Ensemble learning techniques against structured query language injection attacks

Ammar Odeh, Anas Abu Taleb

Abstract


Structured query language (SQL) injection threats pose severe risks to web applications, necessitating robust detection measures. This study introduced DSQLIA, employing ensemble learning algorithms-Bagging, Stacking, and AdaBoost classifiers-for SQL injection detection. Results unveiled the bagging classifier's 84% accuracy with perfect precision (100%) but moderate recall (68%). The stacking classifier achieved 85% accuracy, exceptional precision (99%), and balanced memory (72%), yielding an 83% F1-Score. Remarkably, the AdaBoost classifier outperformed, achieving 99% accuracy, high precision (98%), and outstanding recall (99%), leading to a remarkable 99% F1-Score. These findings highlight AdaBoost's superior ability to identify malicious queries with minimal false positives accurately. Overall, this research underscores the potential of ensemble learning in fortifying web application security against SQL injection attacks, emphasizing the AdaBoost classifier's exceptional performance in achieving precise and comprehensive detection.

Keywords


Ensemble learning; Information security; Malicious query detection; SQL injection attacks; Web application vulnerability

Full Text:

PDF


DOI: http://doi.org/10.11591/ijeecs.v35.i2.pp1004-1012

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Indonesian Journal of Electrical Engineering and Computer Science (IJEECS)
p-ISSN: 2502-4752, e-ISSN: 2502-4760
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).

shopify stats IJEECS visitor statistics