ANALYZING COMPARISON PERFORMANCE MODEL OF  MACHINE LEARNING THROUGH DETECTION SQL INJECTION  ATTACK

Rakha Satria Pratama; Muhamad Irsan; Rio Guntur Utomo

doi:10.29100/jipi.v9i4.5637

ANALYZING COMPARISON PERFORMANCE MODEL OF MACHINE LEARNING THROUGH DETECTION SQL INJECTION ATTACK

Rakha Satria Pratama - [ https://orcid.org/0009-0008-5402-8734 ]
Muhamad Irsan - [ https://orcid.org/0000-0002-9987-9881 ]
Rio Guntur Utomo - [ https://orcid.org/0000-0002-7358-5316 ]

DOI: https://doi.org/10.29100/jipi.v9i4.5637

Abstract

This research aims to compare Machine Learning models that effectively detect SQL Injection attacks in security systems. The dataset was col lected from the Kaggle resource published by Syed Saqlain Hussain Shah, the dataset with the highest upvotes in the SQL Injection category. The models developed include Support Vector Machine (SVM), K-Nearest Neighbor (KNN), and Logistic Regression (LR). The research process includes separating the data into 70% training and 30% test data, model training, testing model effectiveness, and implementing preventive measures against SQL Injection attacks. The research results show that the SVM model has an accuracy rate of 99.82%, precision of 99.88%, and recall (Sensitivity) of 99.34%. KNN obtained an accuracy rate of 79.28%, a precision of 98.38%, and a recall (Sensitivity) of 73.31%. LR obtained an accuracy rate of 98.99%, precision of 99.94%, and recall (Sensitivity) of 98.70%. Using a Machine Learning approach, this research improves system security against SQL Injection attacks.

Full Text:

PDF

Article Metrics :

References

Jumanto et al., “Optimizing Support Vector Machine Performance for Parkinson’s Disease Diagnosis Using GridSearchCV and PCA-Based Feature Extraction,” Journal of Information Systems Engineering and Business Intelligence, vol. 10, no. 1, pp. 38–50, Feb. 2024, doi: 10.20473/jisebi.10.1.38-50.

M. Hasan, Z. Balbahaith, and M. Tariqu, “2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA).,” International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6, 2019.

A. Waldman, “MoveIT Transfer Attacks Highlight SQL Injection Risks,” Tech Target. Accessed: May 26, 2024. [Online]. Available: https://www.techtarget.com/searchsecurity/news/366541006/MoveIT-Transfer-attacks-highlight-SQL-injection-risks, 2023.

M. Shachi, N. Siddiqui Shourav, A. Syeed, S. Ahmed, A. A. Brishty, and N. Sakib, “A Survey on Detection and Prevention of SQL and NoSQL Injection Attack on Server-side Applications,” Int J Comput Appl, vol. 183, no. 10, pp. 975–8887, 2021.

J. Triloka, H. Hartono, and S. Sutedi, “Detection of SQL Injection Attack Using Machine Learning Based On Natural Language Pro-cessing,” International Journal of Artificial Intelligence Research, vol. 6, no. 2, Aug. 2022, doi: 10.29099/ijair.v6i2.355.

Z. C. Su, S. Hlaing, and M. Khaing, “A Detection and Prevention Technique on SQL Injection Attacks,” A Detection and Prevention Technique on SQL Injection Attacks, 2020.

M. A. Kausar, M. Nasar, and A. Moyaid, “SQL injection detection and prevention techniques in ASP.NET web application,” Interna-tional Journal of Recent Technology and Engineering, vol. 8, no. 3, pp. 7759–7766, Sep. 2019, doi: 10.35940/ijrte.C6319.098319.

S. S. A. Krishnan, A. N. Sabu, ; Priya, P. Sajan, and ; A L Sreedeep, “SQL Injection Detection Using Machine Learning,” 2021.

J. M. Helm et al., “Machine Learning and Artificial Intelligence: Definitions, Applications, and Future Directions,” Curr Rev Musculo-skelet Med, vol. 13, no. 1, pp. 69–76, Feb. 2020, doi: 10.1007/s12178-020-09600-8.

W. Li and Q. Guo, “Plotting receiver operating characteristic and precision–recall curves from presence and background data,” Ecol Evol, vol. 11, no. 15, pp. 10192–10206, Aug. 2021, doi: 10.1002/ece3.7826.

A. P. Derek and M. S. David, “Support vector machine,” Machine Learning: Methods and Applications to Brain Disorders, pp. 101–121, Jan. 2019, doi: 10.1016/B978-0-12-815739-8.00006-7.

S. S. H. Shah, “Kaggle.” Accessed: Nov. 24, 2023. [Online]. Available: https://www.kaggle.com/

A. Rahman, “Based Data Preprocessing Methods and Machine Learning Algorithms for Big Data Analysis,” 2019.

M. A. Almaiah et al., “Performance Investigation of Principal Component Analysis for Intrusion Detection System Using Different Support Vector Machine Kernels,” Electronics (Switzerland), vol. 11, no. 21, Nov. 2022, doi: 10.3390/electronics11213571.

H. H. M. Zuraini, W. Ismail, R. Hendradi, and A. Justitia, “Students Activity Recognition by Heart Rate Monitoring in Classroom using K-Means Classification,” Journal of Information Systems Engineering and Business Intelligence, vol. 6, no. 1, p. 46, Apr. 2020, doi: 10.20473/jisebi.6.1.46-54.

P. Schober and T. R. Vetter, “Statistical Minute Logistic Regression in Medical Research,” 2021. [Online]. Available: www.anesthesia-analgesia.org365

T. J. Lawrence et al., “AmPEPpy 1.0: A portable and accurate antimicrobial peptide prediction tool,” Bioinformatics, vol. 37, no. 14, pp. 2058–2060, Jul. 2021, doi: 10.1093/bioinformatics/btaa917.

S. R. Midway, “Principles of Effective Data Visualization,” Patterns, vol. 1, no. 9, Dec. 2020, doi: 10.1016/j.patter.2020.100141.

C. Hayat and I. A. Soenandi, “Hybrid Architecture Model of Genetic Algorithm and Learning Vector Quantization Neural Network for Early Identification of Ear, Nose, and Throat Diseases,” Journal of Information Systems Engineering and Business Intelligence, vol. 10, no. 1, pp. 1–12, 2024, doi: 10.20473/jisebi.10.1.1-12.

M. Heydarian, T. E. Doyle, and R. Samavi, “MLCM: Multi-Label Confusion Matrix,” IEEE Access, vol. 10, pp. 19083–19095, 2022, doi: 10.1109/ACCESS.2022.3151048.

A. J. Bowers and X. Zhou, “Receiver Operating Characteristic (ROC) Area Under the Curve (AUC): A Diagnostic Measure for Evaluat-ing the Accuracy of Predictors of Education Outcomes,” J Educ Stud Placed Risk, vol. 24, no. 1, pp. 20–46, Jan. 2019, doi: 10.1080/10824669.2018.1523734.

Username
Password
Remember me