A Comparative Study of SQL Injection Detection Using Machine Learning Approach

Abstract

Injection vulnerabilities are still the most common and deadly attacks against online applications. Therefore, a SQL Injection detection framework with suitable approaches has been proposed. In this paper, the Random Forest and Support Vector Machine algorithms and detection of SQL Injection are analyzed. The experiments were carried out and tested on HTTPParamsDataset. In this research, there are six (6) phases implemented in the research such as Raw Data, Data Preprocessing, Feature Extraction, Features Selection, Classification, and Result. The experiments evaluated in terms of Accuracy, True Positive, True Negative and Precision in identifying the best performances classifiers. At the end of the study, the Random Forest classifiers are identified to be best classifiers with 100 percent of accuracy in average compared to Support Vector Machine classifiers with 90.26 percent of accuracy without Information Gain for the accuracy of SQL Injection detection while the accuracies of Random Forest with implementing Information Gain are 99.99 percent, 100 percent, and 99.99 percent, whereas the accuracies of the Support Vector Machine are 90.26 percent.