Development of a Compressive Framework Using Machine Learning Approaches for SQL Injection Attacks

Web applications play an important role in our daily lives. Various Web applications are used to carry out billions of online transactions. Because of their widespread use, these applications are vulnerable to attacks. SQL injection is the most common attack, which accepts user input and runs queries in the backend and returns the desired results. Various approaches have been proposed to counter the SQL injection attack; however, the majority of them have most times failed to cover the entire scope of the problem. This research paper investigates the frequent SQL injection attack forms, their mechanisms, and a way of identifying them based on the SQL query's existence. In addition, we propose a comprehensive framework to determine the effectiveness of the proposed techniques in addressing a number of issues depending on the type of the attack, by using a hybrid (Statistic and dynamic) approach and machine learning. An extensive examination of the model based on a test set indicates that the Hybrid approach and ANN outperforms Naive Bayes, SVM, and Decision tree in terms of accuracy of classifying injected queries. However, with respect to web loading time during testing, Naive Bayes outperforms the other approaches. The proposed Method improved the accuracy of SQL injection attack prevention, according to the test findings.