Abstract
Web apps are the most extensively utilized digital platforms due to their cross-platform compatibility and the fact that they do not need users to install anything in order to use them, making the usage of online applications on a vast scale, and therefore, the security risk of web apps is increasing. SQL injection is one of the most dangerous security assaults, causing damage to a company's reputation, financial losses, and the privacy of its clients. Various classification algorithms can be used to determine whether a particular code is malicious or plain. Some of the neural network and machine learning algorithms are Naive Bayes classifier, LSTM, MLP, and SVM which can be used for the detection of SQL Injection attacks. We compared various algorithms on a common dataset in this study to see how well they performed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
DataReportal—Global Digital Insights (2022) DataReportal—global digital insights. http://datareportal.com/reports/digital-2019-global-digital-overview
Morgan D (2006) SQL Injection: Web application security—SQL injection attacks. Netw Secur 4:4–5. https://doi.org/10.1016/S1353-4858(06)70353-1
Imperva Web Application Attack Report (WAAR) #5 | Imperva (2014) Blog. www.imperva.com/blog/imperva-web-application-attack-report-waar-5
2021 Global Threat Intelligence Report (2022) NTT. https://services.global.ntt/nl-nl/insights/2021-global-threat-intelligence-report
Hwang G-H, Chang T-K (2004) An operational model and language support for securing XML documents. Comput Secur 23:498–529. https://doi.org/10.1016/j.cose.2004.03.003
Mishra N, Pandya S (2021) Internet of things applications, security challenges, attacks, intrusion detection, and future visions: a systematic review. IEEE Access 9:59353–59377. https://doi.org/10.1109/ACCESS.2021.3073408
Devi MI, Rajaram DR, Selvakuberan K (2007) Machine learning techniques for automated web page classification using URL features. In: International conference on conference on computational intelligence & multimedia applications
Preethi V, Velmayil G (2016) Automated phishing website detection using URL features and machine learning technique
Joshi A, Geetha V (2014) SQL Injection detection using machine learning. In: International Conference on Control
Wu XR, Chan PPK (2012) SQL injection attacks detection in adversarial environments by k-centers. In: International conference on machine learning & cybernetics
Zhao WD, Dai WH, Tang CB (2007) K-centers algorithm for clustering mixed type data. In: Advances in knowledge discovery & data mining, Pacific-Asia conference, Pakdd, Nanjing, China
Lecun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436
Wang Y, Cai WD, Wei PC (2016) A deep learning approach for detecting malicious JavaScript code. Secur Commun Netw 9(11):1520–1534
Clarke J (2009) Platform-level defenses. In: Clarke J (ed) SQL injection attacks and defense. Syngress, Boston, pp 377–413 Chapter 9
Tian W, Yang J, Xu J, Si G (2012) Attack model based penetration test for SQL injection vulnerability. In: 2012 IEEE 36th annual computer software and applications conference workshops, pp 589–594
Buja G, Jalil KBA, Ali FBHM, Rahman TFA (2014) Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. In: 2014 IEEE symposium on computer applications and industrial electronics, ISCAIE, pp 60–64
Xiang F, Xin L, Peltsverger B, Chen S, Kai Q, Tao LX (2007) A static analysis framework for detecting SQL injection vulnerabilities. In: International computer software & applications conference
Joshi A (2014) International conference on control, instrumentation, communication and computational technologies (ICCICCT). https://doi.org/10.1109/ICCICCT.2014.6993127
Sheykhkanloo NM (2014) Employing neural networks for the detection of SQL injection attack. In: Proceedings of the 7th international conference on security of information and networks (SIN '14). Association for Computing Machinery, New York, NY, USA, pp 318–323. https://doi.org/10.1145/2659651.2659675
Preethi V, Velmayil G, Automated phishing website detection using URL features and machine learning technique
Kamtuo K, Soomlek C (2017) Machine learning for SQL injection prevention on server-side scripting. In: Computer science & engineering conference
Yuan G, Li B, Yao Y, Zhang S (2017) A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection. In: 2017 international joint conference on neural networks (IJCNN), Anchorage, AK, USA, pp 3896–3903. https://doi.org/10.1109/IJCNN.2017.7966347
Jothi KR, Pandey N, Beriwal P, Amarajan A (2021) An efficient SQL injection detection system using deep learning. In: 2021 international conference on computational intelligence and knowledge economy (ICCIKE), Dubai, United Arab Emirates, pp 442–445. https://doi.org/10.1109/ICCIKE51210.2021.9410674
Lin P, Jinshuang W, Ping C, Lanjuan Y (2020) SQL injection attack and detection based on GreenSQL pattern input whitelist. In: 2020 IEEE 3rd international conference on information systems and computer aided education (ICISCAE), pp 187–190. https://doi.org/10.1109/ICISCAE51034.2020.9236824
Latchoumi, *TP, Reddy MS, Balamurugan K (2020) Applied machine learning predictive analytics to SQL injection attack detection and prevention. European J Mol & Clin Med 7(2):3543–3553
Tang P, Qiu W, Huang Z, Lian H, Liu G (2020) Detection of SQL injection based on artificial neural network. Know -Based Syst 190, C https://doi.org/10.1016/j.knosys.2020.105528
Abikoye OC, Abubakar A, Dokoro AH et al (2020) A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth—Morris--Pratt string match algorithm. EURASIP J Sec 2020:14. https://doi.org/10.1186/s13635-020-00113-y
Liu H (1997) Machine learning and deep learning M39
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Longstaff ID, Cross JF (1987) A pattern recognition approach to understanding the multi-layer perceptron. Pattern Recognit Lett 5(5):315–319
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–80. https://doi.org/10.1162/neco.1997.9.8.1735
Utku A, Doğru İA (2016) Mobil kötücül yazilimlar ve güvenlik çözümleri üzerine bir inceleme. Gazi Univ J Sci Part C: Des Technol 4(2):49–64. https://dergipark.org.tr/en/pub/gujsc/issue/24939/263250
Guamán D, Guamán F, Jaramillo D, Correa R (2016) Implementation of techniques, standards and safety recommendations to prevent XSS and SQL Injection attacks in Java EE RESTful applications. New Adv Inf Syst Technol 2016:691–706.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sharma, V., Kumar, S. (2023). Comparative Study of Machine Learning Algorithms for Prediction of SQL Injections. In: Shukla, P.K., Singh, K.P., Tripathi, A.K., Engelbrecht, A. (eds) Computer Vision and Robotics. Algorithms for Intelligent Systems. Springer, Singapore. https://doi.org/10.1007/978-981-19-7892-0_36
Download citation
DOI: https://doi.org/10.1007/978-981-19-7892-0_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-7891-3
Online ISBN: 978-981-19-7892-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)