Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review
Abstract
:1. Introduction
2. Related Studies
3. Research Method
3.1. Planning the Systematic Review
Research Questions
3.2. Research Strategy
3.2.1. Inclusion Criteria
- Papers related to SQL injection attacks;
- Papers that included our search keywords;
- Papers from the scientific databases ACM, IEEE, SpringerLink, and ScienceDirect.
- Papers on the topic of machine learning and the security domain.
3.2.2. Exclusion Criteria
- Papers not covering machine learning techniques and SQL injection attacks;
- Papers published before 2012; and
- Papers that are not available in full-text format.
4. Results
Conducting the Review
5. Discussion
5.1. Machine Learning and Deep Learning Techniques for Detection of SQL Injection Attacks (Related to Q1)
5.2. Generating SQL Injection Attack Datasets Using Machine Learning Techniques (Related to Q2)
5.3. Generating Adversarial SQL Injection Attacks Using ML Techniques (Related to Q3)
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Han, S.; Xie, M.; Chen, H.-H.; Ling, Y. Intrusion Detection in Cyber-Physical Systems: Techniques and Challenges. IEEE Syst. J. 2014, 8, 1049–1059. [Google Scholar] [CrossRef]
- Mishra, P.; Varadharajan, V.; Tupakula, U.; Pilli, E.S. A Detailed Investigation and Analysis of using Machine Learning Techniques for Intrusion Detection. IEEE Commun. Surv. Tutor. 2018, 21, 686–728. [Google Scholar] [CrossRef]
- Charles, M.J.; Pfleeger, P.; Pfleeger, S.L. Security in Computing, 5th ed.; Springer: Berlin/Heidelberg, Germany, 2004. [Google Scholar]
- Son, S.; McKinley, K.S.; Shmatikov, V. Diglossia: Detecting code injection attacks with precision and efficiency. Proc. ACM Conf. Comput. Commun. Secur. 2013, 2, 1181–1191. [Google Scholar] [CrossRef]
- Yan, R.; Xiao, X.; Hu, G.; Peng, S.; Jiang, Y. New deep learning method to detect code injection attacks on hybrid applications. J. Syst. Softw. 2018, 137, 67–77. [Google Scholar] [CrossRef]
- Vähäkainu, P.; Lehto, M. Artificial intelligence in the cyber security environment. In Proceedings of the 14th International Conference on Cyber Warfare and Security, ICCWS 2019, Stellenbosch, South Africa, 28 February–1 March 2019; pp. 431–440. [Google Scholar]
- Satapathy, S.C.; Govardhan, A.; Raju, K.S.; Mandal, J.K. SQL Injection Detection and Correction Using Machine Learning Techniques. Adv. Intell. Syst. Comput. 2015, 337, 435–442. [Google Scholar] [CrossRef]
- Marashdeh, Z.; Suwais, K.; Alia, M. A Survey on SQL Injection Attacks: Detection and Challenges. In Proceedings of the 2021 International Conference on Information Technology (ICIT), Amman, Jordan, 14–15 July 2021; pp. 957–962. [Google Scholar] [CrossRef]
- Faker, S.A.; Muslim, M.A.; Dachlan, H.S. A systematic literature review on sql injection attacks techniques and common exploited vulnerabilities. Int. J. Comput. Eng. Inf. Technol. 2017, 9, 284–291. [Google Scholar]
- Qiu, S.; Liu, Q.; Zhou, S.; Wu, C. Review of artificial intelligence adversarial attack and defense technologies. Appl. Sci. 2019, 9, 909. [Google Scholar] [CrossRef]
- Martins, N.; Cruz, J.M.; Cruz, T.; Abreu, P.H. Adversarial Machine Learning Applied to Intrusion and Malware Scenarios: A Systematic Review. IEEE Access 2020, 8, 35403–35419. [Google Scholar] [CrossRef]
- Muslihi, M.T.; Alghazzawi, D. Detecting SQL Injection on Web Application Using Deep Learning Techniques: A Systematic Literature Review. In Proceedings of the 2020 Third International Conference on Vocational Education and Electrical Engineering (ICVEE), Surabaya, Indonesia, 3–4 October 2020. [Google Scholar] [CrossRef]
