SQL INJECTION ATTACKS DETECTION: A PERFORMANCE COMPARISON ON MULTIPLE CLASSIFICATION MODELS

Abstract

SQL injection attacks pose a significant threat to web applications because they allow unauthorized access to sensitive data and manipulation of databases. Detecting and preventing these attacks is essential for ensuring the security of web applications. While there have been numerous studies on using machine learning to detect SQL injection attacks, there is a lack of comprehensive analysis comparing the performance of different classification models. This research aims to evaluate and compare the effectiveness of various classification models, including KNN, decision trees, support vector machines, Naïve Bayes, and neural networks, in detecting SQL injection attacks. Using a Kaggle dataset with 30919 cases, the study employed an 80%:20% split ratio for training and testing. Data preprocessing was conducted to clean the data by addressing missing values, reducing noise, resolving inconsistencies, and eliminating outliers. The results showed that CNN achieved the highest accuracy (96.55%), with a good balance between precision (98.92%) and recall (91.71%). By evaluating and comparing different classification models, this study contributes to enhancing the security of web applications against SQL injection attacks and advancing research in cybersecurity and machine learning. The study's results can strengthen cybersecurity practices, and defense strategies and empower organizations to proactively defend against evolving threats by creating a better-secured digital environment for web applications and databases.

Keywords:Machine learning, Performance Evaluation, SQL injection attacks, Cyber Security, Web applications, Databases