Abstract:
In recent years, sharing information through the Internet across various
platforms and web-applications has grown increasingly widespread. Users' critical
information is stored in databases by the web-based applications that receive it. Due to
its availability over the Internet, these apps and the databases that are connected to be
vulnerable to numerous cybersecurity incidents. Therefore, cyber-security is critical for
securing user’s critical data and information in this technology era. The attacker can
steal critical and confidential information by using various threats. The threats include
attacks such as Cross Side Scripting (CSS), Denial of Service Attack (DoS0, and
Structured Query Language (SQL) Injection attacks. One of the 10 most popular risks
and weaknesses to web applications with backend databases is SQL injection. It utilizes
malicious SQL queries to modify internal data and to retrieve information from the
back-end database that was not intended to be displayed. Since there are countless
cyberattacks every day and have really been needing on developing a more secure
system that can predict them and prevent them from happening. In this thesis, proposed
system can be detected SQL Injection Attack successfully by applying machine
learning algorithm based on Naïve Bayes Method. The proposed model was trained and
evaluated with 21,523 instances of dataset which comprises SQL Injection and no
Injection. The user interface is created for a test case that anticipates either a malicious
or benign question from the user. Finally, this system is displayed the result of detecting
the query that is SQL Injection or not and is evaluated how accurate the results based
on having false negative and false positive rate.