- Aliero, M.S.; Qureshi, K.N.; Pasha, M.F.; Ghani, I.; Yauri, R.A. Systematic Review Analysis with SQLIA Detection and Prevention Approaches. Wirel. Pers. Commun. 2020, 112, 2297–2333. [Google Scholar] [CrossRef]
- Hasan, M.; Tarique, M. Detection of SQL Injection Attacks: A Machine Learning Approach. In Proceedings of the 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), Ras Al Khaimah, United Arab Emirates, 19–21 November 2019. [Google Scholar]
- Gao, H.; Zhu, J.; Liu, L.; Xu, J.; Wu, Y.; Liu, A. Detecting SQL Injection Attacks Using Grammar Pattern Recognition and Access Behavior Mining. In Proceedings of the 2019 IEEE International Conference on Energy Internet (ICEI), Nanjing, China, 27–31 May 2019. [Google Scholar] [CrossRef]
- Gandhi, N. A CNN-BiLSTM based Approach for Detection of SQL Injection Attacks. In Proceedings of the 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Dubai, United Arab Emirates, 17–18 March 2021; pp. 378–383. [Google Scholar]
- Zhang, K.; Dataset, A.T. A Machine Learning based Approach to Identify SQL Injection Vulnerabilities. In Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA, 11–15 November 2019; pp. 2019–2021. [Google Scholar] [CrossRef]
- Li, Q.I.; Li, W.; Wang, J. A SQL Injection Detection Method Based on Adaptive Deep Forest. IEEE Access 2019, 7, 145385–145394. [Google Scholar] [CrossRef]
- Uwagbole, S.O.; Buchanan, W.J.; Fan, L. An Applied Pattern-Driven Corpus to Predictive Analytics in Mitigating SQL Injection Attack. In Proceedings of the 2017 Seventh International Conference on Emerging Security Technologies (EST), Canterbury, UK, 6–8 September 2017; pp. 12–17. [Google Scholar]
- Ahmed, M. Cyber Attack Detection Method Based on NLP and Ensemble Learning Approach. In Proceedings of the 2020 23rd International Conference on Computer and Information Technology (ICCIT), Dhaka, Bangladesh, 19–21 December 2020; pp. 19–21. [Google Scholar]
- Tripathy, D.; Gohil, R.; Halabi, T. Detecting SQL Injection Attacks in Cloud SaaS using Machine Learning. In Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Baltimore, MD, USA, 25–27 May 2020; pp. 145–150. [Google Scholar] [CrossRef]
- Kulkarni, C.C.; Kulkarni, S.A. Human agent knowledge transfer applied to web security. In Proceedings of the 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT), Tiruchengode, India, 4–6 July 2013; pp. 14–17. [Google Scholar] [CrossRef]
- Makiou, A.; Begriche, Y.; Serhrouchni, A. Hybrid approach to detect SQLi attacks and evasion techniques. In Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Miami, FL, USA, 22–25 October 2014; pp. 452–456. [Google Scholar] [CrossRef]
- Kar, D.; Sahoo, A.K.; Agarwal, K.; Panigrahi, S.; Das, M. Learning to Detect SQLIA Using Node Centrality with Feature Selection. In Proceedings of the 2016 International Conference on Computing, Analytics and Security Trends (CAST), Pune, India, 19–21 December 2016; pp. 18–23. [Google Scholar]
- Li, Q.; Wang, F.; Wang, J.; Li, W. LSTM-Based SQL Injection Detection Method for Intelligent Transportation System. IEEE Trans. Veh. Technol. 2019, 68, 4182–4191. [Google Scholar] [CrossRef]
- Kamtuo, K.; Soomlek, C. Machine Learning for SQL Injection Prevention in Server-Side Scripting. In Proceedings of the 2016 International Computer Science and Engineering Conference (ICSEC), Chiang Mai, Thailand, 14–17 December 2016; pp. 1–6. [Google Scholar]
- Sivasangari, A. SQL Injection Attack Detection using Machine Learning Algorithm. In Proceedings of the 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 3–5 June 2021; pp. 1166–1169. [Google Scholar]
- Das, D.; Sharma, U.; Bhattacharyya, D.K. Defeating SQL injection attack in authentication security: An experimental study. Int. J. Inf. Secur. 2019, 18, 1–22. [Google Scholar] [CrossRef]
