University Publications

SQL Injection Attacks Represent Two-Third of All Web App Attacks. An estimated 25% of breaches last year started with an SQL Injection attack. SQL injection is a popular web attack and has been a challenging matter for network security; SQL causes financial losses worldwide as well as user data offensive. SQL injection detection has become a hot topic recently. How to defense against SQL injection attacks effectively has drawn the attention of web security professionals and researchers. The objective of this paper was to introduce a model that could identify SQL injection attacks effectively based on entry data. We built a machine learning model based on a logistic regression algorithm to detect SQL injection attacks based on historical web log data, the dataset was collected from an online repository website, containing 4201 entries. The model achieved an accuracy of 0.93, sensitivity 0.78, specificity 0.81, and precision of 0.98. Therefore, beyond accuracy, other performance metrics were considered for optimal model design. Using machine learning techniques for SQL attack detection is very useful and can be used even in real-time applications.