Classification of SQL injection attack using K-Means clustering algorithm

Abstract

Structured Query Language (SQL) injection has been the most vulnerable and dangerous attack. This attack can make the attacker retrieve any data from the web application. SQL Injection is classified under code injection attack and is easy to launch due to lack of programming skill in the query. Related studies have mentioned about the SQL injection attack in database manipulation. Nevertheless, they did not mention about the SQL injection features that can be used to detect the SQL attack. Although researchers and practitioners have proposed various methods to address the SQL injection problem, current approaches fail to address the full scope or limitations of the SQL injection attack. To address this problem, we present a classification of SQL injection attack purely on the features of query string using K-Means clustering algorithm. The SQL injection attack is divided into four classes that are Tautology, Inference, Basic Query and Blind Attack based on SQL command features. Our proposed classification of SQL injection attack using K-Means achieved best result tested using Decision Table algorithm with accuracy result for Tautology 99 percent, Inference 100 percent, Basic Query 99 percent and Blind Attack 100 percent.