- Kasim, Ö. An ensemble classification-based approach to detect the attack level of SQL injections. J. Inf. Secur. Appl. 2021, 59, 102852. [Google Scholar] [CrossRef]
- Tang, P.; Qiu, W.; Huang, Z.; Lian, H.; Liu, G. Detection of SQL injection based on artificial neural network. Knowl.-Based Syst. 2020, 190, 105528. [Google Scholar] [CrossRef]
- Erdődi, L.; Sommervoll, Å.Å.; Zennaro, F.M. SQL injection vulnerability exploitation using Q-learning reinforcement learning agents. J. Inf. Secur. Appl. Simulating 2021, 61, 102903. [Google Scholar] [CrossRef]
- Kar, D.; Panigrahi, S.; Sundararajan, S. SQLiGoT: Detecting SQL injection attacks using the graph of tokens and SVM. Comput. Secur. 2016, 60, 206–225. [Google Scholar] [CrossRef]
- Uwagbole, S.O.; Buchanan, W.J.; Fan, L. Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention. In Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 8–12 May 2017; pp. 1087–1090. [Google Scholar] [CrossRef]
- Mcwhirter, P.R.; Kifayat, K.; Shi, Q.; Askwith, B. SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel. J. Inf. Secur. Appl. 2018, 40, 199–216. [Google Scholar] [CrossRef]
- Mejia-Cabrera, H.I.; Paico-Chileno, D.; Valdera-Contreras, J.H.; Tuesta-Monteza, V.A.; Forero, M.G. Automatic Detection of Injection Attacks by Machine Learning in NoSQL Databases; Springer: Berlin/Heidelberg, Germany, 2021; pp. 23–32. [Google Scholar]
- Pathak, R.K.; Yadav, V. Handling SQL Injection Attack Using Progressive Neural Network; Springer: Singapore, 2020; Volume 1170. [Google Scholar]
- Wang, Y.; Li, Z. SQL injection detection via program tracing and machine learning. In Lecture Notes in Computer Science; 7646 LNCS; Springer: Berlin/Heidelberg, Germany, 2012; pp. 264–274. [Google Scholar] [CrossRef]
- Fang, Y.; Peng, J.; Liu, L.; Huang, C. WOVSQLI: Detection of SQL injection behaviors using word vector and LSTM. In Proceedings of the ICCSP 2018: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, Guiyang, China, 16–19 March 2018; pp. 170–174. [Google Scholar] [CrossRef]
- Zhang, H.; Zhao, J.; Zhao, B.; Yan, X.; Yuan, H.; Li, F. SQL injection detection based on deep belief network. In Proceedings of the CSAE 2019: Proceedings of the 3rd International Conference on Computer Science and Application Engineering, Sanya, China, 22–24 October 2019. [Google Scholar] [CrossRef]
- Priyaa, B.D.; Student, P.G.; Devi, M.I. Hybrid SQL Injection Detection System. In Proceedings of the 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 22–23 January 2016. [Google Scholar]
- Joshi, A. SQL Injection Detection using Machine Learning. In Proceedings of the 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), Kanyakumari, India, 10–11 July 2014; Volume 2, pp. 1111–1115. [Google Scholar]
- Ross, K.; Moh, M.; Yao, J.; Moh, T.S. Multi-source data analysis and evaluation of machine learning techniques for SQL injection detection. In Proceedings of the ACMSE 2018 Conference, Richmond, KY, USA, 29–31 March 2018; pp. 1–8. [Google Scholar] [CrossRef]
- Islam, M.R.U.; Islam, M.S.; Ahmed, Z.; Iqbal, A.; Shahriyar, R. Automatic detection of NoSQL injection using supervised learning. In Proceedings of the 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 15–19 July 2019; Volume 1, pp. 760–769. [Google Scholar] [CrossRef]
- Appelt, D.; Nguyen, C.D.; Briand, L. Behind an application firewall, are we safe from SQL injection attacks? In Proceedings of 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), Graz, Austria, 13–17 April 2015. [Google Scholar] [CrossRef]
