Comparison study for NLP using machine learning techniques to detecting SQL injection vulnerabilities

Document Type : Research Paper


1 Computer Science Department, Informatics Institute for Postgraduate Studies, Iraq

2 University of Information Technology and Communications, Iraq


Due to the vast number of electronic attacks that occur on a daily basis, protecting users' data is extremely important in this age of technology. Nowadays, cyber security is regarded as a top priority. Thus, the preservation of user privacy and data security is essential. The SQL vulnerability isn't a new form of website attack; it's been around for a long time. However, it is a new attack nowadays. ML algorithms were used to solve the problem of detecting SQL Injection attacks on websites. By training seven ML algorithms on a batch of data comprising SQL injection queries, including (Naive Bayes, Neural-Network, SVM, Random-Forest, KNN, and Logistic Regression) and choosing the best model that gives the highest accuracy. In comparison to previous studies, high-precision data were obtained, with the Naive-Bayes algorithm achieving 0.99 accuracies, 0.98 precision, 1.00 recall, and a 0.99 f1-score. In this paper, experiences, work schedules, and outcomes are examined. Compared to other methods, this naive Bayes approach has proven to be quite accurate in identifying SQL injection threats.


[1] J. Abirami, R. Devakunchari and C. Valliyammai, A top web security vulnerability SQL injection attack—survey, Seventh Int. Conf. Adv. Comput., 2015, pp. 1–9.
[2] A. Alam, M. Tahreen, M.M. Alam, S.A. Mohammad and S. Rana, SCAMM: detection and prevention of SQL injection attacks using a machine learning approach, PhD diss. Brac University, 2021.
[3] M. Al-Maliki and M. Jasim, Review of SQL injection attacks: detection, to enhance the security of the website
from client-side attacks, Int. J. Nonlinear Anal. Appl. 13 (2022), no. 1, 3773–3782.
[4] N. Gandhi, J. Patel, R. Sisodiya, N. Doshi and S. Mishra, A CNN-BiLSTM based approach for detection of SQL injection attacks, Proc. 2nd IEEE Int. Conf. Comput. Intell. Knowl. Econ. ICCIKE, 2021, pp. 378–383.
[5] J. Harefa, G. Prajena, A. Alexander, A. Muhamad, E.V.S. Dewa and S. Yuliandry, SEA WAF: the prevention of SQL injection attacks on web applications, Adv. Sci. Technol. Eng. Syst. J. 6 (2021), no. 2, 405–411.
[6] M. Hill and D. Swinhoe, The 15 biggest data breaches of the 21st century, CSO Online, 2022.
[7] ¨ O. Kasim, An ensemble classification-based approach to detect attack level of SQL injections, J. Inf. Secur. Appl. 59 (2021), 102852.
[8] R.A. Katole, Parameter values of SQL query, 2018 2nd Int. Conf. Inven. Syst. Control, (2018), no. Icisc, 736–741.
[9] S.A. Krishnan, A.N. Sabu, P.P. Sajan and A.L. Sreedeep, SQL injection detection using machine learning, Rev. Gestao Inova,cao e Tecnol. 11 (2021), no. 3, 300–310.
[10] L. Ma, D. Zhao, Y. Gao and C. Zhao, Research on SQL injection attack and prevention technology based on web, Proc. 2nd Int. Conf. Comput. Network, Electron. Autom. ICCNEA, 2019, pp. 176–179.
[11] S. Mishra, SQL injection detection using machine learning, Master’s Projects, San Jose State University, 2019.
[12] M.T. Muslihi and D. Alghazzawi, Detecting SQL injection on web application using deep learning techniques: a systematic literature review, Third Int. Conf. Vocat. Educ. Electric. Engin. (ICVEE), 2020, pp. 1–6.
[13] K. Natarajan and S. Subramani, Generation of SQL-injection free secure algorithm to detect and prevent SQL injection attacks, Proc. Technol. 4 (2012), 790–796.
[14] OWASP, Top 10 web application security risks,, 2021.
[15] T. Pattewar, H. Patil, H. Patil, N. Patil, M. Taneja and T. Wadile, Detection of SQL injection using machine learning: a survey, Int. Res. J. Eng. Technol. 6 (2019), no. 11, 239–246.
[16] V.B. Polinati, S.C. Nekkalapudi, N.S. Sanjana and R.V. Bhupathiraju, SQL injection prediction web app using different machine learning algorithms Vinod, J. Eng. Sci. 13 (2022), no. 4.
[17] K. Ross, SQL injection detection using machine learning techniques and multiple data sources, Department of Computer Science, Master’s Project, San Jose State University, 2018.
[18] P. Yaworski, Web hacking 101 how to make money hacking ethically,, 2022.
[19] K. Zhang, A machine learning based approach to identify SQL injection vulnerabilities, 34th IEEE/ACM Int. Conf. Automated Software Engin., 2019, pp. 1286-1288.
Volume 14, Issue 8
August 2023
Pages 283-290
  • Receive Date: 13 June 2022
  • Revise Date: 20 July 2022
  • Accept Date: 30 August 2022