A STUDY OF MACHINE LEARNING-BASED APPROACHES FOR SQL INJECTION DETECTION AND PREVENTION

SQL injection (SQLi) attacks remain one of the most prevalent and critical security threats to web applications, often leading to data breaches, unauthorized access, and system compromise. This study explores the effectiveness of various machine learning (ML) algorithms in detecting and preventing SQL injection attacks, including Support Vector Machines (SVM), Decision Trees, Random Forest, Neural Networks, and Ensemble Learning models. Through an extensive analysis of different publicly available datasets and comparison of model performance, it is observed that advanced ML algorithms, such as Neural Networks and Ensemble Learning models, outperform traditional models like SVM and Decision Trees in detecting sophisticated SQL injection techniques, particularly blind SQL injection and time- based SQL injection. The study also highlights the importance of dataset characteristics, including the size, class balance, and diversity of SQL injection types, in training accurate models. Larger, balanced datasets with diverse attack types lead to better generalization and robustness in model performance. The findings from the Analysis of Variance (ANOVA) tests further reinforce the importance of appropriate dataset selection and demonstrate significant variation in the performance of models across different types of attacks. Furthermore, the study identifies challenges such as class imbalance, overfitting, and the adaptability of models to evolving SQL injection tactics. These issues must be addressed through techniques like data augmentation, feature engineering, and hybrid models. The research concludes that while machine learning-based SQL injection detection and prevention offers promising results, continuous adaptation to emerging attack patterns and improvements in real-time detection capabilities remain key for enhancing web application security.