Defending against SQL Injection Attacks in Web Applications using Machine Learning and Natural Language Processing
Bronjon Gogoi, Tasiruddin Ahmed, Arabinda Dutta
Abstract
Today, most organizations use web applications for the delivery of services over the Internet. The risks to web applications have increased as their use has risen. SQL Injection Attack is a commonly exploited vulnerability used for stealing credentials, destroying and compromising data, and bypassing authentication and authorization controls of a web application. Traditional methods of detecting SQL injection attacks include software and hardware-based Web Application Firewalls, programmatic defense techniques like input filtering, input validation, using parameterized queries etc. and static and dynamic analysis are not sufficient for detection and prevention of SQLIA in web applications. In this paper, we present an approach to detecting SQLIA using NLP and Machine Learning. Experimental results show that the approach can detect SQLIA with precision, recall and an f1-score of 99.9.