SQL INJECTION PATTERN RECOGNITION BASED ON NAÏVE BAYES MODEL

Abstract

In recent years, sharing information through the Internet across various platforms and web-applications has grown increasingly widespread. Users' critical information is stored in databases by the web-based applications that receive it. Due to its availability over the Internet, these apps and the databases that are connected to be vulnerable to numerous cybersecurity incidents. Therefore, cyber-security is critical for securing user’s critical data and information in this technology era. The attacker can steal critical and confidential information by using various threats. The threats include attacks such as Cross Side Scripting (CSS), Denial of Service Attack (DoS0, and Structured Query Language (SQL) Injection attacks. One of the 10 most popular risks and weaknesses to web applications with backend databases is SQL injection. It utilizes malicious SQL queries to modify internal data and to retrieve information from the back-end database that was not intended to be displayed. Since there are countless cyberattacks every day and have really been needing on developing a more secure system that can predict them and prevent them from happening. In this thesis, proposed system can be detected SQL Injection Attack successfully by applying machine learning algorithm based on Naïve Bayes Method. The proposed model was trained and evaluated with 21,523 instances of dataset which comprises SQL Injection and no Injection. The user interface is created for a test case that anticipates either a malicious or benign question from the user. Finally, this system is displayed the result of detecting the query that is SQL Injection or not and is evaluated how accurate the results based on having false negative and false positive rate.