Comparing Machine Learning for SQL Injection Detection in Web Systems

This work analyzes the machine learning techniques most used in SQL injection (SQLi) detection in order to make a comparison in terms of precision, as well as characterize the data with which the models for SQLi detection are generated. For the analysis, a systematic literature review is developed to extract the data reported from the state-of-the-art. A total of 31 primary studies are selected, of which 22 address the analysis and exploring ML techniques for SQLi detection; 20 conduct experiments to test the models in terms of performance and accuracy; and 14 explore the characteristics of the data with which ML models are prepared. In 22 of the 31 papers, 5 ML algorithms for classification problems stand out: Decision Tree, K-Nearest Neighbors, Naive Bayes, Random Forest, and Support Vector Machine. Decision Tree is the most used algorithm for detecting SQLi, appearing in 18 of 31 papers. The t-student test is applied for samples of unequal variances. The results demonstrate a marginal difference between techniques, although Random Forest is one of the techniques with the greatest consistency in accuracy.