Abstract:

The back-end database plays a critical role in storing massive volumes of data generated by cloud-hosted web applications and Internet of Things (IoT) smart devices. Structured Query Language (SQL) Injection Attacks (SQLIA) remain a major cybersecurity threat, allowing attackers to exploit vulnerabilities in web applications to extract sensitive information with potentially severe consequences. Traditional signature-based detection methods struggle to adapt to evolving attack patterns, particularly in the era of big data. This paper explores the application of Machine Learning (ML)-based predictive analytics for SQLIA detection and prevention. One of the primary challenges in this domain is the lack of comprehensive datasets containing historical attack patterns necessary for training robust classifiers. To address this, we generate a dataset that includes extracted SQL attack patterns, tokens, and symbols appearing at injection points. Additionally, we develop a test-case web application that uses a dictionary-based word list as vector variables to facilitate large-scale learning data generation. The dataset undergoes preprocessing, labeling, and feature hashing to enable supervised learning. The trained classifier is deployed as a web service, integrated into a .NET-based web proxy API. This API intercepts incoming web requests, accurately predicting and blocking SQLIA before they reach the protected back-end database. Our approach is validated through empirical evaluations using a Confusion Matrix (CM) and Receiver Operating Characteristic (ROC) curve analysis, demonstrating the effectiveness of ML-driven predictive analytics in enhancing SQLIA defense mechanisms.

Description:

.