Ensemble Machine Learning Approaches for Detection of SQL Injection Attack

被引:9
|
作者
Farooq, Umar [1 ]
机构
[1] Cent Univ Punjab, Dept Comp Sci & Technol Cyber Secur, City Campus,Mansa Rd, Bathinda 151001, Punjab, India
来源
TEHNICKI GLASNIK-TECHNICAL JOURNAL | 2021年 / 15卷 / 01期
关键词
Boosting; ensemble learning; Light GBM; SQL injection; web security;
D O I
10.31803/tg-20210205101347
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
In the current era, SQL Injection Attack is a serious threat to the security of the ongoing cyber world particularly for many web applications that reside over the internet. Many webpages accept the sensitive information (e.g. username, passwords, bank details, etc.) from the users and store this information in the database that also resides over the internet. Despite the fact that this online database has much importance for remotely accessing the information by various business purposes but attackers can gain unrestricted access to these online databases or bypass authentication procedures with the help of SQL Injection Attack. This attack results in great damage and variation to database and has been ranked as the topmost security risk by OWASP TOP 10. Considering the trouble of distinguishing unknown attacks by the current principle coordinating technique, a strategy for SQL injection detection dependent on Machine Learning is proposed. Our motive is to detect this attack by splitting the queries into their corresponding tokens with the help of tokenization and then applying our algorithms over the tokenized dataset. We used four Ensemble Machine Learning algorithms: Gradient Boosting Machine (GBM), Adaptive Boosting (AdaBoost), Extended Gradient Boosting Machine (XGBM), and Light Gradient Boosting Machine (LGBM). The results yielded by our models are near to perfection with error rate being almost negligible. The best results are yielded by LGBM with an accuracy of 0.993371, and precision, recall, f1 as 0.993373, 0.993371, and 0.993370, respectively. The LGBM also yielded less error rate with False Positive Rate (FPR) and Root Mean Squared Error (RMSE) to be 0.120761 and 0.007, respectively. The worst results are yielded by AdaBoost with an accuracy of 0.991098, and precision, recall, f1 as 0.990733, 0.989175, and 0.989942, respectively. The AdaBoost also yielded high False Positive Rate (FPR) to be 0.009.
引用
收藏
页码:112 / 120
页数:9
相关论文
共 50 条
  • [1] SQL Injection Detection using Machine Learning
    Joshi, Anamika
    Geetha, V
    2014 INTERNATIONAL CONFERENCE ON CONTROL, INSTRUMENTATION, COMMUNICATION AND COMPUTATIONAL TECHNOLOGIES (ICCICCT), 2014, : 1111 - 1115
  • [2] Detection of SQL Injection Attacks: A Machine Learning Approach
    Hasan, Musaab
    Balbahaith, Zayed
    Tarique, Mohammed
    2019 INTERNATIONAL CONFERENCE ON ELECTRICAL AND COMPUTING TECHNOLOGIES AND APPLICATIONS (ICECTA), 2019,
  • [3] SQL Injection Detection Using Machine Learning Techniques
    Hosam, Eman
    Hosny, Hagar
    Ashraf, Walaa
    Kaseb, Ahmed S.
    2021 8TH INTERNATIONAL CONFERENCE ON SOFT COMPUTING & MACHINE INTELLIGENCE (ISCMI 2021), 2021, : 15 - 20
  • [4] An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection
    Stiawan, Deris
    Bardadi, Ali
    Afifah, Nurul
    Melinda, Lisa
    Heryanto, Ahmad
    Septian, Tri Wanda
    Idris, Mohd Yazid
    Subroto, Imam Much Ibnu
    Lukman
    Budiarto, Rahmat
    Computer Systems Science and Engineering, 2023, 46 (02): : 1759 - 1774
  • [5] A Semantic Learning-Based SQL Injection Attack Detection Technology
    Lu, Dongzhe
    Fei, Jinlong
    Liu, Long
    ELECTRONICS, 2023, 12 (06)
  • [6] Comparing Machine Learning for SQL Injection Detection in Web Systems
    Lopez-Tenorio, Brandom
    Dominguez-Isidro, Saul
    Cortes-Verdin, Maria Karen
    Perez-Arriaga, Juan Carlos
    2023 10TH INTERNATIONAL CONFERENCE ON SOFT COMPUTING & MACHINE INTELLIGENCE, ISCMI, 2023, : 17 - 21
  • [7] Semantic Query-Featured Ensemble Learning Model for SQL-Injection Attack Detection in IoT-Ecosystems
    Gowtham, M.
    Pramod, H. B.
    IEEE TRANSACTIONS ON RELIABILITY, 2022, 71 (02) : 1057 - 1074
  • [8] Detection Model for SQL Injection Attack: An Approach for Preventing a Web Application from the SQL Injection Attack
    Buja, Geogiana
    Bin Abd Jalil, Kamarularifin
    Ali, Fakariah Bt Hj Mohd
    Rahman, Teh Faradilla Abdul
    2014 IEEE SYMPOSIUM ON COMPUTER APPLICATIONS AND INDUSTRIAL ELECTRONICS (ISCAIE), 2014,
  • [9] SQL injection attack: Detection, prioritization & prevention
    Paul, Alan
    Sharma, Vishal
    Olukoya, Oluwafemi
    JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2024, 85
  • [10] SQL Injection Attack Detection using ResNet
    Sangeeta
    Nagasundari, S.
    Honnavali, Prasad B.
    2019 10TH INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND NETWORKING TECHNOLOGIES (ICCCNT), 2019,