- Liu, M.; Li, K.; Chen, T. DeepSQLi: Deep semantic learning for testing SQL injection. In Proceedings of the ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, 18–22 July 2020; pp. 286–297. [Google Scholar] [CrossRef]
- Siddiq, M.L.; Jahin, R.R.; Rafid, M.; Islam, U. SQLIFIX: Learning-Based Approach to Fix SQL Injection Vulnerabilities in Source Code. In Proceedings of the 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Honolulu, HI, USA, 9–12 March 2021; pp. 354–364. [Google Scholar] [CrossRef]
- Sheykhkanloo, N.M. Employing Neural Networks for the detection of SQL injection attack. In Proceedings of the SIN ’14: Proceedings of the 7th International Conference on Security of Information and Networks, Glasgow, UK, 9–11 September 2014; pp. 318–323. [Google Scholar] [CrossRef]
- Demetrio, L.; Valenza, A.; Costa, G.; Lagorio, G. WAF-A-MoLE: Evading web application firewalls through adversarial machine learning. In Proceedings of the SAC ’20: Proceedings of the 35th Annual ACM Symposium on Applied Computing, Brno, Czech Republic, 30 March–3 April 2020; pp. 1745–1752. [Google Scholar] [CrossRef]
- Appelt, D.; Nguyen, C.D.; Briand, L.C.; Alshahwan, N. Automated testing for SQL injection vulnerabilities: An input mutation approach. In Proceedings of the 2014 International Symposium on Software Testing and Analysis, San Jose, CA, USA, 21–25 July 2014; pp. 259–269. [Google Scholar]
- Appelt, D. Automated Security Testing of Web-Based Systems against SQL Injection Attacks. Ph.D. Thesis, University of Luxembourg, Luxembourg, 2016. [Google Scholar]
Ref. | Algorithm | Dataset | Dataset Size | Evaluation Methods | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Accuracy | FPR | FNR | TP | FN | FP | TN | Precision | Recall | F1 Score | AUC | ||||||
[13] | Naïve Bayesian | Collected from access logs | 58,000 log records | - | 10.9% | 16.7% | 34.5% | 18.2% | - | - | - | - | - | - | - | - |
SVM | - | 4.1% | 8.3% | 41.4% | 18.2% | - | - | - | - | - | - | - | - | |||
ID3 | - | 0.0% | 0.0% | 41.4% | 18.2% | - | - | - | - | - | - | - | - | |||
RF | - | 0.68% | 0.0% | 37.9% | 9.1% | - | - | - | - | - | - | - | - | |||
K-means | - | 0.68% | 0.0% | 37.9% | 9.1% | - | - | - | - | - | - | - | - | |||
[14] | CNN-BiLSTM | Collected from various websites | 4200 queries (3072 SQL injections,1128 normal data | 98% | - | - | - | - | - | - | - | - | - | - | ||
[15] | Decision Tree | Collected from two sources | 950 vulnerable PHP cases, 8800 non-vulnerable files | 93.4% | - | - | - | - | - | - | 76.6% | 56.5% | 0.650% | - | ||
Random Forest | 93.6% | - | - | - | - | - | - | 77.4% | 57.7% | 0.660% | - | |||||
SVM | 95.4% | - | - | - | - | - | - | 98.6% | 58.3% | 0.732% | - | |||||
Logistic Regression | 95.1% | - | - | - | - | - | - | 98.5% | 56.0% | 0.713% | - | |||||
Multilayer Perceptron | 95.3% | - | - | - | - | - | - | 91.0% | 63.7% | 0.746% | - | |||||
RNN | 95.3% | - | - | - | - | - | - | 92.2% | 62.4% | 0.742% | - | |||||
LSTM | 95.2% | - | - | - | - | - | - | 91.9% | 61.4% | 0.734% | - | |||||
CNN | 95.3% | - | - | - | - | - | - | 95.4% | 59.9% | 0.734% | - | |||||
[16] | ADF | Collected from vulnerability submission platforms | 10,000 negative samples and 10,000 positive samples | Not clear | - | - | - | - | - | - | - | - | - | - | ||
AdaBoost | ||||||||||||||||
[17] | Two-Class Logistic Regression | Dataset of 725,206 attribute values | 96.4% | - | - | - | - | - | - | 0.971 | 0.957 | 0.964 | 0.984 | |||
Two-Class Support Vector Machine | 98.6% | - | - | - | - | - | - | 0.974 | 0.998 | 0.986 | 0.986 | |||||
[18] | Random Forest + NLP | Open-source tools, such as Libinjection and Sqlmap | 17,266 thousand SQL injection payloads and 19,303 thousand normal payloads | 98.1515 | 0.96137 | 0.03862 | 4182 | 168 | 1 | 4792 | 0.9997% | - | - | 0.99 | ||
