A Naïve Bayes Based Pattern Recognition Model for Detection and Categorization of Structured Query Language Injection Attack

Abstract

In the recent times, information sharing and delivery of services is done over the internet through different platform of web applications and various attacks are performed against these applications such as Cross Side Script (CSS), Denial of Service (DoS) and Structured Query Language (SQL) injection attacks among others. SQL injection is one among the ten top threats and vulnerabilities against web applications airming backend database. Researchers have proposed many approaches of SQL injection attack, either for the detection/categorization or both, many of the proposed approaches only detect few attack types among the seven most popular attack types and poor training of dataset. In this study, a Naive bayes based pattern recognition model for detection and categorization SQL injection attack type is proposed. The proposed model was trained and evaluated with 16,050 instances of dataset which comprises vulnerable and non-vulnerable web pages. Our experimental results showed detection and categorization accuracy of 98% and 99% respectively. The comparison of the performance of our model with the performance of existing techniques revealed that our model outperformed the previous techniques.