SQL Injection Detection Using Machine Learning Techniques

Abstract

SQL Injection is one of the most popular cyberattacks in which hackers can gain unauthorized access to sensitive data such as customer information, trade secrets, etc. SQL Injection works by injecting malicious SQL code into user input fields in order to illegitimately read, update, or delete database contents. Detecting SQL Injection is a binary classification problem in which it is required to decide whether a user input is malicious (i.e., includes an injected SQL code) or benign. SQL Injection can be detected using rule-based, machine learning, or deep learning techniques. This paper focuses on machine learning techniques for SQL Injection detection. The paper defines 13 relevant features that can be extracted from user inputs, and it presents and evaluates 6 different machine learning algorithms. A feature selection process is also conducted, and the models achieve an accuracy up to 99.6%. The presented models show clear abilities to generalize to unseen data and perform well with a limited training set size. Overall, Logistic Regression is concluded to be the most performing model.