[19] | RF | Collected from datasets available in public repositories | 7576 malicious SQL queries and 100,496 legal inputs | 99.8% | - | - | - | - | - | - | 0.999 | 0.999 | 0.999 | - | ||
TensorFlow Boosted Trees Classifier | 99.6% | - | - | - | - | - | - | 0.989 | 0.961 | 0.998 | - | |||||
AdaBoost Classifier | 99.5% | - | - | - | - | - | - | 0.997 | 0.996 | 0.997 | - | |||||
Decision Tree | 99.5% | - | - | - | - | - | - | 0.998 | 0.997 | 0.997 | - | |||||
SGD Classifier | 98.6% | - | - | - | - | - | - | 0.988 | 0.997 | 0.992 | - | |||||
Deep ANN | 98.4% | - | - | - | - | - | - | 0.934 | 0.820 | 0.873 | - | |||||
TensorFlow Linear Classifier | 97.8% | - | - | - | - | - | - | 0.908 | 0.759 | 0.988 | - | |||||
[12] | Ensemble Boosted Trees | Open-source datasets | 616 SQL statements | 93.8% | - | - | - | - | - | - | - | - | - | - | ||
Bagged Trees | 93.8% | - | - | - | - | - | - | - | - | - | - | |||||
Linear Discriminant | 93.7% | - | - | - | - | - | - | - | - | - | - | |||||
Cubic SVM | 93.7% | - | - | - | - | - | - | - | - | - | - | |||||
Gaussian SVM | 93.5% | - | - | - | - | - | - | - | - | - | - | |||||
[20] | TD Machine Learning Technique | Not mentioned | Not mentioned | 95%. | - | - | - | - | - | - | - | - | - | - | ||
[21] | SVM, Naïve Bayes, K-Nearest Neighbor | Open-source datasets | Not mentioned | Not clear | - | - | - | - | - | - | - | - | - | - | ||
[22] | SVM classifier | Dataset generated using a honeypot-based technique. | 4610 injected and 4884 genuine token sequences | 92.84% | 1.33% | 86.66% | 914 | 8 | 8 | 969 | 98.40% | 86.66% | - | - | ||
99.16% | 0.82% | 99.13% | 799 | 123 | 13 | 964 | 99.13% | 99.31% | - | - | ||||||
99.37% | 0.72% | 99.46% | 917 | 5 | 7 | 970 | 99.24% | 99.46% | - | - | ||||||
99.05% | 1.02% | 99.13% | 914 | 8 | 10 | 967 | 98.92% | 99.13% | - | - | ||||||
[23] | LSTM | Open-source datasets | Not mentioned | 93.47% | - | - | - | - | - | - | 93.56% | 92.43% | 92.99% | |||
[24] | SVM, Boosted Decision Tree, Artificial Neural Network, Decision Tree | Open-source datasets | 1100 vulnerable SQL commands | 99.68% | - | - | - | - | - | 1.000 | - | - | - | - | ||
[25] | AdaBoost algorithm | Not mentioned | Not mentioned | Not Clear | - | - | - | - | - | - | - | - | - | - | ||
[26] | Naïve Bayesian | Not mentioned | Not mentioned | 90% | - | - | - | - | - | - | - | - | - | - | ||
SVM | 91% | |||||||||||||||
Parse Tree | 91% | |||||||||||||||
[27] | Decision tree | OWASP dataset | 332 malicious codes and 52 the clean codes | 98% | - | - | - | - | - | 97% | 98% | 97% | 98.2% | |||
[28] | MLP | Open-source datasets | 820 SQL injection samples and 8925 normal samples | 99.67% | 0.00% | - | - | - | - | 100% | 99.41% | - | - | - | ||
LSTM | 97.68% | 0.13% | - | - | - | - | 99.86% | 95.49% | - | - | - | |||||
[29] | Markov Decision Processes (MDPs) | Not mentioned | 1000 SQL environments | - | - | - | - | - | - | - | - | - | - | - | ||
[30] | SVM | Open-source datasets | 4610 injected queries and 4884 genuine queries | 99.37% | 0.31% | - | - | - | - | - | 99.35% | 99.35% | 99.46% | - | ||
99.73% | 0.31% | - | - | - | - | - | 99.67% | 99.78% | 99.73% | - | ||||||
99.63% | 0.31% | - | - | - | - | - | 99.67% | 99.57% | 99.62% | - | ||||||
[31] | TCSVM | Dataset from MicrosoftSQL reserved keywords website | 362,603 attack items and 362,603 non-attack items | 98.60% | - | - | - | - | - | - | 97.4% | 99.7% | 98.5% | 98.6% | ||
[32] | SVM | Amnesia testbed dataset | 46 legitimate queries and 40 malicious SQL injection attacks | - | - | - | - | - | - | - | 65.9% | 98.3% | 78.9% | - | ||
