Detecting Structured Query Language Injections in Web Microservices Using Machine Learning

Edwin Peralta-Garcia, Juan Quevedo-Monsalbe, Victor Tuesta-Monteza, Juan Arcila-Diaz

Research output: Contribution to journalArticlepeer-review

Abstract

Structured Query Language (SQL) injections pose a constant threat to web services, highlighting the need for efficient detection to address this vulnerability. This study compares machine learning algorithms for detecting SQL injections in web microservices trained using a public dataset of 22,764 records. Additionally, a software architecture based on the microservices approach was implemented, in which trained models and the web application were deployed to validate requests and detect attacks. A literature review was conducted to identify types of SQL injections and machine learning algorithms. The results of random forest, decision tree, and support vector machine were compared for detecting SQL injections. The findings show that random forest outperforms with a precision and accuracy of 99%, a recall of 97%, and an F1 score of 98%. In contrast, decision tree achieved a precision of 92%, a recall of 86%, and an F1 score of 97%. Support Vector Machine (SVM) presented an accuracy, precision, and F1 score of 98%, with a recall of 97%.

Original languageEnglish
Article number15
JournalInformatics
Volume11
Issue number2
DOIs
StatePublished - Jun 2024
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2024 by the authors.

Keywords

  • detection
  • machine learning
  • microservices
  • SQL injection
  • web applications

Fingerprint

Dive into the research topics of 'Detecting Structured Query Language Injections in Web Microservices Using Machine Learning'. Together they form a unique fingerprint.

Cite this