International Journal of Open Information Technologies

Information security does not stand still, now there are a large number of ways to protect against various types of vulnerabilities. For every attack, you can find many ways to prevent and then detect it. In this paper, various approaches for identifying SQL injections are considered and their comparative analysis is carried out in order to identify the optimal method, depending on the working conditions. The main criteria for consideration of the article in the course of work were identified. In particular, only articles published after 2016 and available in full-text format were considered. Also, the main characteristics of the studies that were carried out in the course of the work were determined. In the analyzed works, the methods of classification both of static and dynamic SQL queries were considered. Various machine learning models were used for classification, including: Naive Bayes, Support Vector Machine, Decision Tree. In a number of studies, the most effective methods were Ensemble Boosted Trees, Ensemble Bagged Trees, Linear Discriminant, Cubic SVM, and Fine Gaussian Support Vector Machines. In other works, Iterative Dichotomizer 3 (ID3) and Random Forest methods were found to have better accuracy.

Marashdeh Z., Suwais K., Alia M. A survey on sql injection attack: Detection and challenges //2021 International Conference on Information Technology (ICIT). – IEEE, 2021. – С. 957-962.

Hasan M., Balbahaith Z., Tarique M. Detection of SQL injection attacks: a machine learning approach //2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA). – IEEE, 2019. – С. 1-6.

Gao H. et al. Detecting SQL injection attacks using grammar pattern recognition and access behavior mining //2019 IEEE International Conference on Energy Internet (ICEI). – IEEE, 2019. – С. 493-498.

Uwagbole S. O., Buchanan W. J., Fan L. An applied pattern-driven corpus to predictive analytics in mitigating SQL injection attack //2017 Seventh International Conference on Emerging Security Technologies (EST). – IEEE, 2017. – С. 12-17.

Tripathy D., Gohil R., Halabi T. Detecting SQL injection attacks in cloud SaaS using machine learning //2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). – IEEE, 2020. – С. 145-150.

Kamtuo K., Soomlek C. Machine Learning for SQL injection prevention on server-side scripting //2016 International Computer Science and Engineering Conference (ICSEC). – IEEE, 2016. – С. 1-6.

Sivasangari A., Jyotsna J., Pravalika K. SQL injection attack detection using machine learning algorithm //2021 5th International Conference on Trends in Electronics and Informatics (ICOEI). – IEEE, 2021. – С. 1166-1169.

Das D., Sharma U., Bhattacharyya D. K. Defeating SQL injection attack in authentication security: an experimental study //International Journal of Information Security. – 2019. – Т. 18. – С. 1-22.

Kasim Ö. An ensemble classification-based approach to detect attack level of SQL injections //Journal of Information Security and Applications. – 2021. – Т. 59. – С. 102852.

Kar D., Panigrahi S., Sundararajan S. SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM //Computers & Security. – 2016. – Т. 60. – С. 206-225.

Uwagbole S. O., Buchanan W. J., Fan L. Applied machine learning predictive analytics to SQL injection attack detection and prevention //2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). – IEEE, 2017. – С. 1087-1090.

McWhirter P. R. et al. SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel //Journal of information security and applications. – 2018. – Т. 40. – С. 199-216.

Vinogradova E., Golovin E. Metriki kachestva algoritmov mashinnogo obuchenija v zadachah klassifikacii // Nauchnaja sessija GUAP. — 2017. — s. 202—206.

Wang Y., Li Z. SQL Injection Detection via Program Tracing and Machine Learning //Internet and Distributed Computing Systems. – 2017. – С. 264-274.

Priyaa, B.D.; Student, P.G.; Devi, M.I. Hybrid SQL Injection Detection System. In Proceedings of the 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 22–23 January 2016.

Joshi A., Geetha V. SQL Injection detection using machine learning //2014 international conference on control, instrumentation, communication and computational technologies (ICCICCT). – IEEE, 2016. – С. 1111-1115.

Movie lens datasets https://grouplens.org/datasets/movielens/ Retrieved: Apr 2023