Detection of SQL Injection Attacks Using Machine Learning Algorithms Based on NLP-Based Feature Extraction

Abstract

SQL injection attack is one of the cyber attack types that puts individuals and institutions in a difficult situation in terms of data disclosure and material damage. This attack type, which is frequently preferred due to its case of use, has emerged with different usage features in recent years. In this study, various machine learning algorithms were tested to detect SQL Injection attacks. In the data pre-processing section, feature extraction was performed using Natural Language Processing techniques. While the relevance of expressions to each other was calculated with the Word Level TF-IDF method, term search was also performed. In the study, the classification process was performed using convolutional neural network, support vector machine, naive bayes and logistic regression from machine learning methods. At the end of the experimental study, it was found that convolutional neural network was the model that detected SQL Injection attacks with the highest success. © 2024 IEEE.