SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches

Oudah, Mohammed A.; Marhusin, Mohd Fadzli; Narzullaev, Anvar

doi:10.1007/978-3-031-16865-9_57

Cited by 4 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In their paper, Oudah et al [3] explore the effectiveness of four ML models in detecting SQLI attacks using multi-tokenisation levels. The proposed system involves data preparation, feature extraction, dataset splitting, model building, training, and testing.…”

Section: Discussionmentioning

confidence: 99%

“…Developers can accidentally introduce SQLI vulnerabilities into their applications when they use unfiltered user input in their SQL statements [3]. This can allow an attacker to inject malicious SQL code into the database and execute it, potentially compromising sensitive information or taking over the database.…”

Section: A How Sql Injection Workmentioning

confidence: 99%

“…Oudah et al [3] 2022 Applied four ML algorithms using different feature extraction TF-IDF levels More machine learning models should be compared with more feature extraction techniques.…”

mentioning

confidence: 99%

See 2 more Smart Citations

SQL Injection Detection using Machine Learning: A Review

Mohammed A M Oudah,

Mohd Fadzli Marhusin

2024

MJoSHT

View full text Add to dashboard Cite

SQL injection attacks are critical security vulnerability exploitation in web applications, posing risks to data, if successfully executed, allowing attackers to gain unauthorised access to sensitive data. Due to the absence of a standardised structure, traditional signature-based detection methods face challenges in effectively detecting SQL injection attacks. To overcome this challenge, machine learning (ML) algorithms have emerged as a promising approach for detecting SQL injection attacks. This paper presents a comprehensive literature review on the utilisation of ML techniques for SQL injection detection. The review covers various aspects, including dataset collection, feature extraction, training, and testing, with different ML algorithms. The studies included in the review demonstrate high levels of accuracy in detecting attacks and reducing false positives.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: A How Sql Injection Workmentioning

confidence: 99%

See 1 more Smart Citation

SQL Injection Detection using Machine Learning: A Review

Mohammed A M Oudah,

Mohd Fadzli Marhusin

2024

MJoSHT

View full text Add to dashboard Cite

show abstract

“…[14] described an SQL Injection Attack detection framework based on Support Vector Machines (SVM) and an improved Term Frequency Inverse Document Frequency (TF-IDF) algorithm. In [21], the authors studied how data preparation and feature extraction techniques based on TF-IDF influenced detection accuracy of malicious SQL queries. [16] described the use of TF-IDF-CHI algorithm in SQL Injection Attack detection.…”

Section: Related Workmentioning

confidence: 99%

“…Next, for SQL query text vectorization, we use the popular Term Frequency -Inverse Document Frequency (TF-IDF) method, considering SQL queries as sentences of words separated by whitespaces. TF-IDF has been commonly considered as SQL query text vectorization method [14][16] [21]. Although SQL queries seem to be structural, there are no obvious syntactical markers of their performance-related properties, therefore, we decided to use this vectorization technique, known from the field of natural language processing.…”

Section: Feature Extractionmentioning

confidence: 99%

Learning From User-Specified Optimizer Hints in Database Systems

Zakrzewicz

2024

Foundations of Computing and Decision Sciences

View full text Add to dashboard Cite

Recently, numerous machine learning (ML) techniques have been applied to address database performance management problems, including cardinality estimation, cost modeling, optimal join order prediction, hint generation, etc. In this paper, we focus on query optimizer hints employed by users in their queries in order to mask some Query Optimizer deficiencies. We treat the query optimizer hints, bound to previous queries, as significant additional query metadata and learn to automatically predict which new queries will pose similar performance challenges and should therefore also be supported by query optimizer hints. To validate our approach, we have performed a number of experiments using real-life SQL workloads and we achieved promising results.

show abstract

SQL Injection and Its Detection Using Machine Learning Algorithms and BERT

Lodha¹,

Gundawar²

2023

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches

Cited by 4 publications

References 5 publications

SQL Injection Detection using Machine Learning: A Review

SQL Injection Detection using Machine Learning: A Review

Learning From User-Specified Optimizer Hints in Database Systems

SQL Injection and Its Detection Using Machine Learning Algorithms and BERT

Contact Info

Product

Resources

About