68% | 100% | 81% | ||||||||||||||
[33] | Support Vector Machine | Novel datasets | 450 malicious and 59 benign queries | 84.9% | - | - | - | - | - | - | 84.8% | 91.1% | 87.6% | 83.3% | ||
K-Nearest Neighbor | 87.6% | - | - | - | - | - | - | 84.8% | 96.7% | 90.4% | 96.6% | |||||
Neural Network | 97.6% | - | - | - | - | - | - | 98.7% | 97.4% | 98.0% | 98.9% | |||||
Multilayer Perceptron | 97.6% | - | - | - | - | - | - | 98.7% | 97.4% | 98.0% | 98.9% | |||||
Decision Tree | 89.4% | - | - | - | - | - | - | 96.3% | 85.6% | 90.6% | 94.6% | |||||
Random Forest | 89.6% | - | - | - | - | - | - | 87.5% | 96.4% | 91.7% | 97.4% | |||||
[34] | Progressive Neural Network, Naïve Bayes | Open-source dataset | A 62.2 KB SQL query and a 4.86 KB SQL injection exploitation | 97.897% | - | - | 193 | 0 | 0 | 5 | - | - | - | - | ||
[35] | SVM | Open-source dataset | 1000 benign and 1000 malicious HTTP requests | 0.982 | 0.000 | - | - | - | - | - | - | - | - | |||
[36] | LSTM | Open-source dataset | 43,167 injected query strings and 32,486 genuine query strings | 98.60% | - | - | - | - | - | - | 99.17% | 99.20%, | 99.17% | 99% | ||
[37] | LSTM, MLP, CNN, Deep Belief Network (DBN) | Datasets collected from HTTP requests | 118,529 normal data points and 21,810 SQL injection data points | - | - | - | - | - | - | - | - | - | - | |||
[38] | EDADT and SVM | Dataset created based on the MovieLens dataset | Not mentioned | 99.87% | - | - | - | - | - | - | - | - | - | - | ||
[39] | Naïve Bayes | Not mentioned | 101 normal codes and 77 malicious codes | 93.3% | - | - | - | - | - | - | 1.0 | 0.89 | - | - |
MO Class | MO Name | Description | Example |
---|---|---|---|
Behavior-Changing Operators | MO or | Adds an OR clause to the input | Original input: “SELECT * FROM table WHERE id= “ the input will change the logic of the statement and turns it as follows: “SELECT * FROM table WHERE id = 1 OR 1 = 1 |
MO and | Adds an AND clause to the input | ||
MO semi | Adds a semicolon followed by an additional clause | ||
Syntax-Repairing Operators | MO par | Appends a parenthesis to a valid input | Original inpt: “SELECT * FROM ta- ble WHERE character = CHR(“ + input + “)” The changed SQL statement: SELECT * FROM table WHERE character = CHR(67) OR 1 = 1 {). |
MO cmt | Adds a comment command (-- or #) to an input | ||
MO qot | Adds a single or double quote to an input | ||
Obfuscating Operators | MO wsp | Changes the encoding of white spaces | Original input: 1 OR 1 = 1, mutated input: 1+− OR + 1 = 1. This changes the predefined statement: “SE- LECT * FROM table WHERE id = “ + input to SELECT * FROM table WHERE id = 1 + OR + 1 = 1 |
MO chr | Changes the encoding of a character literally enclosed in quotes | ||
MO html | Changes the encoding of an input to HTML entity encoding | ||
MO per | Changes the encoding of an input to percentage encoding | ||
MO bool | Rewrites a Boolean expression while preserving its truth value | ||
MO keyw | Obfuscates SQL keywords by randomizing the capitalization and inserting comments |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alghawazi, M.; Alghazzawi, D.; Alarifi, S. Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review. J. Cybersecur. Priv. 2022, 2, 764-777. https://doi.org/10.3390/jcp2040039
Alghawazi M, Alghazzawi D, Alarifi S. Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review. Journal of Cybersecurity and Privacy. 2022; 2(4):764-777. https://doi.org/10.3390/jcp2040039
Chicago/Turabian StyleAlghawazi, Maha, Daniyal Alghazzawi, and Suaad Alarifi. 2022. "Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review" Journal of Cybersecurity and Privacy 2, no. 4: 764-777. https://doi.org/10.3390/jcp2040039