. Fan, "Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention," in 3RD IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Lisbon, Portugal, 2017. DOI: 10.23919/INM.2017.7987433.
5. M. Soni, A. Prakash, H. Mittal and M. Tiwari, "Honeypot Approach for Web Security," International Journal of Engineering Research in Computer Science and Engineering (IJERCSE), pp. 128-132, 19 April 2018.