SQL INJECTION ATTACKS DETECTION: A PERFORMANCE COMPARISON ON MULTIPLE CLASSIFICATION MODELS

SQL injection attacks are a common and serious security threat to web applications, where malicious users exploit vulnerabilities to gain unauthorized access to sensitive data or manipulate the database. Detecting and preventing SQL injection attacks is crucial for ensuring the security and integrity of web applications. While there have been studies on using machine learning for detecting SQL injection attacks, there is a lack of comprehensive comparative analysis that evaluates the performance of multiple classification models specifically for this purpose. Existing research often focuses on individual algorithms or limited comparisons, without providing a thorough evaluation of different models in the context of SQL injection attack detection. The main objective of this manuscript is to evaluate and compare the performance of multiple classification models, KNN, decision trees, support vector machines, Naïve Bayes, and neural networks, for detecting SQL injection attacks, and to identify the most effective classification model for detecting SQL injection attacks based on the evaluation results. The main significance of this manuscript is that the study will provide insights into the effectiveness of various machine learning algorithms for detecting SQL injection attacks, helping developers and security professionals choose the most suitable approach, the findings can contribute to enhancing the security measures of web applications by recommending the best-performing model for detecting and preventing SQL injection attacks. The results demonstrate that CNN achieves the highest overall accuracy (around 96.55%) while maintaining a good balance between precision (98.92%) and recall (91.71%) in the given dataset. By evaluating and comparing the performance of different classification models, the study can help enhance the security measures of web applications against SQL injection attacks. The comparative analysis of multiple classification models contributes to advancing research in the field of cybersecurity and machine learning. strengthening cybersecurity practices, empowering organizations to proactively defend against evolving threats, and fostering a more secure digital environment for web applications and databases. The study concludes by offering recommendations for future research and considerations for deploying machine learning models for real-world SQL injection attack detection.