SQL Injection detection using machine learning

In the present world, the web is the firmest and most common medium of communication and business interchange. Every day, millions of data are loaded through various channels on the web by users and user input can be malicious. Therefore, security becomes a very important aspect of web applications. Since they are easily accessible, they are prone to many vulnerabilities which if neglected can cause harm. The attackers make use of these loopholes to gain unauthorized access by performing various illegal activities. SQL Injection is one such attack which is easy to perform but difficult to detect because of its varied types and channel. This may result in theft, leak of personal data or loss of property. In this paper we have analyzed the existing solutions to the problems such as AMNESIA [1] and SQLrand [3] and their limitations. We have devised a classifier for detection of SQL Injection attacks. The proposed classifier uses combination of Naïve Bayes machine learning algorithm and Role Based Access Control mechanism for detection. The proposed model is tested based on the test cases derived from the three SQLIA attacks: comments, union and tautology.