Classification of SQL Injection Attacks using ensemble learning SVM and Naïve Bayes

Classification of SQL Injection Attacks using ensemble learning SVM and Naïve Bayes

연구 분야: Databases

학회: 2023 International Conference on Data Science and Its Applications (ICoDSA)

The escalation in website usage has brought forth a concurrent surge in cybercrime threats, with SQL Injection representing one of the most prevalent and detrimental forms of injection attacks plaguing systems and websites. SQL Injection attacks manifest in various types, each potentially yielding distinct repercussions contingent on the injected query’s impact on the targeted systems or websites. In this research endeavor, we harnessed machine learning algorithms, specifically the Support Vector Machine (SVM) and Naïve Bayes, to discern and thwart SQL injection attempts. Our dataset amalgamated two primary sources of data: one was culled from Kaggle, while the other consisted of payloads employed in penetration testing, thoughtfully annotated across five classes encompassing error-based, union-based, Boolean-based, time-based, and benign injections. The results gleaned from our experiments showcased the Support Vector Machine’s remarkable performance, boasting an impressive accuracy rate of 93.98%. In contrast, the Naïve Bayes algorithm, while still effective, registered a somewhat lower accuracy of 73.50%. However, the real breakthrough emerged when we employed ensemble learning, skillfully amalgamating both SVM and Naïve Bayes methods, resulting in a notably enhanced accuracy rate of 92.9%. This achievement underscores the significance of utilizing diverse machine learning techniques in tandem to fortify our defenses against the multifaceted and ever-evolving landscape of SQL Injection attacks, ultimately fortifying the security of websites and systems in the face of mounting cyber threats.