TY - JOUR
T1 - Detecting Structured Query Language Injections in Web Microservices Using Machine Learning
AU - Peralta-Garcia, Edwin
AU - Quevedo-Monsalbe, Juan
AU - Tuesta-Monteza, Victor
AU - Arcila-Diaz, Juan
N1 - Publisher Copyright:
© 2024 by the authors.
PY - 2024/6
Y1 - 2024/6
N2 - Structured Query Language (SQL) injections pose a constant threat to web services, highlighting the need for efficient detection to address this vulnerability. This study compares machine learning algorithms for detecting SQL injections in web microservices trained using a public dataset of 22,764 records. Additionally, a software architecture based on the microservices approach was implemented, in which trained models and the web application were deployed to validate requests and detect attacks. A literature review was conducted to identify types of SQL injections and machine learning algorithms. The results of random forest, decision tree, and support vector machine were compared for detecting SQL injections. The findings show that random forest outperforms with a precision and accuracy of 99%, a recall of 97%, and an F1 score of 98%. In contrast, decision tree achieved a precision of 92%, a recall of 86%, and an F1 score of 97%. Support Vector Machine (SVM) presented an accuracy, precision, and F1 score of 98%, with a recall of 97%.
AB - Structured Query Language (SQL) injections pose a constant threat to web services, highlighting the need for efficient detection to address this vulnerability. This study compares machine learning algorithms for detecting SQL injections in web microservices trained using a public dataset of 22,764 records. Additionally, a software architecture based on the microservices approach was implemented, in which trained models and the web application were deployed to validate requests and detect attacks. A literature review was conducted to identify types of SQL injections and machine learning algorithms. The results of random forest, decision tree, and support vector machine were compared for detecting SQL injections. The findings show that random forest outperforms with a precision and accuracy of 99%, a recall of 97%, and an F1 score of 98%. In contrast, decision tree achieved a precision of 92%, a recall of 86%, and an F1 score of 97%. Support Vector Machine (SVM) presented an accuracy, precision, and F1 score of 98%, with a recall of 97%.
KW - detection
KW - machine learning
KW - microservices
KW - SQL injection
KW - web applications
UR - http://www.scopus.com/inward/record.url?scp=85196823863&partnerID=8YFLogxK
U2 - 10.3390/informatics11020015
DO - 10.3390/informatics11020015
M3 - Artículo
AN - SCOPUS:85196823863
SN - 2227-9709
VL - 11
JO - Informatics
JF - Informatics
IS - 2
M1 - 15
ER -